Phishing tactics exposed by Google blacklist
Two-thirds of phishing sites take aim at just three websites, research finds.
Work carried out by Michael Sutton, found that in Google's blacklist of phishing sites, used by the company in its anti-phishing toolbar for Firefox, 63 per cent of sites targeted these three websites. Online auction website eBay was the most targeted with 23.46 per cent of fake sites, followed by online payments site PayPal with 23.17 per cent. Third was Bank of America with 16.42 per cent.
Sutton said on his blog that he was surprised to find that these three targets accounted for nearly two-thirds of phishing sites.
"I was somewhat surprised to find virtually all sites using straight social engineering attacks," said Sutton. "One amusing finding was that Yahoo! commonly hosts pages that phish, wait for it, Yahoo! credentials."
"My hope was that this exercise would provide some insight into current phishing attacks and it certainly did," he said.
Sutton added that the blacklist was continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing (1:1) contained primarily outdated URLs as 86 per cent of the pages or sites were no longer available.
"While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle," he said.
Defeating ransomware with unified security from WatchGuard
How SMBs can defend against the onslaught of ransomware attacksFree download
The IT expert’s guide to AI and content management
How artificial intelligence and machine learning could be critical to your businessFree download
The path to CX excellence
Four stages to thrive in the experience economyFree download
Becoming an experience-based business
Your blueprint for a strong digital foundationFree download