News broke yesterday that security researchers have spotted a phishing site hosted on the aptly named .fish domain. Netcraft web tester Paul Mutton explained in a blog post that parser.fish won the prize for being the first to host malicious credential slurping content directly on its homepage. Tim Helming, director of product management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“While the cybercriminals operating these sites have clearly not lost their sense of irony, phishing campaigns need to be taken seriously. These websites will prey on potentially vulnerable, less savvy Internet users and will then exploit them for financial gain. DomainTools established 21 ‘.fish’ domains that carry risk scores of 70 or higher. While this isn’t a huge number, it does confirm this isn’t an isolated incident. Phishing websites and emails can be gateways to malicious software such as malware, and can therefore facilitate further cybercrime that can inflict devastating damage to an individual or an organization. The .fish domain name is an amusing aside, but it is distracting from a much less amusing problem.”