Meaningful statistics provided for few fraudulent domains

Oct 11, 2014 21:27 GMT  ·  By

The general belief is that website ranking systems do not provide scores for malicious domains; but fraudulent URLs sometimes manage to gain just enough popularity to receive a score from such services.

A team of researchers from a cyber intelligence company called Cyveillance made an experiment to see if Alexa ranking system indexes domains involved in phishing. After crunching the numbers, they found that “the likelihood of a domain having a phishing attack and having an Alexa score between 0 and 100,000 is 0.2%.”   A rough translation of the percentage means that almost none of the websites ranked by Alexa with a score up to 100,000 are involved in phishing attacks. This score limit has been chosen because there is not enough data available to make rankings above it statistically meaningful.   According to Cyveillance, a set of 2,000 randomly selected URLs was used for the experiment; they were collected over a period of one year, between September 2013 and September 2014. Of these, 493 were popular enough to receive a score from Alexa.   “The best Alexa score in the pack of the 2,000 randomly selected domains was 215. The worst was 19,133,355,” said Cyveillance researchers in a blog post. The score indicates increased popularity, which would ensure a larger number of victims.   The information gleaned from all this is that although a website with a good Alexa score is less likely to pose a phishing threat, exceptions still exist.