An Empirical Analysis of the Current State of Phishing Attack and Defence

Banks and other organisations deal with fraudulent phishing websites by pressing the hosting service providers to remove the sites from the Internet. Until they are removed, the fraudsters will learn the passwords, personal identification numbers (PINs) and other personal details of the users who are fooled into visiting them. We analyse empirical data on actual phishing website removal times and the number of visitors that the websites attract, and conclude that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. We also identify a subset of phishing websites (operated by the ‘rock-phish’ gang) which through architectural innovations have extended the average lifetime of their phishing websites.