We track major domains being exploited by active phishing scams, as part of our site legitimacy testing process. Until three days ago, that list had from 25 to 50 domains on it. In the last three days, the number of domains being exploited has doubled. As of today, we’re at 96 major domains, each of which is hosting at least one phishing page.
The new phishing pages cover a wide range of financial institutions around the world. We’re seeing Canada Trust, the Austrialian tax authorities, banks in Greece, Italy, South Africa, and India, along with the usual targets – Bank of America, HSBC, and PayPal. This has been reported to US-CERT.
Domains containing phishing pages receive SiteTruth’s lowest rating for the entire domain. This encourages sites to be proactive in securing their site.
This particular attack seems to have abated. We’ve been nagging a few sites into cleaning up more aggressively, and our list is now down to 42 entries.