Internet research organization Netcraft released its new phishing attack map that shows a real-time visualisation of the phishiest countries in the world. By using IP address delegation information, Netcraft was able to attribute current phishing sites in its Phishing Site Feed to countries. Netcraft use the number of active sites found by their Web Server Survey to calculate and display the ratio of phishing attacks to web sites in each country. Below is the analysis by Netcraft.
A few themes become immediately apparent when studying the map. Countries with poor internet access may host very few phishing attacks, or even none at all, and therefore may appear very safe; however, countries with an extremely small number of websites can prove very volatile: For example, the Falkland Islands appears incredibly phishy by virtue of the fact that out of only 38 active sites hosted in that country, one of them is currently blocked for phishing.
Countries which respond slowly to taking down phishing sites are more likely to have a higher proportion of their sites engaged in phishing at any one time. As the map displays only currently blocked phishing attacks, this characteristic is highlighted particularly well in Morocco, which is the second phishiest country with nearly 200 of its 11,000 sites blocked.
Fraudsters commonly host their phishing sites on compromised servers, as this does not require a purchasing transaction, making it more difficult to correctly identify the perpetrators. Shared hosting services tend to be the least secure, so countries with a large number of sites running on shared hosts are likely to attract the attention of fraudsters.
Countries which host a large number of vulnerable and commonly targeted web applications consequently host a large number of phishing attacks, notwithstanding their responsiveness to takedown requests. This perhaps explains why the US appears phishier than either Russia or China, and some US hosting companies host more phishing attacks than entire European countries, as they provide proportionately more WordPress and hosting control panel administered sites, plus shared IP hosting configurations that allow customer content to be accessed from any domain that resolves to the same IP address. Our datasets show that these are the most favoured platforms for hosting fraudulent content on compromised servers.
From Netcraft report, there's increase in Phishing attacks using attached HTML forms to steal victims' credentials. It's more and more hard for novice to judge such tricks because of it's professional. But it's good news if you're using firefox or chrome, Netcraft developed a Anti-phishing extension for both explorers. It's highly recommended extension for everyone. It will monitor the web security in real time and their database is being updated every day.