Examining the impact of website take-down on phishing

Banks and other organisations deal with fraudulent phishing websites by pressing hosting service providers to remove the sites from the Internet. Until they are removed, the fraudsters learn the passwords, personal identification numbers (PINs) and other personal details of the users who are fooled into visiting them. We analyse empirical data on phishing website removal times and the number of visitors that the websites attract, and conclude that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. The removal times have a good fit to a lognormal distribution, but within the general pattern there is ample evidence that some service providers are faster than others at removing sites, and that some brands can get fraudulent sites removed more quickly. We particularly examine a major subset of phishing websites (operated by the 'rock-phish' gang) which accounts for around half of all phishing activity and whose architectural innovations have extended their average lifetime. Finally, we provide a ballpark estimate of the total loss being suffered by the banking sector from the phishing websites we observed.

[1]  Robert E. Mullen,et al.  The lognormal distribution of software failure rates: application to software reliability growth modeling , 1998, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257).

[2]  Robert E. Mullen,et al.  The lognormal distribution of software failure rates: origin and evidence , 1998, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257).

[3]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[4]  Jonathan J. Oliver,et al.  Anatomy of a Phishing Email , 2004, CEAS.

[5]  Xiaotie Deng,et al.  Detection of phishing webpages based on visual similarity , 2005, WWW '05.

[6]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[7]  Daisuke Miyamoto,et al.  SPS: A Simple Filtering Algorithm to Thwart Phishing Attacks , 2005, AINTEC.

[8]  Lorrie Faith Cranor,et al.  Phinding Phish: Evaluating Anti-Phishing Tools , 2006 .

[9]  John S. Quarterman PhishScope: Tracking Phish Server Clusters , 2006, J. Digit. Forensic Pract..

[10]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[11]  L. Jean Camp,et al.  Reliable, Usable Signaling to Defeat Masquerade Attacks , 2006, WEIS.

[12]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[13]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[14]  Rob Thomas,et al.  The underground economy: priceless , 2006 .

[15]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[16]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .

[17]  Paul Ohm The Myth of the Superuser: Fear, Risk, and Harm Online , 2007 .