Cooperation improves phishing takedowns. No surprise.
When we examined our data more carefully we found that we were receiving �feeds� of phishing website URLs from several different sources � and the �take-down� companies that were passing the data to us were not passing the data to each other.
So it often occurs that take-down company A knows about a phishing website targeting a particular bank, but take-down company B is ignorant of its existence. If it is company B that has the contract for removing sites for that bank then, since they don�t know the website exists, they take no action and the site stays up.
Since we were receiving data feeds from both company A and company B, we knew the site existed and we measured its lifetime � which is much extended. In fact, it�s somewhat of a mystery why it is removed at all! Our best guess is that reports made directly to ISPs trigger removal.
Link here.
Alex Eckelberry
(thanks, Jose)
No comments:
Post a Comment