Phishing has become a very serious problem recently. In fact, it has become so serious that new versions of leading browsers have anti-phishing technology built into them. That doesn't mean that phishers are out of business. No sir.
In fact, it just means that they're trying to find new methods around new security measures.
Phishers have actually devised not only a clever way around the issue, but a way to cast some doubt over the entire anti-phishing campaign in one audacious stroke:
“Attackers could create a phishing site on the gmodules.com domain and then send that URL to victims. Because Google's gmodules.com domain is trusted by antiphishing filters, victims might then go to the phishing site without being warned by their browser's filtering software.
Security researcher Robert Hansen, a frequent critic of Google, reported the issue to the company's security team, but he was not satisfied with their response. He says Google told him that what he sees as a flaw is simply part of the site's expected behavior. Google couldn't be reached immediately for comment.”
An easy solution to this problem would be for Google to restrict who can submit new gmodules to the site, but obviously phishers will look for some way around that too. Of course, that'd only work for just Google, and they're certainly not the only company to leave a door open for phishers.
Do you think we'll ever be rid of phishers? If so, how do you think it can be accomplished?