As fraudsters continue to target their victims with increasingly elaborate phishing sites, the surprise appearance of anti-phishing vigilantes is now hampering their operations.
A PayPal phishing site recently reported by the Netcraft Toolbar community was promptly taken down; not by the hoster or law enforcement agency, but seemingly by a vigilante with an interest in disabling such sites and protecting innocent web users:
The phishing site was replaced with a warning page, created with the open source OpenOffice.org suite on Windows. The identity of "sickophish" is not known, nor is it known how he gained access to the web server to perform the act of vigilantism.
Phishing sites are commonly found hosted on compromised web servers, where lack of security allows fraudsters to access machines and upload phishing content. If a fraudster exploits these security weaknesses without subsequently securing the machine, then online vigilantes are just as likely to exploit the weaknesses to go in and replace the fraudulent content.
Another phishing site – this time imitating NatWest Bank in the UK – was recently defaced by The Lad Wrecking Crew, which has been involved in several previous defacements and even offers a selection of desktop wallpapers that can be placed on "captured" phishing sites.
Typical messages added to captured sites include, "Were you looking for the bank that was supposed to be here? We trashed it because it wasn't real," continuing with, "You could have lost thousands of dollars of your hard-earned life-savings! There is no need to thank us, really."
While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged.
Netcraft provides a free anti-phishing Toolbar which offers protection against phishing sites, as well as providing the opportunity to report new phishing sites. So far this year, the Netcraft Toolbar community has reported over 6,600 different phishing sites, and this list of sites is also available as a feed suitable for integration with web proxies and mail filters.