Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netcraft: 5,600 Phishing Sites Since December

Posted by timothy on from the not-good-news dept.

miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

10 of 181 comments (clear)

  1. Spelling by Anonymous Coward · · Score: 5, Funny
    the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone

    One could say the same for the /. trolls.

  2. Submit a new site, get a gift? by Kozz · · Score: 5, Interesting

    Funny thing, I submitted a phishing site to Netcraft and was notified that it was a new one to their database, and what do they do?

    They ask me to reply to their email address with my full name, street address so that they can send me a "gift". I don't know what it is (haven't received it yet), but thought it ironic that they were soliciting information in a phishing-style.

    I sent them the address so they can send me a gift (t-shirt? who knows) since I knew I had contacted THEM about the particular phishing URL, and the info they requested could be gleaned by someone who wanted to find out, but found it humorous nonetheless.

    Anybody know what is this "reward" they mail you? I'm curious.

    --
    I only post comments when someone on the internet is wrong.
    1. Re:Submit a new site, get a gift? by doofusclam · · Score: 5, Informative
      Anybody know what is this "reward" they mail you? I'm curious.


      Well according to this: http://news.earthweb.com/security/article.php/3454 601:

      If a person is the first to submit a link to a new phishing site, the user receives a free prize, such as a coffee mug. Miller said other offerings are in the works as well. An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.
    2. Re:Submit a new site, get a gift? by EvilTwinSkippy · · Score: 4, Funny
      An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.

      Or they can collect on their winnings immediately by clicking on this link, with their accound name and password to paypal ...

      --
      "Learning is not compulsory... neither is survival."
      --Dr.W.Edwards Deming
    3. Re:Submit a new site, get a gift? by aaamr · · Score: 4, Insightful

      Doesn't it make more sense to report the site to the service provider so it gets shut down?

      Last one of these I encountered (an eBay phishing scheme) was hosted on Comcast's network. To Comcast's credit, the site was inaccessible within 2 hours of my reporting it, and I got a very prompt response by email to my report.

  3. Neat idea. by going_the_2Rpi_way · · Score: 4, Interesting

    The only problem that I see is that those people with the Netcraft toolbar are probably already in the low-risk category for this type of scam (although I guess the fact that they install toolbars at all makes it a slightly more at risk group) since they're reasonably aware of the problem. Still, Netcraft continues to impress me with excellent tools and insight on web traffic and secuirty trends. A daily must-read for webmasters, far more so than Alexa.

    --
    =======
    Science -- Sealed, Delivered.
  4. New sites: ouch! by jfengel · · Score: 4, Insightful

    One of the factors that goes into the risk rating is the age of the site. That's a good insight: phishers tend to create new sites often, as the old ones get closed down or are simply dropped.

    But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?

    I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?

    Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.

    Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.

  5. Slashdot Announcement by x.Draino.x · · Score: 5, Funny
    Dear Slashdot Reader,

    We regret to inform you that our subscription database was lost in a major crash. In order to continue your advertising-free dupe ridden news service, we require you to verify your account details. Please have your credit card handy and head on over to Slashdot Subscription Verification to verify your account. Once again, we apologize for the mis-hap.

    Sincerely, teh Taco.
  6. How the Netcraft toolbar works. by Anonymous Coward · · Score: 5, Interesting

    I actually looked into making a Firefox extension that worked with the netcraft phishing list. that you get from using their toolbar. I'm still just learning to code Firefox plugins, so I thought it would be a fun exercise. I put it aside for now since there is a big "DO NOT REVERSE ENGINEER OUR SOFTWARE" type notice in the install license, and I still have a long ways to go in learning to program Firefox extensions. I figured out how it works by reading the log file, is that reverse engineering these days?

    Anyway, how the blocker works is pretty nifty, the toolbar creates an MD5 hash of each the url you visit, then compares it to a file that the toolbar auto-updates with the MD5 hashes of the bad urls. To figure out where info is coming from, take a look at "blocked.log" in the Toolbar directory, you'll see the lines that update "blocklist.dat". The only problem I saw is that www.badsite.com/bleh.html might be in there, but www.badsite.com itself might not be, even if both are really the same page.

    I still think the best anti-phishing software would be a program that just notices when you are doing something really boneheaded. It would do things like shout "Hey, that's your ebay username and password and this isn't ebay! Are you sure you want to do this?" and "This page isn't posting to an encrypted page and that is a credit card number! Are you sure about this?". Just my little idea, I'm sure there are plenty of problems with it.

  7. Phishing Sites by SpaceAdmiral · · Score: 4, Funny

    I've visited Phishing sites before, but I just don't get it. You'd have to be stoned or something to appreciate their music.