Phishing with Discriminative Keypoint Features

P hishing is a form of online identity theft associated with both social engineering and technical subterfuge. Specifically, phishers attempt to trick Internet users into revealing sensitive or private information, such as their bank account and credit-card numbers. Unwary users are often lured to browse counterfeit Web sites through spoofed email, and they might easily be convinced that fake pages with hijacked brand names are authentic. When users unwittingly browse phishing pages, phishers can plant crimeware, also known as malware, on the victims’ computers. Then, through this crimeware, phishers can steal users’ private information, redirect them to malicious sites directly, or redirect them to the intended Web sites by way of phisher-controlled proxies. The Anti-Phishing Working Group (APWG) reported that the number of phishing Web pages has increased by 28 percent a month since July 2004,1 and 5 percent of users who receive phishing emails respond to such scams, according to the APWG Web site (www.antiphishing.org). More than 55,000 cases of phishing were reported to, or detected by, the APWG in April 2007,1 and up to 95 percent of phishing targets were related to financial services and Internet retailers. According to a Gartner survey, in the US in 2007, more than $3.2 billion was lost due to phishing attacks on 3.6 million people.2 Phishing has thus become a Phishing is a form of online identity theft associated with both social