ย  WEBINAR: Watch Netcraft's latest deep dive into P2P messaging scams like never before. Watch now ย 

Resources > Blog > Honeynet Reports on Traffic to Phishing Sites
Rich Miller

Honeynet Reports on Traffic to Phishing Sites

The data from The Honeynet Project, which monitors activity on hacked computers, suggests that bank customers may exercise somewhat greater caution than PayPal users when presented with fraudulent electronic mails. Phishers’ behavior reinforces this assumption, as eBay and its PayPal subsidiary are far and away the most frequent targets in those attacks reported by the Netcraft Toolbar community. But the steady traffic to scam sites demonstrates that a significant number of bank customers are still being tricked by bogus e-mails.

While social engineering tactics continue to yield click-throughs, phishing operations are becoming even more nimble in deploying scam infrastructure across networks of compromised servers, using automated attack tools and prepackaged spoof sites to speed their work.

“We have observed pre-built archives of phishing web sites targeting major online brands being stored, ready for deployment at short notice … (and) propagated very quickly through established networks of port redirectors or botnets,” the report noted. “Web traffic has been observed arriving at a newly compromised server before the uploaded phishing content was completed, and phishing spam sent from one compromised host does not always appear to advertise the sending host, which again suggest it is likely that distributed and parallel phishing operations are being performed by organised groups.”

The banking industry and online retailers have emphasized customer education in their response to phishing. But the persistent traffic to scam sites underscores the importance of additional proactive defensive measures to protect customers from their own bad habits and the technical innovations of phishing scams.

Netcraft provides a range of tools and services to protect businesses and individuals from phishing scams and accompanying financial losses, including the Netcraft AntiPhishing Toolbar, an Open Redirect Detection Service to locate web site weaknesses that can be exploited by phishers, and the Phishing Site Feed – a list of phishing sites available as a continuously updated feed suitable for ISPs, hosting companies and enterprises that operate mail servers and web proxies.