Bayesian Spam Filters Make Phishers More Effective

March 30, 2005 at 4:22 pm · Filed under Phishing

I use SpamBayes to keep my inboxes virtually spam-free. I've also written and tweaked bayesian filters to solve other problems, but I realized a while back that personal bayesian spam-filters actually help phishers be more effective in their attacks. Stay with me...

Bayesian spam filters need to be trained. You teach the filter what you want to see and what you don't, and it learns very quickly. I use eBay and PayPal all the time, so I've trained SpamBayes to let official-looking eBay and PayPal emails get through to me. Someone else might classify these emails as spam, but I definitely want to get them.

A phisher's dream is to be able to send emails to the most likely targets. Citibank spoofs would only be sent to Citibank users, eBay spoofs to eBay users, etc. Phishers would get much higher "conversion rates" if they could do this. Luckily for us, they can't.

But here's the kicker - a well-trained bayesian filter makes sure you only see phishing emails for which you are a good target. SpamBayes makes sure I see eBay and PayPal spoofs in my inbox, but it also makes sure I don't see attacks targetting Bank of America, AOL, SunTrust, etc. So, in a way, I've trained my filter to help phishers target me directly.

3 Comments

  1. Kevin said,

    March 31, 2005 @ 11:35 pm

    I agree. I use Mailwasher for spam filtering, which also includes bayesian filters, and the eBay/Paypal emails almost always get through. Luckily I know enough to figure out which are phishing, but I have web design clients who are always sending me copies of emails they get to see if they are real or not.

  2. Narasimha said,

    May 9, 2005 @ 10:20 pm

    Hi,
    Spam mails now define some unrelated message in text/plain part of the multipart of the message, may be so that the probability of the mail being recognised as spam gets reduced. Details at : http://narasimhagm.blogspot.com/2005/05/anatomy-of-phish.html

  3. Adam Stiles » Death of IE7 Phishing Filter Predicted said,

    June 26, 2006 @ 9:53 am

    [...] A little background. The browser is the last line of defense against phishing attacks, and therefore the most important. Spam filters can be bypassed (and bayesian filters actually help phishers get through to likely targets), and network filters are only as effective as their most recent blocklist update. Most network filters don’t understand javascript and are easily fooled. [...]

RSS feed for comments on this post