A Potential IRI based Phishing Obfuscation Strategy and Counter Measures

We anticipate a potential phishing strategy by obfuscation of Web links using Internationalized Resource Identifier (IRI). In the IRI scheme, the glyphs of many characters look very similar while their Unicodes are different. Hence, certain different IRIs may show high similarities. Therefore, it is quite difficult for normal Web users to distinguish them. The potential phishing attacks based on this strategy are very likely to happen in the near future with the boosting utilization of IRI. We invent a detection approach to this phishing strategy. We construct a Unicode character similarity list based on their visual similarity and semantic similarity. We use Nondeterministic Finite Automaton (NFA) model to identify the potential IRI based phishing patterns. We build the phishing IRI pattern generation system, by which, NFA could be further represented with regular expression (RE) to adapt it to anti-phishing systems. A framework is also proposed to build such anti-phishing systems.