US: Biggest Phishing Host of All

It's official: The U.S. is the home of more phishing sites than anywhere else in the world, according to PhishTank's first annual report, released today.

PhishTank, a clearinghouse of phishing data run by OpenDNS that shares data with Mozilla, Yahoo! Mail, and other software firms, found that among the 300,000 unique phishing scams submitted to it from October 2006 to September 2007, U.S. service providers hosted the most phishing sites of all, reaching 43 percent during one month.

"This finding puts to rest the common misconception that foreign countries are wholly responsible for the originating of phishing scams," said David Ulevitch, OpenDNS's CEO in a statement. "Phishing is more of a United States problem than we’re led to believe."

Only in November of 2006 did the U.S. slip from the No. 1 slot, when South Korea surpassed it.

In a related announcement, PhishTank is now allowing network providers and organizations that have phishes hosted on their site to search for and disable them using a new Autonomous System Number (ASN) search on PhishTank's site that alerts participating companies in real time. The search service is also available via an RSS feed.

Meanwhile, PhishTank found that SBC (53,666); Comcast (28,016); and Roadrunner (25,925) by far led the pack of network providers hosting phishing sites. There is about one unique phishing scam launched every two minutes, according to PhishTank's numbers.

Other key findings: Eighteen percent of verified phishing sites are hosted on only three IP addresses, and ".cn" sites (China), have four of the top five Websites with the most (valid) phishing schemes.

And as always, PayPal and eBay are still at the top of spoofed brands, with 31,719 and 31,718, far ahead of the No. 3 and No. 4 spoofed brands, Barclays Bank PLC (6,515) and the Bank of America Corporation (5,727).

— Kelly Jackson Higgins, Senior Editor, Dark Reading