Anti-phisher community: Initial scores
Phishtank, an online community site, has released its inaugural set of phishing statistics for the month of October. Phishtank collects users' reports on phishing servers and fraud attempts. Among other methods, the data is collected through OpenDNS, a server that works like a filter placed in front of the official root-name server, but which does not affect the recognised name space. The OpenDNS servers attempt to recognise requests from known phishing servers and redirect OpenDNS users onto warning pages.
Phishtank received 7,061 reports in all in October, with 3,678 providing proper notification about fraudulent sites. The Phishtank community members cast 93,531 votes evaluating reported sites in all. In only 878 cases was the suspicion of phishing found to be unwarranted. No evaluation was possible for the remaining 2,505 reports, since the related pages disappeared quickly off the web. Yet Phishtank's initiators see the community's evaluative prowess as quite speedy as well: it took 18 minutes on average for an evaluation to be made as to whether a site was phishing or not.
The statistics contain top ten lists of URLs used by the tricksters, the servers they used, and their most common targets. Customers of the UK's Barclays Bank PLC ranked third in an international comparison of most common phising targets. As would be expected, eBay and PayPal occupied the top two positions. The lion's share of phishing servers are found in the USA and South Korea, the statistics show. Symantec came to similar results in its semiannual Internet Threat Report.
- Stats October 2006, Info from Phishtank