Study finds hosting providers offer phishing paradise

Share this article:

Hosting providers are the new target for phishing attacks, according to a study released Thursday.

The Anti-Phishing Working Group (APWG), an international consortium that serves as a clearinghouse for phishing attacks, reported its findings from the second half of 2012. It found that 47 percent of all phishing attacks involve shared web hosting, like WordPress or Joomla.

Rod Rasmussen, co-chairman of the APWG's internet policy committee and the CTO of security firm Internet Identity, said phishers typically compromise one person's website, and they use "various tricks" to gain access to the main web server, which yields a universal directory of sites hosted as part of that shared server space. Then, using some commands, the attackers are able to install a phishing page on every one of those trusted sites.

"All you need to do is to get into one account on the server, and you can compromise the rest," Rasmussen said.

Saboteurs prefer this tactic because it helps them avoid detection.

"It often passes the muster through the anti-spam vendors because the domain [the phishing page is] appearing on has been around for a while and has a decent reputation, " he said.

Rasmussen said companies like WordPress can help users avoid this fate by enforcing strong passwords and providing regular updates.

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.