PHAD- A Phishing Avoidance and
Detection Tool Using Invisible Digital
Watermarking
By Sonali Batra
Web 2.0 Security and Privacy 2014
What is Phishing & Phishing Trends
A form of social engineering
Phishers send fake site's url in spam mail
A huge problem!
Number of unique phishing sites in Sept 2013
alone – 45,115 ( 56.22% contain some form of
target name in url)
Number of unique phishing email reports received
by APWG - 56,767

Web 2.0 Security and Privacy 2014
PHAD – A Phishing Avoidance and Detection Tool
Downloadable extension to Firefox browser.
Uses invisible digital watermarking.
Uses uniqueness of domain name of website.
Uses robust digital watermarking.
Implemented using Outguess – a universal
steganographic tool.
Based on observation that some phishers copy
content of legitimate sites like source code and
images to use in fake site.

Web 2.0 Security and Privacy 2014
Working of PHAD
Companies invisibly watermark their logo
images with the domain names of their websites.
When phisher copies the image, the watermark
travels along with it.
Browser on client side detects watermark and
compares to domain name.
If both match, website is legitimate else website
is phished.

Web 2.0 Security and Privacy 2014
Related Work
Huajun Huang, Yaojun wang, Lili Xie and
Liqing Jiang.An Active Anti-phishing Solution
Based on Semi- fragile Watermark.
Watermark concatenation of domain name
and other parameters into source code of
website by equal tag method.
Can easily be reversed if phisher is aware of
scheme.

Web 2.0 Security and Privacy 2014
Disclaimer
PHAD is intended to serve only as a first
defense and not as a complete filter.
Artistic hackers having plenty of time on their
hands could make a similar looking logo.
If a phisher has access to the client watermark
detection software, a phisher could observe it to
remove watermark. Then re-watermark image.
No known software exists to automate this yet.
PHAD significantly increases effort required by
phisher.

Web 2.0 Security and Privacy 2014
A Few Questions
What if phisher takes screenshot or photograph of
image? - watermark shall persist across screenshots
and good quality photographs
What if a company has multiple domain names? Eg
google.in and google.us – We shall watermark all the
domain names into the image. The client checks if at
least one matches the extracted watermark.
What if a company has multiple logos? - All domain
names watermarked in all logos.

Web 2.0 Security and Privacy 2014
A Few Questions
What if a website wants to embed logo of
another company in its webpage? eg.
CNN runs a story on Google or Facebook.
Multiple images allowed on page.
Company having highest ratio of images
compared to domain name.

Web 2.0 Security and Privacy 2014
A Few Questions
What if a website has two or more watermarked
images? - The company having the highest ratio
shall be compared to domain name.
Instead, if both of images were to be compared,
PHAD would fail. This is because attacker could
put original image with watermark of company and
her own image with her own fake site's watermark
(which would match domain name of fake site)

Web 2.0 Security and Privacy 2014
A Few Questions
How is this better than using Https?
Users are not aware that url should be
preceded by https instead of http.
No single point of failure.
Https can be used as added security
measure along with PHAD.

Web 2.0 Security and Privacy 2014
Future Work
Implement scheme for other browsers
and other operating systems instead just
firefox and linux.
Audit top 20 banks and top 100 websites
to see if they would be able to use this
approach or not.
Conduct a 'Wizard of Oz' study to
demonstrate that users like and
understand the approach.

Web 2.0 Security and Privacy 2014
Questions???
Web 2.0 Security and Privacy 2014