Possibly of interest here... -------- Original Message -------- Subject: [Asrg] Phishing and domain reputation Date: Wed, 16 Nov 2011 15:18:28 +0000 From: Martijn Grooten <[email protected]> Reply-To: Anti-Spam Research Group - IRTF <[email protected]> To: Anti-Spam Research Group - IRTF <[email protected]>
The anti-phishing working group (APWG) published a report on phishing in the first half of 2011: http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf Lots of statistics on phishing, such as a significant rise in attacks compared to the previous six months, which was largely due to attacks on Chinese organisations and their customers. One thing I found interesting, and which prompted me to post about it here, is that only 2% of the phishing domains contained the brand name of a variation thereof (e.g. paypaI dot com) and they've only seen two examples of phishing attacks using IDNs and homographs (e.g. fácebook dot com) in since 2007. Also, only 18% of the domains used (down from 28%) were registered by the phishers themselves; the other domains were hacked or compromised. It suggests that phishers do care about the reputation of domains as used by email/web filters (does the domain have a history of legitimate content?), but little about reputation among users (does the domain look like the one I expect for this site?). I'm not sure about their definition of 'phishing'. This could have some influence on their statistics. Martijn. Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England. Company Reg No: 2388295. VAT Reg No: GB 532 5598 33. _______________________________________________ Asrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/asrg _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
