Detection of Phishing by Episodic Image Memory

4 min readFeb 20, 2021

In February 2021 global media were in an uproar over this horrifying news — “Hacker tries to poison water supply of Florida city” https://www.bbc.com/news/world-us-canada-55989843

We know that many of the attackers get a back door opened to take over the systems. Probably around the top of the list of weapons for opening the backdoor is compromising the passwords of the staff of target organizations. ‘Phishing’ is known to be particularly effective in it.

The nasty threats of phishing attacks can be detected and thwarted by a simple tweak of the log-in process with a wise use of our episodic image memory; enable the user to register an image of their own (not shared on SNS) as a credential of the genuine log-in server

When the genuine service desk sends an email to a user, for instance, to ask them to feed their log-in password, the genuine log-in page should be able to show the user’s image — along with dozens of other images. If the user is shown a log-in page that does not show any image that the user can recognize right away, it would be suspected to be a fake log-in page — Beware!

The image to register as a credential of the genuine log-in page should desirably be of episodic memory. We announced this method 18 years ago.

Have you taken note that we wrote “show the user’s image ALONG WITH DOZENS OF OTHER IMAGES” in the above? This element plays a crucial role in our scheme.

A would-be phisher can easily copy the log-in screen and show it to a target user whose User ID is known. But the phisher does not know which image was registered by the user as the credential of the genuine log-in server as against the other images, whereas both the user and the genuine log-in server know which one was registered.

We ask the user to pick up the registered image and also several other meaningless images in a random sequence; The outcome will be that the genuine log-in server will know that the user has selected the registered image in the choice, while a fake log-in server will not know it,

If the user is given a password box when the choice does not include the registered image, the user would know right away that it is a fake and proper actions would be taken. The phishing process will have to stop there. Copying the genuine log-in page would thus take the phisher nowhere.

After this screening of fake log-in servers, the user will be asked to go through the authentication by a password, desirably by Expanded Password System (EPS) where it is available. EPS comes without the likes of a password box.