The Golden Hour of Phishing Attacks

Orome1 writes "Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims' credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn't include the time required to take down the phishing Web site, they've dubbed the first 60 minutes of a phishing site's existence is the critical 'golden hour.'"

A solution presents itself

[Wonko+the+Sane]

Delay all email deliveries for one hour. What could possibly go wrong?

Re:A solution presents itself

[Chrisq]

Delay all email deliveries for one hour. What could possibly go wrong?

Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.

whoosh....

Re:A solution presents itself

Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first,

Congratulations! Gmail has determined that you are smart and competent. Your reward is more spam.

Re:A solution presents itself

[alexmipego]

They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.

Scrub the sites...

[AdamThor]

So what we need is a way to scrub those websites within the critical time period, yes? A cleaning program? A sort of "Golden Shower"?

Simple

[PPH]

I never answer e-mail within an hour of receipt. I'm too busy trying to make first post.