Google blacklist exposes phishing tactics
Posted on 8 Jan 2007 at 16:15
Nearly two-thirds of active phishing sites target users of the PayPal, eBay and Bank of America websites, according to research by a security expert.
Work carried out by Michael Sutton, found that in Google's blacklist of phishing sites, used by the company in its anti-phishing toolbar for Firefox, 63 per cent of sites targeted these three websites.
Online auction website eBay was the most targeted with 23.46 per cent of fake sites, followed by online payments site PayPal with 23.17 per cent. Third was Bank of America with 16.42 per cent.
Sutton said on his blog that he was surprised to find that these three targets accounted for nearly two-thirds of phishing sites.
'I was somewhat surprised to find virtually all sites using straight social engineering attacks,' said Sutton. 'One amusing finding was that Yahoo! commonly hosts pages that phish, wait for it, Yahoo! credentials.'
'My hope was that this exercise would provide some insight into current phishing attacks and it certainly did,' he said.
Sutton added that the blacklist was continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing contained primarily outdated URLs as 86 per cent of the pages or sites were no longer available.
'While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle,' he said.
Author: Rene Millman
advertisement
- Microsoft shows courage at Tech-Ed 09
- PowerPoint and Silverlight: a perfect match?
- Why all the fuss over Windows Explorer?
- Your iPhone has a virus? Well it's your fault
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
- Building a better Google
- Beware HP's horrendous printer-driver glitch
- Microsoft debuts free Morro antivirus package
- Getting started with Search Server 2008 Express
advertisement

Printed from www.pcpro.co.uk

