Identification of phishing sites

This thesis deals with the issue of phishing and the possibility of detecting fraudulent sites using favicons. The thesis has three main objectives. The first objective is to provide the reader with an overview of the issue, primarily using a know-your-enemy approach, i.e. from the perspective of the threat actors. Phishing is a multidisciplinary problem, so the second objective is to try to find an answer to the question "Why is phishing so successful?" and to explain it mainly with the available knowledge from the fields of cognitive science, psychology and neuroscience. The last and main objective of this thesis is to investigate the possibilities of detecting fraudulent sites on the Internet using favicons. The theory and state of the art are presented, followed by the design of a method that uses the newly available capabilities of the last few years. The design of the method is followed by the development of a tool in the Python programming language, which aims to test the applicability of the method in practice. In testing and analysis, the results show that the tool is able to find fraudulent websites that are not already flagged by web browsers based on their reputation or presence in phishing databases. In addition to analysing the HTML source code of the page, the tool also uses data from the domain name system, a database of Internet domain owners and IP addresses and lastly, basic image processing methods to determine the similarity between fraudulent clones and legitimate websites. The contribution of the thesis lies mainly in the provision of a comprehensive overview of the issue of phishing from the attacker's point of view and the proposal of a method for searching and detecting fraudulent phishing sites on the Internet using favicon followed by verification of its possible applicability in practice.