Google blacklist exposes phishing tactics

 

Gallery

Posted on 8 Jan 2007 at 16:15

Nearly two-thirds of active phishing sites target users of the PayPal, eBay and Bank of America websites, according to research by a security expert.

Work carried out by Michael Sutton, found that in Google's blacklist of phishing sites, used by the company in its anti-phishing toolbar for Firefox, 63 per cent of sites targeted these three websites.

Online auction website eBay was the most targeted with 23.46 per cent of fake sites, followed by online payments site PayPal with 23.17 per cent. Third was Bank of America with 16.42 per cent.

Sutton said on his blog that he was surprised to find that these three targets accounted for nearly two-thirds of phishing sites.

'I was somewhat surprised to find virtually all sites using straight social engineering attacks,' said Sutton. 'One amusing finding was that Yahoo! commonly hosts pages that phish, wait for it, Yahoo! credentials.'

'My hope was that this exercise would provide some insight into current phishing attacks and it certainly did,' he said.

Sutton added that the blacklist was continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing contained primarily outdated URLs as 86 per cent of the pages or sites were no longer available.

'While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle,' he said.

Author: Rene Millman