In a phishing attack, a perpetrator attempts to obtain the online credentials of a user by impersonating a trusted entity such as a bank, email service provider, etc. Sophisticated phishers attempt to deceive spam filters by structuring the visual look-and-feel of their fake emails to be nearly but not precisely identical to emails sent by a trusted entity, such that spam filters allow the fake email to reach a user’s inbox.

This disclosure describes use of hand-crafted visual features of emails or landing pages, and classification based on earth-mover’s distance, to assess the visual similarity of genuine and phished emails. The techniques detect visual near-duplicates of a trusted entity’s email and thereby achieve resilience against phishing attacks.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.