Phish-Net: Investigating Phish Clusters Using Drop Email Addresses presented at ecrime 2013

by Jason Britt, Shams Zawoad, Ragib Hasan, Amit Dutta, Alan Sprague, Gary Warner.,

Summary : Phishing attacks continue to grow and criminals continue to prosper without fear of prosecution. Tools to assist phishing investigators may increase successful prosecution against phishing criminals. In this paper, we propose a clustering method to determine the predominant phishing campaigns, most active phishers, and kit creators. Our clustering algorithm is based on the assumption that if there is a common drop/recipient email address found in the phishing kits from two different phishing websites, then these two websites are related.
Clustering related phishing websites using our proposed approach will allow phishing investigators to focus their investigative efforts on important phishing attacks rather than random attacks. Thus, helping investigators to narrow investigation to pervasive phishing criminals. Using our clustering approach, we can also find relationships between phishing kit creators and phishing kit users. These findings have real-life implication in phishing investigation paradigm.