What we now know about phishing websites

Опубликовано 7 сентября 2016, 17:20

We have been studying phishing websites since early 2007, finding out how long it is before they're removed, and gathering all sort of other statistics. We can now explain why our lifetime measures exceed what the industry expected; we understand how some of the vulnerable sites are found by attackers -- and we can explain why the same sites are re-compromised again and again. We can compare takedown times for phishing with how long other types of illegal site remain available, and use security economics to explain the results. We can even demonstrate weaknesses in various community approaches to dealing with phishing, and tell the police which attackers are worth concentrating on. There's an awful lot we still don't understand, and we're still reinterpreting what we thought we knew last year! But this talk will get you up to speed on what (we think) we know in the Summer of 2009.This is joint work with Tyler Moore.