Phishing costs business millions of dollars every year, and the phishing landscape is continually changing. Phishing criminals are constantly changing their methods of gathering personal information for their own financial benefit.
Site Takedown has spent over 10 years tracking and taking down phishing content, and we are very good at it. We are here to help you locate and remove malicious content from the internet on your behalf. Depending on the subscription level that you have signed up for, we can do everything from simple one off take downs to search and destroy missions on phishing sites.
We are so confident that we can get your content removed that our higher packages offer you a service level agreement (SLA) for phishing takedowns.
If the content is not removed within the SLA time, the takedown will be on us. Don’t worry, we will still continue with the takedown, we will just refund you the takedown credit. See service level agreements for more information.
Once we have had the content removed, we will continue to monitor the page. If we notice that the same attack returns, we will pick up the takedown again and continue on with the takedown for that content at no additional charge.
Types of Abuse
Phishing
Phishing attacks generally consist of contacting a large group of people, while impersonating a legitimate business or company. The phishing content then tries to gather personal information from the receiver, whether it be name, email, login or bank details. Phishing attacks generally contain generic messages or a message that warns the recipient of a security vulnerability or account issue, which requires the user to login.
Spear Phishing
Similar to general phishing, spear phishing is an attempt to gather information. Unlike general phishing, spear phishing is more targeted at the receiver. The message will generally contain a personalised message that has been tailored for the recipient. Spear phishing attacks have been becoming increasingly popular with phishers as they are generally more likely to trick someone into giving over personal information.
Whaling
Whaling is very similar to spear phishing, it is generally a target message to an executive or senior management within a business; hence the name. These types of attacks generally come in the form of an official letter or document, like a subpoena or a message from a government department. The phisher here is hoping to gather information about the business, or the executive individual that can then be used for financial gain.
There are a number of different ways that a phishing attack can occur. The most common attack is hacked website, however there are also instances when a website has been setup solely as a phishing domain.
Hacked Website
As the name suggests a hacked website, is a website that has been compromised and the malicious content has been uploaded. There are a number of different ways that someone can gain access to a website illegally. The most common hack is through a website plugin, or content management system vulnerability. This occurs when a plugin or content management system release an update to the software however the website owner forgets to install the latest update. When this happens, the website is open to known vulnerabilities with that software version. Often site owner’s of hacked websites have no idea the site has been hacked, as the phishing pages are put deep within their website directory structure, and the hackers do not modify the normal site content.
Phishing Domain
A phishing domain is a website that has been setup for the sole purpose of hosting phishing content. These websites are generally created with fraudulent information. In these situations it can be hard to have the content removed because the site owner is the one that setup the content. There is also a high probability that these domains are hosting a number of different phishing sites. Site Takedown has formed relationships with hosting providers and domain registrars so that we can work with them to have these fraudulent accounts removed.