A team of researchers working out of the Arizona Eller College of Management have devised a working prototype that is capable of detecting fake websites. In a paper published in the MIS quarterly, the team describes how they have developed a software program based on Statistical Learning Theory (SLT) that they say has bested the commercial applications now available for consumers.
In the paper, the team describes how they set out to create a system that would be able to accurately tell a user if a web site they are visiting is a real site with a legitimate purpose or one created to look like one.
What are Fake Websites?
Fake websites are sites designed to look like a legitimate site for the purpose of fooling users into providing login information. Generally, users are sent a link via email that is intended to look like a legitimate link to a site the user might be used to seeing, such as for their bank, credit card or PayPal account. The link instead takes them to a fake site that has been designed to look like the real site. When a user logs in to what they think is a legitimate site, the fake site copies the login information and then exits the site, usually with a message telling them that their login and password isn't recognized. The user is then instructed to use their normal link from their browser favorites list to try again. This time, the use is taken to the real site, and they are then able to log in, unaware that they have just given their login and password to criminals who will soon be logging in as them and stealing their money.
How the Fake Website Prototype Works
The fake website detector prototype works by analyzing every aspect of the website, including its DNS information, and how often the site has been visited. It then does a statistical analysis of the site and returns a value that represents the confidence level of the site. A high confidence level indicates that the site is likely legitimate, while a low one suggests in might not be and that the user should probably not give their user account information.
Why Fake Site Detector Software is Needed
Despite the fact that computer owners are cautioned against following links from their email accounts to bank, credit card or PayPal accounts, many users still do it anyway, risking their assets in the process. The authors of the study note that billions of dollars of assests are currently lost due to users giving away their login information to fake websites. If such users had fake website detection software installed into their browsers, they'd be warned against giving such sites their account information.
The team expects to have their prototype converted to a working program within the next year and to have a marketable product out soon thereafter.
Sources
- "Detecting Fake Websites: The Contribution of Statistical Learning Theory " MIS Quarterly, viewed July 26, 2011
Bob Yirka - Bob Yirka has written thousands of online articles and backs them up with a BS in Computer Science/MS in Information Systems Management.
Join the Conversation