Security researchers have spotted the first phishing site hosted on the aptly named .fish domain.
Netcraft web tester Paul Mutton explained in a blog post that parser.fish won the prize for being the first to host malicious credential slurping content directly on its homepage.
“Fraudsters lured unsuspecting suckers to the fishy site, where a cheeky 99-char meta redirect sent them off to a separate phishing site hosted in Vietnam,” he wrote in a pun-laden post. “This then attempted to steal online banking credentials by impersonating the French banking cooperative, BRED.”
The .fish and .fishing generic Top Level Domains (gTLDs) were launched back in 2014, but it seems the internet doesn’t much need a specialized area dedicated to all things piscine: just one of Netcraft's top one million websites is a .fish domain, while .fishing also claims just a single spot on the list.
Although the parser.fish domain played host to a Netflix phishing site a week before this current one was discovered, it’s not clear whether the owner has malicious intent or not, according to Mutton.
“The parser.fish domain has been registered through Tucows, using its Contact Privacy domain privacy service to prevent the registrant's details being displayed publicly; but this could just be a red herring and doesn't necessarily mean it was registered with fraudulent intent,” he explained.
“The fact that the phishing content has also already been removed from its homepage suggests that the site may simply have been compromised rather than having been created specifically for the porpoise of phishing.”
However, joking aside, phishing is proving an increasingly popular tactic for cyber-criminals to grab privileged account log-ins, enabling them to carry out corporate data theft, or consumers’ PII to sell on the black market.
Verizon’s latest Data Breach Investigations Report claimed that one in 14 users were tricked into following a link or opening an attachment last year, and a quarter of those went on to be duped more than once.