PhishBunny: Phishing Email Detection
Course Instructor
Daniel Cliburn
Abstract
Phishing emails are one of the most relevant and efficient types of cybercrime, but common users do not have many tools available to examine these threats. Although there exists many helpful security platforms, their results to users are complex, technical, and may be too difficult for non technical people to understand. PhishBunny is a local host website that was created to overcome this gap by making phishing detection understandable and useful for most users. To use PhishBunny, users must paste the unfiltered content of a questionable email straight into the text box, where two sets of analysis are performed on the provided email. It will begin by looking for recognized phishing signs in the email's text, such as popular suspicious keywords that derive from social engineering attempts and misleading language patterns. The email's attached URLs are then extracted and sent to VirusTotal for cross validation with other threat intelligence databases. PhishBunny then will convert the results of the VirusTotal scan in simple and understandable terms. If and when a link is deemed suspicious, the program informs users of what was found, why it was suspicious, and what to do in order to prevent these attacks or what to look out for next time. PhishBunny bridges the gap between personal cybersecurity and technical understanding at any level. It enables users to protect themselves against email based threats without the need of having specialized knowledge by decreasing the obstacle to phishing analysis.
PhishBunny: Phishing Email Detection
Phishing emails are one of the most relevant and efficient types of cybercrime, but common users do not have many tools available to examine these threats. Although there exists many helpful security platforms, their results to users are complex, technical, and may be too difficult for non technical people to understand. PhishBunny is a local host website that was created to overcome this gap by making phishing detection understandable and useful for most users. To use PhishBunny, users must paste the unfiltered content of a questionable email straight into the text box, where two sets of analysis are performed on the provided email. It will begin by looking for recognized phishing signs in the email's text, such as popular suspicious keywords that derive from social engineering attempts and misleading language patterns. The email's attached URLs are then extracted and sent to VirusTotal for cross validation with other threat intelligence databases. PhishBunny then will convert the results of the VirusTotal scan in simple and understandable terms. If and when a link is deemed suspicious, the program informs users of what was found, why it was suspicious, and what to do in order to prevent these attacks or what to look out for next time. PhishBunny bridges the gap between personal cybersecurity and technical understanding at any level. It enables users to protect themselves against email based threats without the need of having specialized knowledge by decreasing the obstacle to phishing analysis.
