Examining the blacklist that Google
maintains has revealed some interesting, but not all that surprising, information on common phishing tactics. Of all the scam sites that have been blacklisted, nearly two-thirds
are composed soley of scams revolving around eBay, PayPal and Bank of America. eBay and PayPal are rather self explanatory, being some of the most popular sites that involve money transfer and being so user-driven. Even more interesting, it seems many sites hosted on Yahoo servers try to steal Yahoo login information:
Security researcher Michael Sutton also discovered that Yahoo! hosts a significant number of bogus websites - as identified by Google's blacklist) - that try to trick surfers into handing over Yahoo! login credentials. Information from the list is used by anti-phishing technology within the Firefox 2 browser and by the Google Toolbar for Firefox.
To top it all off, a bit of irony in the fight against phishing, the blacklist that Google made available accidentally contained usernames and passwords at first, though it was quickly corrected. A great way to start 2007!