Network News

X My Profile
View More Activity

A Year's Worth of Phish Facts

Phishtank.com, a volunteer effort to identify phishing e-mails and associated Web sites, released its first annual report today, providing one of the most comprehensive data sets ever published on the subject and offering fascinating insights on the scope and increasing sophistication of phishing attacks.

Anyone who goes through the site's free signup can submit suspected phishing sites and e-mails to the Phishtank community, with each member free to vote on whether he or she thinks a given submission is the legitimate or the work of scammers. Out of nearly 300,000 sites submitted as suspect, the community verified some 220,000 as phishing scams (more than 70,000 went unverified.)

Overall, the United States was far and away the country that played host to the largest number of phishing sites in the past year, accounting for slightly more than 30 percent of the verified sites. SBC's network hosted the most phishing scams of all American ISPs, well out ahead of the rest with 53,666 scam sites over the past 12 months. Comcast and Road Runner rounded out the No. 2 and No. 3 slots, with 28,000 and 25,000 phishing sites, respectively.

It's important to mention the ISPs because most phishing sites these days are hosted on personal computers that have been hacked by criminals. Those PCs are typically home-user machines hooked up to consumer broadband networks. But Phishtank is not only calling those ISPs out, they're giving them a free new tool to more quickly identify customer systems that are hosting phishing sites. Beginning today, Phishtank is connecting its database to an RSS feed so that ISPs can get instant notification when a new phish pops up on their network.

One set of data from the report I found particularly interesting was the number of phishing sites and e-mails that members thought were scammy but were later determined to be legitimate -- or vice versa. Out of nearly 300,000 sites submitted as suspect, the Phishtank community misidentified 8,760 sites.

This seems to suggest two things: The more obvious being that phishing has completely ruined e-mail as a means of trusted communications between businesses and customers. Some smart people and big targets are starting to take some positive steps that -- if more widely adopted -- should help minimize the success of phishing scams. But even if everyone adopted these measures overnight, it would take years for people to begin trusting e-mail again.

More importantly, the report seems to explain why phishing remains such a prevalent problem. In this case, you have a large group of self-selected "experts" on phishing who, in about 4 percent of cases, can't tell a phishing site or e-mail from a legitimate one.

A copy of the report is available here (PDF).

By Brian Krebs  |  October 9, 2007; 7:54 AM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Java Update Plugs Multiple Security Holes
Next: Microsoft Plugs Nine Security Holes

Comments

Great stuff. I hasten to point out that phishing is spam and stopping spam at the source is the ultimate solution. Exposing phishing once it's out there wasting bandwidth is attacking it at the wrong end. As 101% of all Windows computers are spewing out 101% of all spam it's a no brainer to see what the source is.

Posted by: Rick | October 9, 2007 8:16 AM | Report abuse

Rick. Your statistics are bunk, dude.

I'm not defending Gates or MS, but the only reason their aren't more of these scams coming from Apples, is because Apple's market share or lack thereof makes it much, much less desirable for the criminals to target. Linux, on the other hand, has so many flavors and varieties as well as having negligible market share, that its no wonder thugs target Windows boxes. It is a result of Window's success, not of Apple's superiority.

Posted by: Patrick Huss | October 9, 2007 9:24 AM | Report abuse

Its time for ISPs to bite the bullet.

Home DSL lines should be prevented from running any internet services and not allowed unrestricted outgoing SMTP.

Posted by: anon | October 9, 2007 9:26 AM | Report abuse

how did this devolve into yet another discussion of Apple v. Microsoft. Phishers don't care if you're using a Tandy, Trash 80 or Commodore 64. Phishing is about e-mail, people, not software vulnerabilities.

Posted by: Anonymous | October 9, 2007 9:28 AM | Report abuse

anon: I disagree with your assertion that home services should be prohibited from running Internet services. I also disagree that SMTP services should be intercepted. What goals do these steps realize?

If you prohibit SMTP, then you cannot have visitors to your home send email. That's not very nice.

If you prohibit Internet services (by which I think you mean incoming connections), then you greatly reduce the capability of online games, certain IM features, etc.

Many of these zombie machines can be detected through other means, and a phone call followed by discontinued service can eliminate them one by one.

Don't ruin everything for home users just because you get too much spam in your inbox.

Posted by: Chris | October 9, 2007 10:55 AM | Report abuse

Chris: you make a point with regards to games. Perhaps the answer lines with multiple levels of ISP service.

For the vast majority of home users the very basic no frills service would be enough.

Its not just about spam. Its about bots.

Posted by: anon | October 10, 2007 10:45 AM | Report abuse

Only vulnerable to this if you are'nt running Vista!

Posted by: Steve Ballmer | October 11, 2007 4:41 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company