New Incentives for Phishing Site Reporters

As of 1st January 2009, the Netcraft Toolbar community has blocked 1.9 million phishing attacks. To provide an incentive for the community to send us reports of phishing sites, reporters now receive the following goodies from Netcraft:

Netcraft Mug(after 100 validated phishing reports)
Netcraft Polo Shirt(after 400)
Targus Laptop Backpack(after 1,000)
Top of the range iPod(after 4,000)

To report phishing sites to us, use the form at

Upon reaching 4,000 you become eligible for a monthly competition to incentivise large reporters.

To track the progress, we have a leaderboard displaying the people with the largest number of accepted reports so far this month, identified by their first names to preserve their anonymity.

The Netcraft Toolbar, which is available for both Internet Explorer and Firefox, serves as a giant neighborhood watch scheme for the Internet: members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.

Looking back at 2008, Netcraft has seen phishing attacks evolve, with fraudsters using progressively sneakier tactics:

  • October 2008 saw an attack against Yahoo! which was used to steal authentication cookies from its users. The cross-site scripting vulnerability on Yahoo!'s own website allowed the fraudster to steal the details simply as a result of a victim visiting the page.
  • The two-edged nature of how browsers present Extended Validation (EV) SSL certificates was highlighted after a cross-site scripting vulnerability was demonstrated on This flaw would have allowed hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
  • Phishers branched out into telephone phishing. Victims were asked to phone a toll free number to reactivate their card.
  • Fraudsters found a cross-site scripting vulnerability on an Italian bank's website. This was used to orchestrate an attack against the bank, using its own HTTPS website URL.
  • Backdoored phishing kits have been deployed by criminal programmers wishing to reduce their workload by getting novice fraudsters to deploy the kits onto websites and send the phishing emails. Netcraft later reported a large range of different phishing kits being offered by the same group.