Monday, September 17, 2007

PayPal and Ebay Phishing Domains

As I needed another benchmark for a creative typosquatting next to my best finding of this World of Warcraft domain scam, I stumbled upon the following list of domains, where the most creative domain squatting is done solely for the purpose of including the domains within a typical phishing scam URL structure. Some of the domains are actual Rock Phish ones that are currently hosting live phishing campaigns :

paypal-online-account.com
paypal-user-update.com
paypal-support1.com
paypal-account-protection.com
paypal1-login.com
paypal-accounts-update.com

Some "creative" ones to be abused :

paypal-aspx.com
paypal-cgi3.info
paypal-cmd.com
paypal-comlwebscrc-login-run.com
paypal-confirmation-id-0746795.com

And since PayPal is actually EBay after the acqusition, here're some "creative" Ebay domain scams as well :

ebay-com-isapidll.com
ebayisapidll-cgi.com
ebayisapidllaw2.com
ebayisapidllu.com

Authentication itself seems to be a priority as the customer must possess a tangible proof that her transactions' security is somehow enhanced by a layered authentication, no doubt about it. But with phishers actively using a "push" model that is starting to visually social engineer the customers by registering domains imitating PayPal and EBay's web application structure, authentication itself shouldn't be a priority number one the way it is for the time being as phishers are not even trying to bypass it.

Stats courtesy of the Anti-Phishing Working Group.