• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Research

The phish that almost duped PhishTank. Almost.

By Allison Rhodes
Posted on September 28, 2011
Updated on March 6, 2020

Share

Facebook0Tweet0LinkedIn0

OpenDNS runs PhishTank.com, the largest clearinghouse of phishing data on the Internet. So we’re often the first to see new, particularly sneaky phishing attacks. The one we’re sharing with you today is both of those things.
At the surface, this scam looks like hundreds of thousands of others we’ve seen over the years. It impersonates an HSBC Bank website and encourages people to enter their login credentials, which would then, presumably, be stolen and used nefariously. While any kind of phishing is gross, it’s what’s happening behind the scenes here that’s particularly alarming.
Simply put, the scam actually turns 404 errors into phishing websites. So this phishing website returned 404 headers to your browser, which normally tell your browser that the website you’re trying to load is down or can’t be found. Instead of saying a page couldn’t be found, their “error” page just looked like HSBC Bank’s website to visitors.
Verified Phish
The reason this is especially crafty is that it completely circumvents one of the primary ways PhishTank tests if a phish is still live and functional, which is watching for 404 errors. Normally a 404 would only be returned after the offending website was fixed, indicating the content is no longer available. However, a website administrator can put whatever content they want on their 404 error page. This is exactly what we saw happen. By returning a 404 error, but still rendering the phish, the website administrator avoided being caught by Phishtank. But not for long.
Our exceptional community of security researchers, IT professionals and academics, quickly identified the phish and verified it, blocking it for more than 30 million people around the world instantly. And OpenDNS engineering is working now to update the way PhishTank works to make sure we catch these types of phishes without delay going forward.
The moral of the story here, and the moral to every story about Internet security: the bad guys are crafty and constantly trying new ways to trick Internet users. Security companies like OpenDNS need to be vigilant and work with the security community to quickly react to threats and always stay ahead of the bad guys. You can bet we will continue to do just that.
Update: The phishes referenced in this post were submitted by PhishTank community member Michael Molsner, who works for Kaspersky Lab.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella