Google Safe Browsing missed 84% of phishing sites we found in February
5 hours ago
- #detection-tools
- #phishing
- #cybersecurity
- Huginn, a phishing discovery tool, is used to seed Yggdrasil, with plans for monthly updates on findings.
- In February, Huginn identified 254 phishing sites; Google Safe Browsing (GSB) flagged only 41, missing 83.9%.
- Muninn's automatic scan correctly identified 238 phishing sites with 6 false positives on legitimate pages.
- Muninn's deep scan caught all phishing sites with zero false negatives but flagged all legitimate sites as suspicious.
- 149 phishing sites were hosted on legitimate platforms like Weebly, Vercel, and Google, evading blocklists.
- Google hosted 16 phishing sites on its domains (Docs, Forms, Sites, Apps Script), none flagged by GSB.
- Top impersonated brands: Microsoft (28), Google (21), Netflix (19), Amazon (16), and AT&T (13).
- Crypto/DeFi phishing targeted platforms like Uniswap, Raydium, and MetaMask, exploiting fast-moving ecosystems.
- Two-stage phishing attacks use reputable infrastructure (e.g., Amazon S3) for lures, redirecting to attacker-controlled sites.
- Phishing kits often only implement the 'happy path,' with non-functional secondary buttons and incorrect error messages.
- A Calendly impersonation attack mimicked a real employee's booking page, redirecting to a fake Google sign-in.
- A car wrapping scam collected personal info and sent fraudulent checks, a variation of phishing tactics.
- GSB's reactive, blocklist-based approach has gaps for novel attacks, trusted platforms, and evasion techniques.
- Muninn offers proactive detection, available as a Chrome extension, and welcomes user feedback and phishing submissions.