Application security, Incident Response, Malware, Phishing, TDR

eBay, U.S. source of most phishing scams


PayPal and eBay are easily the most common brands used in online scams, a PhishTank report reveals.

The inaugural report – based on the end-user submission of almost 300,000 emails believed to be phishes – shows PayPal and its parent eBay served as the lure in 63,437 verified phishing emails.

PayPal was spoofed in 31,719 emails, while the eBay name was faked in just one fewer email, according to the report from PhishTank, a community-based anti-phishing service. U.K.-based Barclays Bank came in a distant third, with 6,515 verified phishes spoofing the brand. Bank of America (5,727) and Fifth Third Bank (4,191) rounded out the top five.

Perhaps the more surprising data from the report revealed that the United States hosts the most phishing attacks, tallying about 30 percent of the total. South Korea and China ranked second and third, respectively.

"Most of the phishes that we get submitted tend to be hosted in the United States, even if the domain names end in different country codes," David Ulevitch, chief executive officer of OpenDNS, which operates PhishTank, told today. "The phishing site is typically hosted by a residential cable or DSL company based in the United States."

SBC Communications marked the internet service provider (ISP) hosting the most phishing emails, 53,666. That nearly doubled the number of phishes hosted by Comcast (28,016) and Road Runner (25,925), the next closest telecom offenders.

The report underscores the need for ISPs to help stem the phishing problem, Ulevitch said.

"They're being bad internet citizens," he said.

ISPs must better implement network monitoring solutions that will alert them when, for example, a user is suspiciously sending out thousands of emails from their cable modem.

"I'm not talking about spying on user data, but there are ways to look at it on a higher level to determine what a baseline of traffic looks like on your network and then detect anomalies," he said.

Representatives from SBC did not return a call for comment. Comcast high-speed internet spokesman Charlie Douglas told that the company takes its "responsibility to provide a safe and secure network very seriously."

Measures include notifying customers when their PCs are taken over by hackers to host phishing sites; deploying the latest technology to manage Comcast networks and offering subscribers free security solutions, Douglas said.

"We know that security is one of the top three reasons why customers choose Comcast," he said.

Of the 299,084 total submissions to PhishTank, 8,760 turned out to be invalid, and 70,099 were unable to be verified, according to the report. In some cases, sites were taken down before volunteers at PhishTank could analyze the submissions, Ulevitch said.

That left 220,225 legitimate phishes from 5,448 submitters.

Along with the report, PhishTank announced a potential solution for organizations facing brand damage due to phishing.

Companies and network providers are invited to visit the PhishTank site and enter either their name or their autonomous system number (ASN), a globally assigned number for a group of IP networks, to learn whether fraudsters are exploiting their good name.

Organizations and ISPs are also encouraged to join a free RSS feed through which PhishTank will alert them of the latest phishes impacting their brand.

"This way they can pull down a feed of alerts whenever they want," Ulevitch said. "It gives them as much information as they need."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.