Phishing tactics exposed by Google blacklist
Two-thirds of phishing sites take aim at just three websites, research finds.
Work carried out by Michael Sutton, found that in Google's blacklist of phishing sites, used by the company in its anti-phishing toolbar for Firefox, 63 per cent of sites targeted these three websites. Online auction website eBay was the most targeted with 23.46 per cent of fake sites, followed by online payments site PayPal with 23.17 per cent. Third was Bank of America with 16.42 per cent.
Sutton said on his blog that he was surprised to find that these three targets accounted for nearly two-thirds of phishing sites.
"I was somewhat surprised to find virtually all sites using straight social engineering attacks," said Sutton. "One amusing finding was that Yahoo! commonly hosts pages that phish, wait for it, Yahoo! credentials."
"My hope was that this exercise would provide some insight into current phishing attacks and it certainly did," he said.
Sutton added that the blacklist was continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing (1:1) contained primarily outdated URLs as 86 per cent of the pages or sites were no longer available.
"While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle," he said.
Meeting the future of education with confidence
How the switch to digital learning has created an opportunity to meet the needs of every student, alwaysFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
Why PCaaS is perfect for modern schoolsFree Download