Netcraft: 5,600 Phishing Sites Since December 181
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.
One Day (Score:3, Insightful)
no wait.... only those gullables will find themselves in trouble.
Phishing is only a problem when you aren't paying attention.
Live Bait (Score:2, Insightful)
New sites: ouch! (Score:5, Insightful)
But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?
I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?
Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.
Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.
Re:"Continuously encrypted list"? (Score:1, Insightful)
Other ways to filter phishers out... (Score:3, Insightful)
I've always detected the trawlers by the fact that they're asking me to give them information via email.
Re:Submit a new site, get a gift? (Score:4, Insightful)
Last one of these I encountered (an eBay phishing scheme) was hosted on Comcast's network. To Comcast's credit, the site was inaccessible within 2 hours of my reporting it, and I got a very prompt response by email to my report.
Re:firefox toolbar? (Score:4, Insightful)
Re:Live Bait (Score:4, Insightful)
First off, phishers are _hard to catch and prosecute_. They're often located in other countries using and/or using compromised resources such as zombified home machines to serve their pages. They're committing fraud, they're not going to stop because Citigroup sends them a cease and desist. Thats like saying the real crime of the war on drugs is that the IRS hasn't dragged in all of these drug kingpins for not paying taxes.
Secondly, who the hell is subsidizing anything? The Patent Office takes in more in user fees than it spends - It's a yearly budget battle for them to keep more of what they bring in, not to get more money from congress. They've been totally user fee supported for at least 12 years now.
Re:The biggest problem... (Score:3, Insightful)
After all, if they don't care enough to make it easy to report phishers abusing their name, why should I make the effort to find out how to report it to them?
Re:Submit a new site, get a gift? (Score:2, Insightful)
professional? (Score:3, Insightful)
i'll be worried when i start seeing attacks imitating places that i actually have accounts at. other than paypal, i don't think a single one out of the thousands of phishing attacks i've received has tried to imitate a bank or institution that i actually do business with.
maybe it's just me, but i would think that when people see hundreds of emails coming from places they've never done businesss with in their life, they might be a little suspicious when they see one that's almost exactly the same except with their bank's logo on it, no matter how well written. or am i expecting too much of the average person?