Machine Learning-Enabled Attacks on Anti-Phishing Blacklists

The exponential rise of phishing attacks has become a critical threat to online security, exploiting both system vulnerabilities and human psychology. Although anti-phishing blacklists serve as a primary defense mechanism, they are limited by incomplete coverage and delayed updates, making them susceptible to evasion by sophisticated attackers. This study presents a comprehensive security analysis of anti-phishing blacklists and introduces two novel cloaking attacks-Feature-Driven Cloaking and Transport Layer Security (TLS)-Based Cloaking-that exploit vulnerabilities in the automated detection systems of anti-phishing entities (APEs). Using real-world data and employing machine learning techniques, the Random Forest (RF) classifier emerged as the most effective among all tested supervised classifiers, achieving 100% accuracy in distinguishing APEs from regular users and enabling attackers to bypass blacklist detection. Key findings highlight critical security flaws in major APEs, including limited infrastructure diversity, feature implementation inconsistencies, and vulnerabilities to Web Real-Time Communication (WebRTC) Internet Protocol (IP) leaks. These weaknesses extend the operational lifespan of phishing websites, heightening risks to users. The results emphasize the need for APEs to implement more robust and adaptive defenses and propose mitigation strategies to enhance the resilience of the anti-phishing ecosystem.