Dead Phish: An Examination of Deactivated Phishing Sites
- ORNL
Efforts to combat phishing and fraud online often center around filtering the phishing messages and disabling phishing Web sites to prevent users from being deceived. A couple approaches can be taken to disable a phishing site: 1) eliminate the required DNS records to reach the site or 2) remove the site from the machine itself. While previous work has focused on DNS take-down efforts, we focus on determining how long a phishing site remains on a machine after the DNS records have been removed. We find that on the day a site is reported, as many as 56% of phishing sites remain present on the hosting machines even after the DNS records have been removed. While many of these sites are removed within a few days, the DNS caching behavior at ISP resolvers may preserve the phishing site accessibility until the phishing site itself is completely removed.
- Research Organization:
- Oak Ridge National Laboratory (ORNL); Center for Computational Sciences
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 984774
- Country of Publication:
- United States
- Language:
- English
Similar Records
Touring DNS Open Houses for Trends and Configurations
The Open High Throughput Computing Content Delivery Network