Trusteer: Blocking Phishing sites older than an hour is almost irrelevant
by Steve Ragan - Dec 4 2010, 08:10Trusteer’s CTO, Amit Klein, recently published some data based on research into the potency and time-to-infection of email-based Phishing attacks. The data is an interesting look into the lifecycle of a typical attack.
The bottom line is that most criminals are aware that nearly half of their victims will come to them within an hour of receiving a Phishing email. Within five hours, this total will expand to nearly 80 percent, closing at 90 percent after ten hours.
“The fact that so many Internet users visit a phishing website within such a short period of time means that blocking a phishing Web site - which is sometimes a cracked legitimate site - within this golden hour has become absolutely critical,” Klein wrote on the Trusteer blog.
Therefore, blocking a Phishing site after 5-10 hours is almost irrelevant, he added.
“As an industry, our goal should be to reduce the time it takes for institutions to detect they are being targeted by a phishing attack from hours to within minutes of the first customer attempting to access a rogue phishing page. We also need to establish really quick feeds into browsers and other security tools, so that phishing filters can be updated much more quickly than they are today. This is the only way to swiftly takedown phishing websites, protect customers, and eliminate the golden hour.”
Trusteer is known for their Rapport browser protection tool, which is used by dozens of financial institutions. The function of Rapport is to prevent drive-by-downloads and Phishing attacks. More information on the tool is here.
Comment on this Story