Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Create 57,000 Fake Sites Each Week

Posted by CmdrTaco on from the because-they-can dept.

wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."

6 of 77 comments (clear)

  1. Battle.net by ildon · · Score: 4, Informative

    I'm honestly surprised that battle.net or World of Warcraft didn't make the top 10. Anyone who's been targeted by their phishing mails is probably familiar with domain names like "battle-auth-blizzard.com"

    1. Re:Battle.net by cygnwolf · · Score: 3, Interesting

      I think the wow ones that maybe work are the ones that say "Battle.Net account alert" or something to that effect, look kind of official and say things to the effect of 'Your account is under investigation for XYZ Reasons, if you want to contest these reasons, pleas visit your account page to contest this or else your account will be suspended," and then have 'links' to 'account management' login pages that catch your e-mail. 'course, my account had been turned off for years before I got the first one like this, and I keep getting more and more of them. I just forward them all unread to hacks@blizzard.com . Ironically enough, I keep tripping yahoo mail's spam filter when I forward more than two or three a day and then they lock down my ability to send mail

      --
      Free Pie! The Pie is Also Evil!
  2. Is someone working on fixing this? by kheldan · · Score: 3, Insightful

    I know that DNS vulnerabilities are being addressed finally. Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  3. Snakes by CarpetShark · · Score: 4, Funny

    Slow down everyone. No one would argue that ASP.net sites aren't bad, but calling them criminal is a bit much.

  4. sure... by damn_registrars · · Score: 4, Insightful

    Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

    I agree whole-heartedly that something should be done about the crooked and complacent registrars. The problem is, who should take the action? The most logical step is ICANN, since they handle registrar accreditation, except they have shown repeatedly that they will not take any meaningful steps. And of course, ICANN only does accreditation for registrars of the largest TLDs (for now), so anything from another country's list of TLDs is beyond their jurisdiction (and soon pretty much everything will be beyond their jurisdiction).

    So if ICANN won't do it, who then should? It is pretty well impossible to take legal action against the registrars and expect anything meaningful to come of that, so unless you want to advocate vigilante justice you're just SOL.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  5. Stupid, or otherwise concerned by CarpetShark · · Score: 3, Interesting

    The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:

    * banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.

    * insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.