Dec 3, 2010 18:09 GMT  ·  By

An experiment performed by secure browsing solutions provider Trusteer revealed that 50 percent of people who fall victim to a phishing attack, do so during the first 60 minutes.

The study tried to measure the potency of email-based phishing attacks and the critical 60 minutes window was dubbed by Trusteer’s researchers as the “golden hour.”

Additional findings showed that after five hours the number of users affected by any phishing attack will exceed 80 percent and in ten hours, 90.

The fact that so many Internet users visit a phishing website within such a short period of time means that blocking a phishing Web site - which is sometimes a cracked legitimate site - within this golden hour has become absolutely critical,says Amit Klein, chief technology officer at Trusteer.

Mr. Klein claims that it usually takes over an hour for most phishing campaigns to be identified by security vendors and added to theor URL filtering solutions.

And even then, the campaign itself is not over because the takedown of a phishing domain can take much longer.

The most common anti-phishing protections today take a blacklist approach, in which case the speed with which the lists are updated is very important.

As an industry, our goal should be to reduce the time it takes for institutions to detect they are being targeted by a phishing attack from hours to within minutes of the first customer attempting to access a rogue phishing page.

We also need to establish really quick feeds into browsers and other security tools, so that phishing filters can be updated much more quickly than they are today,” the Trusteer CTO writes.

Fortunately, the good news is that judging by reports from recent months, the number of phishing attacks has declinn considerably.

Even the Avalanche gang, which at one time was responsible for half of phishing attacks on the Internet, has moved to using banking trojans instead.