Dead Phish: An Examination of Deactivated Phishing Sites
نویسندگان
چکیده
Efforts to combat phishing and fraud online often center around filtering the phishing messages and disabling phishing Web sites to prevent users from being deceived. Two potential approaches to disabling a phishing site are (1) to eliminate the required DNS records to reach the site and (2) to remove the site from the machine itself. While previous work has focused on DNS take-down efforts, we focus on determining how long a phishing site remains on a machine after the DNS records have been removed. We find that on the day a site is reported, as many as 56% of phishing sites remain present on the hosting machines even after the DNS records have been removed. While many of these sites are removed within a few days, the DNS caching behavior at ISP resolvers may preserve the phishing site accessibility until the phishing site itself is completely removed.
منابع مشابه
Phish Phodder: Is User Education Helping or Hindering?
Mostly, security professionals can spot a phish a mile off. If they do err, it’s usually on the side of caution, for instance when real organizations fail to observe best practice and generate phish-like marketing messages. Many sites are now addressing the problem with phishing quizzes, intended to teach the everyday user to distinguish phish from phowl (sorry). Academic papers on why people f...
متن کاملPoster: Lightweight Content-based Phishing Detection
I. INTRODUCTION Increasing use of Internet banking and shopping by a broad spectrum of users results in greater potential profits from phishing attacks. Phish are fake websites that masquerade as legitimate sites, to trick unsuspecting users into sharing sensitive information: credentials, passwords, financial information, or other personal information that can enable fraud. This threat is espe...
متن کاملAuntieTuna: Personalized Content-based Phishing Detection
Phishing sites masquerade as copies of legitimate sites (“targets”) to fool people into sharing sensitive information that can then be used for fraud. Current phishing defenses can be ineffective, with training ignored, blacklists of discovered, bad sites too slow to pick up new threats, and whitelists of knowngood sites too limiting. We have developed a new technique that automatically builds ...
متن کاملCan phishing be foiled?
December 20 0 8 Over just a few weeks, I received e-mail messages from several banks warning me that my online banking services were in danger of being deactivated, from eBay telling me that I needed to change my password, from Apple complaining that I had unpaid bills for music downloads, from an airline offering me the opportunity to earn a quick $50 for filling out a survey and from the Red ...
متن کاملAn Empirical Analysis of Phishing Blacklists
In this paper, we study the effectiveness of phishing blacklists. We used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found that 63% of the phishing campaigns in our dataset lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at hour zero. We also fo...
متن کامل