Determining Phishing Emails using URL Domain Features.

Social engineering is the process of getting a person to provide a service or complete a task that may give away private or confidential information. Phishing is the most common type of social engineering. In phishing, an attacker poses as a trustworthy source in an attempt to have the victim release personal or private information. This research aims to identify phishing emails by examining the domain section of URLs. What makes this research novel is the extraction of concise and high quality features used to identify phishing emails in high accuracy as well as provide users with features to identify phishing emails. Through our experiments, we discovered that all of our phishing detection models performed similarly; however, the multinomial naïve bayes model may be best suited for phishing detection via URL domain. This model produced an accuracy of 97.22% with a precision of 0.974 and recall of 0.9776. We also discovered that the most significant features in determining whether a URL is phishing or legitimate were the age of the domain, the length, and the presence of a dash "-".