The full listing (1:1) contained primarily outdated URLs as 86% of the pages or sites were no longer available. While I would like to think that the existence of Google’s blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle. I had expected to see a combination of social engineering attacks, known vulnerabilities and 0day attacks used on the sites with the majority falling into the first category. I was therefore somewhat surprised to find virtually all sites using straight social engineering attacks. I was also surprised to see that the top three targets – eBay, PayPal and Bank of America accounted for 63% of the active phishing sites. One amusing finding was that Yahoo! commonly hosts pages that phish…wait for it…Yahoo! credentials. A breakdown of the full findings can be found below.