Feature Description

1 Binary feature indicating whether the word “Dear” is present or not

2 Binary feature indicating whether a HTML tag is present or not

3 Binary feature indicating whether JavaScript has been used or not

4 Binary feature indicating whether the tag “ahref” is present or not

5 Binary feature indicating whether CGI has been used or not

6 Binary feature indicating the opening tag of table

7 Binary feature indicating whether OnClick event is present or not

8 Number of HTML opening comment tags

9 Binary feature indicating whether the text colour has been set to white

10 Binary feature indicating whether a URL contains “&” , “%” or “@”

11 Binary feature indicating whether a URL contains an IP address

12 Binary feature indicating the image similarity between an original site and a phished one, using image segmentation