Automatically determining phishing campaigns using the USCAP methodology

Robert Layton*, Paul Watters, Richard Dazeley

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

32 Citations (Scopus)


Phishing fraudsters attempt to create an environment which looks and feels like a legitimate institution, while at the same time attempting to bypass filters and suspicions of their targets. This is a difficult compromise for the phishers and presents a weakness in the process of conducting this fraud. In this research, a methodology is presented that looks at the differences that occur between phishing websites from an authorship analysis perspective and is able to determine different phishing campaigns undertaken by phishing groups. The methodology is named USCAP, for Unsupervised SCAP, which builds on the SCAP methodology from supervised authorship and extends it for unsupervised learning problems. The phishing website source code is examined to generate a model that gives the size and scope of each of the recognized phishing campaigns. The USCAP methodology introduces the first time that phishing websites have been clustered by campaign in an automatic and reliable way, compared to previous methods which relied on costly expert analysis of phishing websites. Evaluation of these clusters indicates that each cluster is strongly consistent with a high stability and reliability when analyzed using new information about the attacks, such as the dates that the attack occurred on. The clusters found are indicative of different phishing campaigns, presenting a step towards an automated phishing authorship analysis methodology.

Original languageEnglish
Title of host publication2010 eCrime Researchers Summit
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISBN (Print)9781424477623
Publication statusPublished - 2010
Externally publishedYes
Event2010 Fall General Meeting and eCrime Researchers Summit, eCrime 2010 - Dallas, TX, United States
Duration: 18 Oct 201020 Oct 2010


Conference2010 Fall General Meeting and eCrime Researchers Summit, eCrime 2010
Country/TerritoryUnited States
CityDallas, TX


Dive into the research topics of 'Automatically determining phishing campaigns using the USCAP methodology'. Together they form a unique fingerprint.

Cite this