Somaiya Vidyavihar University & WhoisXML API: Faster Phishing Detection
About
As part of the iDEA Hackathon organized by Somaiya Vidyavihar University, a student-led development team that included backend developer Pradyum Mistry, developed CatchPhish—a one-stop solution to block and report phishing sites. They aim to address the increasing number of phishing attacks and fraudulent websites, specifically those targeting banks, as these sites can deceive customers and trick them into revealing sensitive financial data. The team conducted a detailed analysis of common phishing tactics and identified typosquatting patterns, which ultimately allowed them to create CatchPhish, along with a reporting mechanism and a browser add-on that allows users to block phishing sites.
Highlights
-
Threat actors use typosquatting domains to launch targeted phishing attacks quickly.
-
The development team leveraged WhoisXML API’s Brand Alert API to automate the real-time detection of phishing domains that resemble legitimate bank domains.
-
CatchPhish was able to more accurately, efficiently, and quickly identify and block phishing sites.
How to Reliably Identify Typosquatting Domains
A key problem in addressing phishing and fraud is identifying and blocking phishing sites that use typosquatting techniques, where malicious actors create websites that imitate or resemble legitimate bank domain names. Being unable to detect these types of domains quickly and accurately can result in significant financial and reputational damage for banks, as well as fraud and financial theft for customers.
The development team initially tried manually monitoring bank domains and phishing websites but found the approach time-consuming and unscalable. Traditional domain monitoring tools also did not adequately capture the fast-changing nature of phishing sites, especially those that use similar domain names, and do not offer the flexibility the team needed to detect specific brand-related domain threats.
Flexible and Accurate Brand Threat Monitoring
The CatchPhish development team used Brand Alert API to automate the real-time detection of potential phishing sites and typosquatting domain names. The API enabled CatchPhish to efficiently identify phishing domains that are visually and structurally similar to legitimate bank domains, even those with slight variations in URLs.
The team found API integration to be straightforward, with clear API documentation and helpful support from WhoisXML API.
“We were able to integrate Brand Alert API with minimal issues. The process of identifying and blocking phishing sites became much more efficient. By automating the detection of typosquatting domains, we saved significant time and reduced the manual effort needed for monitoring.”
Effective Phishing Threat Detection and Response
Increased Detection Accuracy
With the help of the Brand Alert API, CatchPhish was able to accurately identify and block phishing sites. The team specifically reported a 40% improvement in phishing detection accuracy.
Time Efficiency and Real-Time Reporting
Automating phishing site detection using Brand Alert API helped save hours of manual monitoring and research. It also enabled users to easily and quickly report phishing sites.
Faster Threat Response
Brand Alert API facilitated faster detection of typosquatting domains and potential phishing threats. As a result, CatchPhish can block phishing sites 30% faster than before.