Gemini: An Emergency Line of Defense against Phishing Attacks

This paper proposes a simple but very effective approach called Gemini to prevent victim users from exposing sensitive credentials to a phishing site. As an emergency line of defense, Gemini assumes that a victim user is already deceived into a phishing site and starts the user authentication procedure. Gemini springs into action once the username field is filled in, and tackles the phishing problem from a new perspective. In particular, by exploiting username input, Gemini is able to provide more accurate detection of a phishing site and much stronger protection for a password, the most confidential and crucial information for user authentication. To validate the efficacy of Gemini, we implement different prototypes of Gemini as a browser extension for IE, Firefox, and Chrome, respectively, and conduct extensive live experiments over various legitimate and phishing websites for more than one month. Our experimental results show that Gemini can achieve zero false negative rate and less than 1% false positive rate, and Gemini can effectively block the access to a phishing site before a victim user begins to enter in a password. Moreover, Gemini is complementary to existing anti-phishing tools. The performance overhead induced by Gemini is minor and has a negligible effect upon users' browsing activities.