Select Page

Phishing attacks are getting sophasticated everytime. Recently, phishers become very creative in detection mechanisms. In a recent attack phishers modified the .htaccess file to deny access from specific IP addresses while they were using a known phishing kit. Over a period of time it will become known to the world, especially the attackers, which service provider helps your organization in anti-phishing service. Being in the phishing business these attackers are very well aware of the IP addresses used by these anti-phishing companies

In the new trend, by denying the access to the phished pages by using access list in the .htaccess page, the service providers are typically blind about the status of the phished site. It is interesting to see that the attackers are blacklisting the security companies so that an incident response analyst checks the site, the attack will look like offline.

Tips for corporates

  • Do not disclose the details of the anti-phishing service provider publicaly
  • Change the anti-phishing provider periodically
  • To check the status, do not rely only on the service provider
  • Communicate with your service provider to use the public proxies for checking the status

Service Providers

  • Use anonymisers for browsing the phishing sites so that you wont leave the trace at the site
  • Do not use your publicaly announced IP addresses for checking the attack status