Internet Defence Phishery
The Internet Defence Phishery is a repository of phishing emails. It enables security researchers, or simply anyone concerned about the validity of an email that they have received, to check out the status of an email.
The phishery does a number of things:
- It captures examples of phishing emails in real time, so is very up to date.
- Only unique emails are shown. The intention is to have an example of as many as possible of currently active email phishing attacks.
- It performs some analysis on the email, so that the contents can be inspected, and information about the illegitimacy of the email can be more readily ascertained.
- The fake sites set up by the attackers are monitored, to further determine the risk posed by the attack, and to gather information about how quickly the sites are shut down.
Functions Available
Currently, the following functions are available:
- The Repository. This provides access to all the emails in the archive
- Realtime Fake Site Monitor. This provides a real time display of the status of the currently known and active
- Identified Malware. This provides a directory of examples of phishing emails identified by their ClamAV name
Phishing Activity
|
We currently sample around 3,000,000 spam emails per month (or 100,000 per day). The following graph shows the volume of phishing emails seen in this sample over the last 30 days: 
|
|
|
The top 10 Phishing malware seen in the last three days: 
|
The top 10 Phishing malware seen in the last thirty days: 
|
|
The top 10 Phishing targets last three days: 
|
The top 10 Phishing targets in the last thirty days: 
|
