There aren’t THAT many phish in the sea, more on phighting phishing
The last post, I got sidetracked into another idea as I was doing a google search. Not uncommon. OK, what I was curious about is how many phishing sites are estimated to be “in the wild” at any given moment threatening to defraud viewers? Well, my search did turn up an interesting report.
According to The American Bankers Association there are less than 3,000 phishing sites active at any one time. *(2600 is one number they give, their chart goes as high as 2900). For one person to fight, 3000 is a lot. For instance, if I manage to get this 3rd phishing site down, then I will have helped get .1 percent of all phishing sites shut down. All I have to do is repeat that 1000 times and, in theory, they’ll all be shut down. Sounds overwhelming. How many tech savvy people are there out there that can identify the places to complain to? Maybe a few hundred in each state? More? A thousand or so in each state? More in some areas than others, so maybe 50,000 in the US?
I know, I don’t have too many people viewing through here, but I think it might be possible to really make it difficult for phishers to succeed if everyone capable of identifying the fraudulent address reported it. For that matter, many financial institutions have addresses set up to receive copies of the fraudulent messages meaning that those that aren’t as into reading message body text and looking up ipblock owners can take part as well.
So, the next time you get a phishing email, report it to the financial institution. If you know how to decipher where the site is hosted and can find the abuse contacts for them and or their service provider, report it to them and the financial institution being targetted. You never know who you might be helping out, your neighbor, parents, grandparents or just an unsuspecting stranger.