How to Fish for Phishing Sites

F-Secure had a nice little post on finding phishing sites, sites that masquerade as other sites in hopes of getting you to “login”, allowing them to collect your login info, they usually then send you to the real site, where you have to login again, for the first time.

Phishing sites are easy to locate once the bad boys start spamming out thousands of mails linking to their site. But how can such sites be found before that?

Here’s an example.

You can subscribe to alert services that will let you know when a new domain with certain keywords has been registered. Domaintools is one such service. Source: How to locate new phishing sites

They include some screen shots, and other things to look for. They also noted in another post, how lots of sites are actually flash sites, to make it harder for anti-phishing tools to detect them.

We’ve now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.

Two recent examples, both targeting PayPal: www.ppal-form-ssl.com and www.welcome-ppl.com. Source: Flash Phishing