Michael Sutton’s analysis of Google’s list of suspected phishing sites makes interesting reading, with some shockingly simple tricks still apparently fooling web users.
eBay and Paypal remain top of the phishers’ hit lists, with 47% of URLs listed aimed at either one or other site: looking at my inbox, this isn’t particularly surprising.
What is jaw-droppingly incredible is that Yahoo apparently host Yahoo-phishing sites. Why anyone would put any sort of personal information into a Geocities site is quite beyond me, but as simple subdomains (“https://paypal.scamsite.com/”) seem to work for the phishers, it’s fair to assume that people are still not checking even the basic details as they click on these links.
As Sutton himself says,
Based on all of the sites that I looked at, the majority of phishing scams are less sophisticated than I had predicted. This is however somewhat concerning as simple attacks must still be working and attackers have not been forced to upgrade their skills in order to make a profit.