NEWS FROM THE LAB - Monday, September 17, 2007

How to Find Phishing Sites Posted by Mikko @ 10:48 GMT

So you want to search for active phishing websites via Google?

You could start off with a simple search parameter like – inurl:paypal

Paypal Phishing

You'd get way too many results, and vast majority of them would be legitimate sites.

But if you kept scrolling down, you would eventually find this:

Paypal Phishing

Hmmm… paypal-account-protection.com? Sounds phishy.

Paypal Phishing

Indeed, it's a live phishing site, located in the /eg/ directory of the site.

Now, let's have a look at the front page of the site.

Paypal phishing

Who would have guessed? "209 host locked" – the telltale sign of a rock phish site.

So, let's refine our original search and now search for – inurl:paypal intitle:209

Paypal Phishing

I rest my case.