OpenDNS’s PhishTank Kicking Ass and Taking Names
OpenDNS’s PhishTank just made their stats for November public and the results are great. There have been over 93,000 votes by PhishTank users to validate 9,628 phishes out of 18,130 phishes submitted. PhishTank, which I covered thoroughly on their October 2nd launch, is a free community where anyone can submit, verify, track and share phishing data. Developers love PhishTank as it lets them access PhishTank’s phishing data through an open API. In fact, PhishTank was used by Mozilla to compare phishing protection in Firefox 2.0 to Internet Explorer 7.
South Korea hosted the most phishing sites at a whopping 39% with Barclays Bank, PayPal, eBay, Fifth Third Bank and Wells Fargo being the overall most popular targets.
While speed is the #1 benefit of OpenDNS…I have to say that PhishTank is a very close #2.
What surprises me, however, is the failure of Europe (East and West), Russia and the African continent to make a meaningful contribution to these statistics. I am sure that there are many smart scam artists in all of these areas…in fact, I am still receiving offers from supposedly wealthy families in the Ivory Coast to “help” them move millions of dollars of money.
Some questions for the PhishTank folks (or you, Paul):
Is the lack of representation in these areas due to more effective policing efforts? Or, is PhishTank not as effective at identifying sites from these areas? Or, are the country sizes so small that contributions from these countries are less noticed on a country-by-country list (not that South Korea is all that big)?
Jerry,
You are absolutely correct that other areas are responsible for the phishing scams just as much, and in some cases more than the countries listed. What the world map represents is where the most phishing sites are HOSTED. This doesn’t mean it’s where the target (ebay, paypal, etc) are and it also doesn’t mean it is where the spammer/phisher sent the email from.
When you look at it from that sense, it’s nor surprising. South Korea, China, and The United States of America all have relatively dense broadband deployments, datacenters and connectivity. When a phisher compromises a server (or buys one with a fake credit card from a hosting company) it’s not too surprising that it’s from one of these locations.
Does that help explain that statistic a bit better?
Thanks for the good feedback and questions!
-david ulevitch
David: Exactly the response I was looking for. Thanks. — Jerry
Ha - maybe this is related to the DDOS attack they’ve been getting this weekend. Presumably, their efforts are having an impact on the phishers.
Scott,
The DDoS attacks have been targeting EveryDNS and not OpenDNS or PhishTank. In fact, PhishTank doesn’t even use EveryDNS.
Maybe their actions are an attempt to distact me though, that’d be a bit too intelligent for a DDoS’er though. Remember, they are already breaking the law and in most cases are pretty easy to arrest these days, even internationally. :-)
-david
So why is it that I keep getting spoof paypal emails with a “update info” link that goes to phistank?
Chris,
What? Please forward to me! :-)
Do you have the PhishTank SiteChecker plugin installed with Firefox? Are you using Opera? Both of those use our datasets and sometimes link back to our phish detail page.
Thanks…
-david