Exploration and Evaluation of Human-centric Cloaking Techniques in Phishing Websites

• WENHAO LI,
• SHAMS UL ARFEEN LAGHARI,
• SELVAKUMAR MANICKAM,
• YUNG-WEY CHONG,

Vol. 19, No. 1, January 31, 2025
10.3837/tiis.2025.01.011, Download Paper (Free):

• anti-phishing
• cloaking
• Phishing
• Phishing attack
• Phishing Website

Abstract

Anti-phishing blacklists are a critical first line of defense for end-users against phishing attacks, yet they remain vulnerable to sophisticated evasion techniques. Despite the well-documented shortcomings of these systems, limited research has delved into the specific vulnerabilities that allow phishers to bypass detection and persist in their deceptive practices. This study addresses this gap by investigating three novel, human-centric evasion mechanisms employed by phishing websites: Virtual Machine Detection (VMD)-based evasion, Cache-based evasion, and HTTP Client Hints (CHs)-based evasion. These techniques exploit behavioral differences between legitimate users and Anti-Phishing Entities (APEs) to avoid detection. Through real-world experiments using a scalable evaluation system, the effectiveness of these mechanisms was rigorously assessed. Results show that VMD and CHs-based evasion achieved a zero blacklisting rate on tested browsers, while Cache-based evasion reduced detection by 40%. A user study further validated the practical impact of these evasion techniques. Additionally, the proposed evaluation system demonstrated 100% accuracy in identifying blacklisted and non-blacklisted websites, maintaining consistent performance across varying workloads. This research introduces innovative cloaking techniques and a Combined Effectiveness Metric (CEM) to evaluate the resilience of APEs against such sophisticated phishing tactics. The findings contribute significantly to the development of more robust defenses, strengthening the ability of APEs and malicious Uniform Resource Locator (URL) scanners to detect and mitigate emerging phishing threats.

Statistics

Cite this article