Vittorio Bertocci

Scatter thoughts

35,000 new phishing websites in just a month

35,000 new phishing websites in just a month

  • Comments 2

The monthly report from http://www.antiphishing.org/ is always an instructive read. This April report contains some surprising numbers, as shown by the graphic below:

The happy spike you notice in April07 is in fact not happy at all: it shows the efforts of phishers to strain the antiphishing countermeasures offered by IE7 and Firefox 2. It's a 166% up from March and 48% more than the former record in the past 12 months: a similar resolution really deserves a very firm answer. A strategic one. I personally believe that the best answer is defusing the situation is by changing the rules of the game; but if are reading this you probably already know, don't you ;-)

  • Incident response should be the focus to the rise in phishing sites. The more efficient the report and shut down of these sites the less impact they will have. This is common sense that reporting and shutting these down through co-operation of ISP's is the best scenario.

  • This war has tactical and strategic aspects.

    Reporting and cooperation can definitely make their part in mitigating the phenomenon, but the strategic move is realizing that authentication systems based on shared secrets (passwords) are prone to this kind of abuse, and start protecting online assets via

    "user-friendly asymmetric cryptography".

Page 1 of 1 (2 items)
Leave a Comment
  • Please add 3 and 6 and type the answer here:
  • Post