PayPal and Facebook Were the Most Phished Sites of 2010

PayPal and Facebook were the most spoofed websites in phishing attacks during 2010 according to statistics from OpenDNS' PhishTank system.

In its annual report for 2010 [pdf], OpenDNS, a provider of DNS, Web content filtering and anti-phishing services, revealed that PayPal remains the most attractive target for phishers by far.

The  e-payment service owned by eBay was spoofed in 45.9% of all phishing attacks validated in the PhishTank database.

That's nine times more than the next most popular target, Facebook, which accounted for 5.3% of fake sites.

HSBC Group came in third with 4.1% and was followed by World of Warcraft (3.2%), Internal Revenue Service (3%), Bradesco (1.9%), Orkut (1.7%), Sulake Corporation (1.5%), Steam (1.2%) and Tibia (1%).

PhishTank is a community-moderated database of phishing sites and is commonly used by Web filtering solutions. Users can submit suspect URLs and other people can validate them by voting.

As far as location goes, OpenDNS found that the majority of phishing sites, over 60,000, or about 54%, were hosted in the United States.

Germany came in second, being home to 6.3% phishing sites, while Canada, the United Kingdom and France followed, with 5.2%, 4.8%, and 3.5%, respectively.

The rest of the top ten was completed by Russia (2.9%), China (2.8%), South Korea (2.8%), Italy (2.5%) and the Netherlands (2.4%).

Last month PhishTank users reported a total of 9,927 suspect URLs, out of which 5,515 were validated as phishing sites by the community. The median time to verify submissions was 3 hours and 22 minutes and a total of 35, 016 votes were recorded.

The most common target was PayPal with 4,329 confirmed phishes. It was followed by Sulake Corporation with 752, Facebook with 334, World of Warcraft with 284 and HSBC with 168.