Get The Latest Insights

By Stacy Shelley | February 25, 2009

Nearly a year ago I asserted in a Dark Reading interview that phishers were using Google and other search engines to find vulnerable web sites which they used to launch their scams. By a simple analysis of the web hosts and URLs used in phishing, I estimated that the vast majority of phishing web sites were hosted on exploited otherwise legitimate web sites. Today, Richard Clayton and Tyler Moore have published a paper about “Evil Searches” and phishing at this week’s Financial Cryptography conference.

I encourage anyone who is interested in understanding how phishing really works to read the paper, but here are a few of the key takeaways:

  • Over 75% of phishing sites are hosted on hacked web sites
  • Despite legend to the contrary, there is no data to support the notion that phishers use phish URL blacklists (like PhishTank) to find vulnerable web sites
  • About 9% of phishing web sites are hacked again and another phish added within 4 weeks

Also see Dr. Clayton’s blog posting on Light Blue Touch Paper for more.