Phishing attacks have become increasingly sophisticated, necessitating effective methods for real-time detection. This study examines phishing site characteristics, focusing on SSL certificate validity periods and user authentication forms. Based on a dataset of 1,047 unique phishing URLs collected from multiple sources, we found that 89.8% of the phishing sites had certificate validity periods of 90 days or less, with Let's Encrypt (53.9%) and Google Trust Services LLC (26.5%) being the most prevalent certificate issuers. To effectively prevent this threat, we developed a Proof-of-Concept (PoC) browser extension that leverages certificates and user authentication forms required for information theft as key indicators for real-time phishing detection. The PoC extension achieved a detection rate of 94.5%. Comparative analysis demonstrated that our approach outperformed several existing solutions, including Google Safe Browsing, in phishing site detection. While the proposed method demonstrates high effectiveness, we also discuss its limitations. This study demonstrates the potential of approaches that use certificates and user authentication forms for real-time detection, particularly for phishing sites targeting financial institutions and e-commerce platforms, offering a simple yet effective countermeasure.
Sakai et al. (Thu,) studied this question.