Home / News

$300 Million Annual Loss Due to Non-Cooperation in Fight Against Phishing

During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when “take-down” companies—often hired by Banks—are unaware of the site. “On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days,” says Richard Clayton in a related blog post.

Today’s presentation was based on a paper titled “The consequence of non-cooperation in the fight against phishing,” by Tyler Moore from Center for Research on Computation and Society, Harvard University and Richard Clayton from Computer Laboratory, University of Cambridge.

The following abstract from the paper provides further background on main findings:

“A key way in which banks mitigate the effects of phishing is to have fraudulent websites removed or abusive domain names suspended. This ‘take-down’ is often subcontracted to specialist companies. We analyze six months of ‘feeds’ of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware of them, or only belatedly learns that they exist. We monitored all of the websites to determine when they were removed and calculate the resultant increase in lifetimes from the take-down company not knowing that they should act. The results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs. We analyze the incentives that prevent data sharing by take-down companies, contrasting this with the anti-virus industry—where sharing prevails—and with schemes for purchasing vulnerability information, where information about attacks is kept proprietary. We conclude by recommending that the defenders of phishing attacks start cooperatively sharing all of their data about phishing URLs with each other.”

Related Links:
Non-cooperation in the fight against phishing (Researchers’ related blog post)
The consequence of non-cooperation in the fight against phishing (PDF draft of the paper)
Researchers urge anti-phishing companies to share data (Virus Bulletin)
eCrime Researchers Summit

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com


Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign