Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Google Blacklist Reveals Techniques of Bogus Sites

An assessment of Google's blacklist of doubtful phishing sites showed that PayPal, eBay and Bank of America make for 63 percent of the total probable scam sites.

Law enforcement agencies define phishing as the criminal practice of scamming or extorting out valuable and confidential information from people. Such information relate to usernames, e-mail passwords, passwords of government officials, bank account details, credit card information and so on. The scammers send out messages in the name of popular enterprises such as eBay, financial institutions and also government agencies to trick people into divulging their private information.

Google's blacklist has a fair number of spoof websites that Yahoo hosts. Security researcher Michael Sutton discovered that these sites try to fool surfers into declaring their Yahoo login particulars. Anti-phishing technology within the Firefox 2 browser uses information from that list. So does Google Toolbar for Firefox.

Sutton also discovered that 83 percent of the sites from the list no longer exist. phishing websites yield very fast turnover as akin to their nature. However, initiatives such as Google blacklist definitely assist CERTs and other protectors of Internet to detect and eliminate bogus websites more easily and quickly.

A majority of the websites detailed in the list takes help of social engineering tactics. Spam mails encouraging these sites that often pretend to be security verifiers from known online firms, attempt to dupe users into surrendering their login credentials. Michael Sutton, however, found that there were few websites that used software flaws to seize passwords from users.

Sutton further said that this week his team got notice through a 'full disclosure mailing list' that Google's blacklist unwarily included usernames and passwords. Google has rectified the problem, although it did not respond to Sutton's queries about this issue. Sutton's group guesses that such data was swiped from users' computers through keylogging Trojans. These trojans post the captured results on the Net so that hackers can subsequently dig them out.

As phishers are more equipped to harvest public information, phishing attacks will become more widespread. Moreover, these personalized attacks will be even more dangerous than those prevailing at present.

Related article: Google Rectifies Gmail flaw in Three Days

ยป SPAMfighter News - 1/10/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page