Fighting Phishing with Bayesian Filtering

Phishing is a big problem. There are literally gangs which employ people in Nigeria to create phishing forms all day long. We know it because we are on the front lines. Our phishing filters suspend hundreds of phishers every month.

Since we are working very hard to make creating web forms easier, as an unfortunate side effect, phishers also prefer JotForm to create their forms. I am not sure if we should be flattered about this. :) What I am sure is that we have to fight hard to stop phishers, just like PayPal had to fight fraud hard to become one true Internet payment service.

We were fighting a losing war until couple of years ago. We had to manually review all suspicious forms. It was incredibly time consuming and phishers were creating new forms faster than we can delete them. So, we came up with a breakthrough idea. We implemented a Bayesian filter that detects and suspends phishing forms. Basically, we were using statistics to determine if a given form is doing phishing or not. It worked amazingly well. Whatever new ideas phishers came up with, our Bayesian filter quickly learned and adapted.

We have huge amount of data on phisher behavior; types of forms they create, commonly used words, types of tactics they use, where they come from etc. If you are a researcher or a student working on a thesis, feel free to contact me and I can provide you lots of data to play with. :)

4 Responses to “Fighting Phishing with Bayesian Filtering”

  1. Daniel says:

    This is a phish site aimed at stealing accounts from and appears to use JotForm to create it\’s form. I am a Security Engineer and identify phish sites, a couple hundred in the past year. Our gang is becoming more sophisticated so harder to detect. I\’ll have to research the Bayesian filter.

    Dan Cary
    Sr. Security Engineer
    IT Operations, Security and Fraud

  2. Aytekin says:

    Thanks Dan. Terminated the phishing account. The form will not work any more.

  3. Xairam Lim says: is a phish site aimed at stealing accounts from valid Perfect World users. It uses JotForm to create it’s form. Please do something immediately.

    Xairam Lim
    Community Manager
    Perfect World Philippines

  4. Aytekin says:

    Thanks for letting us know. Terminated now.

Leave a Reply

Security Code: