Yesterday we announced our collaboration with RSA, The Security Division of EMC, in which we now provide real-time phishing data to the RSA® FraudActionSM Anti-Phishing Service to further help prevent online fraud and identity theft. The phishing data includes URLs that we detect in real time following analysis of billions of Internet transactions.
Aside from the traditional “dedicated” phishing sites, we also detect sites that have been hidden within legitimate sites. In our Q1 2010 trend report we provided statistics for these in the section entitled “Compromised websites – Categories infected with phishing.” As described in the trend report, these legitimate sites infected with phishing are generally not changed in any obvious way. The phishing page is added by a hacker – unbeknownst to the site owner – and the link to the page is then inserted into phishing emails. The screenshots below show a recentexample identified by the Commtouch team of a legitimate site that is unknowingly hiding a Bank of America phishing page.
Phishers gain several advantages from this ploy:
- The legitimate site name lends legitimacy to the link
- The phishing page is hosted for free
- It usually takes several days or more to detect and remove the page