Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netcraft: 5,600 Phishing Sites Since December

Posted by timothy on from the not-good-news dept.

miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

5 of 181 comments (clear)

  1. One Day by ericschoon · · Score: 3, Insightful

    The phishing community will learn to read an write in a professional manner. When that day comes, the world will end

    no wait.... only those gullables will find themselves in trouble.

    Phishing is only a problem when you aren't paying attention.

    --
    --
  2. New sites: ouch! by jfengel · · Score: 4, Insightful

    One of the factors that goes into the risk rating is the age of the site. That's a good insight: phishers tend to create new sites often, as the old ones get closed down or are simply dropped.

    But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?

    I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?

    Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.

    Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.

  3. Re:Submit a new site, get a gift? by aaamr · · Score: 4, Insightful

    Doesn't it make more sense to report the site to the service provider so it gets shut down?

    Last one of these I encountered (an eBay phishing scheme) was hosted on Comcast's network. To Comcast's credit, the site was inaccessible within 2 hours of my reporting it, and I got a very prompt response by email to my report.

  4. Re:firefox toolbar? by elid · · Score: 3, Insightful

    Yes, but that's probably too difficult for the average relative to understand.

  5. Re:Live Bait by Rasta+Prefect · · Score: 3, Insightful
    The great crime in this phishing system is at the Patent and Trademark Office. We fund the office, subsidizing corporate IP owners by defending their IP. But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing. How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?

    First off, phishers are _hard to catch and prosecute_. They're often located in other countries using and/or using compromised resources such as zombified home machines to serve their pages. They're committing fraud, they're not going to stop because Citigroup sends them a cease and desist. Thats like saying the real crime of the war on drugs is that the IRS hasn't dragged in all of these drug kingpins for not paying taxes.

    Secondly, who the hell is subsidizing anything? The Patent Office takes in more in user fees than it spends - It's a yearly budget battle for them to keep more of what they bring in, not to get more money from congress. They've been totally user fee supported for at least 12 years now.

    --
    Why?