隨著網際網路蓬勃發展，大多數人都曾有上網購物的經驗，增加方便性的同時卻也
衍生出許多詐騙案例，而詐騙手法日新月異，過去常見的一頁式詐騙網站隨著時間逐漸
演化為電商形式，相較於過去一頁式網頁粗糙的內容，電商形式的通常會有較精美的圖
片及完整的框架，使消費者難就網頁內容判斷是否為詐騙網站。而市面上現存的產品，
僅以安全或不安全作為回報，消費者無法得知更多的資訊，可能會因此被誤導。在本研
究中，我們提出了一個框架，除了風險燈號提醒外，整合欲查詢網站的各項資料供消費
者參考，並特別針對是否能與台灣有所連結進而提供相關的警告，讓消費者能在購物前
有更充分的了解並評估自己使否處於風險之中。
我們首先分析了台灣網路資訊中心的詐騙網站資料集，透過將資料集進行分群，我
們能初步了解目前的詐騙框架，進而可以識別未知網站是否與已知的詐騙群集有關，並
利用此資料集來獲得詐騙網站的一些相關資訊占比，像是憑證頒發機構、網域存活時間
或是註冊國家等等以利我們提出框架所列出的警告有所依據及參考。在實驗部分，本研
究透過對比現存偵測詐騙網站工具的辨識結果以及使用者問卷調查，來驗證框架的有效
性。
實驗結果顯示，現存偵測詐騙網站工具 Scamadviser 成功辨識出的詐騙網站僅有
54%，防詐達人為 79%，而本研究所提出的框架則在不考慮分群的前提下，可以判斷出
87% 可能隱藏風險的詐騙網站；而在考慮分群結果後，在 Accuracy、Precision、Recall
及 F1­score 等各項指標均高於其他工具。使用者問卷調查方面，在僅提供網站頁面的階
段，判斷詐騙網站與否的正確率僅有 51%，而電商型式的詐騙網站甚至僅有 37%，而在
提供了一系列的資訊及警告後，正確率來到了 75%，再加上附加的商工登記公示資料查
詢以及提供國內相關法律及自救程序，最終有 91% 的使用者認為此框架對於判斷詐騙網
站是有效的。

With the development of Internet, most people have the experience of online shopping.
While online shopping brings in the convenience, many scam cases also emerge. Scam
methods are changing day by day, the common one­page scam websites in the past gradually evolved into websites of e­commerce form. Compared with the rough content of
the past one­page websites, the better pictures and more complete frames in e­commerce
websites make it difficult for consumers to judge whether it is a scam website or not. The
existing scam­website detection tools only report safety scores or binary results, which we
consider insufficient for consumers to decide to visit or not. In this study, we propose a
framework to provide consumers warnings about risks, and integrate relevant information
of the websites to visit for consumers’reference, especially for whether the websites are
cross­border ones. We believe that consumers can have a better understanding and careful
evaluation before visiting the shopping websites.
To develop the detection scheme, we first analyzed the scam website data set of the
Taiwan Network Information Center. By categorizing the data set into groups, we can
understand whether any unknown website is related to a known scam cluster. At the same
time, we gathered relevant information about the scam websites such as certificate authority, domain survival time, domain registration country, etc., so that we can provide a
reference for the warnings listed in the report. In the experiments part, this study verified
the effectiveness of the proposed scheme by comparing the recognition rate of existing
scam detection tools and by user questionnaires.
The experimental results show that the existing scam detection tools Scamadviser
successfully identified only 54% of scam websites, and Dr.Message, a tool from Trend
Micro inc., is 79%. The proposed scheme can detect 87% of scam websites without the
help of grouping. After adopting the grouping results, all indexes such as accuracy, precision, recall and F1­score are higher than other tools. In the questionnaire part, at the stage
of only providing website pages, the correct rate of judging scam websites is only 51%,
and the correct rate of e­commerce forms are even only 37%. After providing a series
of information and warnings, the correct rate came to 74%. In addition, after providing
government public information, laws and self­help procedures, and compare the survey
results of other tools, eventually 91% of users believe that this scheme is effective for
judging scam websites.

[1] “108 年詐騙手法大公開「假網拍」蟬聯第一.” https://www.moi.gov.tw/chi/
chi_news/news_detail.aspx?src=news&sn=17336&type_code=02, 2019.
(Accessed on 12/22/2020).
[2] J. Wadleigh, J. Drew, and T. Moore, “The e­commerce market for ”lemons”: Identification and analysis of websites selling counterfeit goods,” WWW ’15: Proceedings
of the 24th International Conference on World Wide Web, p. 1188–1197, 2015.
[3] “「越來越像真的電商平臺！」1 頁式詐騙網站再進化.” https://www.cib.gov.
tw/crime/SkillDetail/3509, 2019. (Accessed on 06/15/2020).
[4] “Global tech support scam research.” https://news.
microsoft.com/uploads/prod/sites/358/2018/10/
Global-Results-Tech-Support-Scam-Research-2018.pdf. (Accessed
on 10/8/2019).
[5] D. Warburton, “2020 phishing and fraud report.” https://www.f5.com/labs/
articles/threat-intelligence/2020-phishing-and-fraud-report. (Accessed on 12/3/2020).
[6] “November shopping –do it the smart way!.” https://blog.checkpoint.
com/2019/11/26/november-shopping-do-it-the-smart-way/. (Accessed on
12/3/2020).
[7] “疫情期間網路釣魚激增「hinet 防毒防駭」防詐截毒有一套.” https://www.cht.
com.tw/zh-tw/home/cht/messages/2020/msg-201116-150000. (Accessed on
11/21/2020).
[8] “歡 慶 購 物 節， 慎 防 貨 到 付 款 詐 騙.” https://www.cib.gov.tw/News/
BulletinDetail/8359. (Accessed on 11/21/2020).
[9] “Google 資 訊 公 開 報 告 ­ 安 全 瀏 覽.” https://transparencyreport.
google.com/safe-browsing/overview?unsafe=dataset:1;series:
malwareDetected,phishingDetected;start:1148194800000;end:
1608451200000&lu=unsafe. (Accessed on 1/1/2021).
[10] “Transitioning google url shortener to firebase dynamic
links.” https://developers.googleblog.com/2018/03/
transitioning-google-url-shortener.html. (Accessed on 1/1/2021).
[11] B. Eshete, A. Villafiorita, and K. Weldemariam, “Binspect: Holistic analysis and
detection of malicious web pages,” Proceedings of SecureComm 2012: Security and
Privacy in Communication Networks, pp. 149–166, 2012.
[12] S. N. Bannur, L. K. Saul, and S. Savage, “Judging a site by its content: learning
the textual, structural, and visual features of malicious web pages,” AISec ’11: Proceedings of the 4th ACM workshop on Security and artificial intelligence, pp. 1–10,
2011.
[13] D. Canali, M. Cova, G. Vigna, and C. Kruegel, “Prophiler: a fast filter for the largescale detection of malicious web pages,” WWW ’11: Proceedings of the 20th international conference on World wide web, pp. 197–206, 2011.
[14] C. Carpineto and G. Romano, “Learning to detect and measure fake ecommerce websites in search­engine results,” WI ’17: Proceedings of the International Conference
on Web Intelligence, pp. 403–410, 2017.
[15] M. M. Oghaz, A. Zainal, M. A. Maarof, and M. N. Kassim, “Content­based fraudulent website detection using supervised machine learning techniques,” HIS 2017:
Hybrid Intelligent Systems, pp. 294–304, 2017.
[16] K. Wu, S. Chou, S. Chen, C. Tsai, and S. Yuan, “Application of machine learning to identify counterfeit website,” iiWAS2018: Proceedings of the 20th International Conference on Information Integration and Web­based Applications Services,
pp. 321–324, 2018.
[17] 張銘億, “一個基於 HTML 碼相似度與廣告追蹤碼的電商詐騙網站偵測框架,” 碩士
論文, 國立台灣科技大學,2020.
[18] T. Gowda and C. Mattmann, “Clustering web pages based on structure and style
similarity,” 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI), pp. 175–180, 2016.
[19] M. Ester, H.­P. Kriegel, JörgSander, and Xuxiaowei, “A density­based algorithm for
discovering clusters in large spatial databases with noise,” AAAI Press, pp. 226–231,
1996.
[20] “Whois.” https://whois.icann.org/en/about-whois. (Accessed on
11/11/2020).
[21] “Gdpr.” https://zh.wikipedia.org/wiki/%E6%AD%90%E7%9B%9F%E4%B8%80%
E8%88%AC%E8%B3%87%E6%96%99%E4%BF%9D%E8%AD%B7%E8%A6%8F%E7%AF%84.
(Accessed on 11/22/2020).
[22] “Tls.” https://zh.wikipedia.org/wiki/%E5%82%B3%E8%BC%B8%E5%B1%
A4%E5%AE%89%E5%85%A8%E6%80%A7%E5%8D%94%E5%AE%9A. (Accessed on
11/11/2020).
[23] “ssl/tls.” https://letsencrypt.org/2020/02/27/one-billion-certs.html.
(Accessed on 11/11/2020).
[24] “Google analytics.” https://analytics.google.com/. (Accessed on
12/19/2020).
[25] “Facebook pixel.” https://developers.facebook.com/docs/
facebook-pixel. (Accessed on 12/15/2020).
[26] “Whois module.” https://github.com/richardpenman/whois. (Accessed on
4/1/2020).
[27] “crt.sh.” https://crt.sh/. (Accessed on 10/9/2020).
[28] “Improved digital certificate security.” https://security.googleblog.com/
2015/09/improved-digital-certificate-security.html. (Accessed on
12/15/2020).
[29] “Urlscan.” https://urlscan.io/. (Accessed on 8/24/2020).
[30] “Usage statistics of ssl certificate authorities for websites.” https://w3techs.
com/technologies/overview/ssl_certificate. (Accessed on 12/11/2020).
[31] “Alexa － top sites.” https://www.alexa.com/topsites, 2021. (Accessed on
09/03/2021).
[32] “Alexa － top sites in taiwan.” https://www.alexa.com/topsites/countries/
TW, 2021. (Accessed on 09/03/2021).
[33] “Evolving chrome’s security indicators.” https://blog.chromium.org/
2018/05/evolving-chromes-security-indicators.html. (Accessed on
11/11/2020)