Abstract
Cybercriminals often spend considerable time preparing for phishing attacks, which surprisingly tend to last only a few hours. This short longevity is evident when older phishing links quickly become inaccessible, either taken down or flagged as malicious. While this benefits potential victims by shortening the effective risk period, it also poses a challenge for researchers aiming to track and analyze current phishing trends to develop effective countermeasures. Understanding the typical lifespan of phishing webpages is crucial for creating phishing data collection solutions. Our study involved monitoring phishing webpages from PhishTank and OpenPhish for three months while capturing their active/inactive status. Collected data had to undergo multiple steps - removing duplicate, incorrect, or non-relevant entries. The analysis focused on uncovering the phishing webpages’ longevity, while the summary offered key findings. The study reveals that phishing webpages have a remarkably short active lifespan, with significant variations in the ratio of active to inactive pages across different periods. The initial rapid decrease by \(\approx \)12% in active phishing webpages is notable, dropping from 65% to 53% within the first five minutes and less than 40% remaining active after 24 h.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anti-Phishing Working Group: Global phishing survey: Trends and domain name use in 1h2009. Tech. rep., Anti-Phishing Working Group (2009). https://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2009.pdf
Anti-Phishing Working Group: Global phishing survey: Trends and domain name use in 2h2014. Tech. rep., Anti-Phishing Working Group (2014). https://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2014.pdf
Chu, W., Zhu, B., Xue, F., Guan, X., Cai, Z.: Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing urls. In: IEEE International Conference on Communications (06 2013). https://doi.org/10.1109/ICC.2013.6654816
Cui, Q., Jourdan, G.V., Bochmann, G., Couturier, R., Onut, I.V.: Tracking phishing attacks over time. In: Proceedings of the 26th International Conference on World Wide Web Companion, pp. 667–676 (04 2017). https://doi.org/10.1145/3038912.3052654
FBI’s Internet Crime Complaint Center: Internet Crime Report 2022. Tech. rep., FBI’s Internet Crime Complaint Center (2022). https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
Kvet, M., Matiasko, K., Vajsova, M.: Sensor based transaction temporal database architecture. 2015 IEEE World Conference on Factory Communication Systems (WFCS), pp. 1–8 (2015). https://api.semanticscholar.org/CorpusID:19918990
McGrath, D.K., Gupta, M.: Behind phishing: An examination of phisher modi operandi. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (01 2008). https://api.semanticscholar.org/CorpusID:2069430
Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit 2007. vol. 269, pp. 1–13 (10 2007). https://doi.org/10.1145/1299015.1299016
Nationwide: September 2023 nationwide cybersecurity survey report. Tech. rep., Nationwide (2023). https://news.nationwide.com/download/bb78aae2-c720-4a7d-a6d8-423354c2cb53/cybersecurity-nationwidesurvey2023.pdf
Oest, A., et al.: Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 361–377. USENIX Association (08 2020). https://www.usenix.org/conference/usenixsecurity20/presentation/oest-sunrise
Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists. International Conference on Email and Anti-Spam (07 2009). https://api.semanticscholar.org/CorpusID:1048051
Skula, I., Kvet, M.: Domain blacklist efficacy for phishing web-page detection over an extended time period. In: Proceeding of the 33rd Conference of FRUCT Association, pp. 257–263 (05 2023). https://doi.org/10.23919/FRUCT58615.2023.10142999
Acknowledgment
It was supported by the Erasmus+ project: Project number: 2022-1-SK01-KA220-HED-000089149, Project title: Including EVERyone in GREEN Data Analysis (EVERGREEN) funded by the European Union. Views and opinions expressed are, however, those of the author(s) only and do not necessarily reflect those of the European Union or the Slovak Academic Association for International Cooperation (SAAIC). Neither the European Union nor SAAIC can be held responsible for them.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Skula, I., Kvet, M. (2024). Phishing Webpage Longevity. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 990. Springer, Cham. https://doi.org/10.1007/978-3-031-60328-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-60328-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60327-3
Online ISBN: 978-3-031-60328-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)