Phishing is a dangerous cybercrime that attempts to steal personal information or money, compromise online accounts, access and modify connected systems, and impersonate brands and infrastructure. Phishing attackers are increasingly using advanced technologies to hide malicious code from security defenders.
As phishing attacks are becoming more sophisticated, the need to detect malicious URLs is more important than ever. Many research works have used various machine learning methods and deep neural networks (DNN) to develop phishing detection systems. However, there are some limitations and drawbacks of these approaches.
To overcome the shortcomings of previous phishing detection systems, we developed a Python library called isitphish that combines state-of-the-art machine learning and heuristic rule detection with a user-friendly interface to detect phishing URLs.
Our phishing detection API offers ultra fast lookup times and a simple API interface to easily integrate into your application. The isitphish API is designed for use with email, SMS/Text and browser security applications that need to verify threats in real time and block them before they reach end users. It is also ideal for enhancing MFA bypass and MiTM defenses with inline phishing verification.
For a more detailed explanation of the methodology, please refer to our blog post “Building and Training a Decision Tree for Phishing Detection”. In a nutshell, we train a tree-based model that uses features extracted from the website domain name, IP address, web server, operating system, and browser user agent string to determine whether a domain is a phishing URL. To achieve high accuracy, we use a combination of heuristic rules and logistic regression.
Our isitphish phishing detection API uses more than 140 million URL syntax features to evaluate each potential threat and determine if it is a phishing site or not. By combining these data points with heuristics, we are able to achieve a 98.9% success rate on the UC Irvine dataset.
Another advantage of isitphish is that it does not rely on any threat feeds and can be easily integrated into any application with our REST API. This allows you to quickly and accurately scan links for phishing, malware, viruses, parked domains, poor reputation, and more without the need to maintain additional data sets or complex infrastructure.
VirusTotal’s phishing detection API identifies malicious phishing URLs by searching for relevant words in the Uniform Resource Locator (URL). In addition to this, we offer advanced search options like analyzing keywords in the FreeURL of each URL. This helps us identify phishing attacks that take advantage of the fact that the FreeURL part of a URL can be set only once, making it easier to detect.
The phishing detection API from VirusTotal is a highly accurate solution that is designed to work on a large scale. It is built on top of the world’s largest crowdsourced malware database and provides you with all the tools you need to automate your tasks, monitor any ongoing phishing activity and protect your business from threats that are targeting your brand, customers, or infrastructure.