IDEAS home Printed from https://ideas.repec.org/a/idt/journl/cs8102.html

The Impact of Public Information on Phishing Attack and Defense

Author

Listed:
  • Tyler MOORE

    (Harvard University)

  • Richard CLAYTON

    (University of Cambridge)

Abstract

Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers' widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised however the root cause of the vulnerability is not addressed. We find that 17% of phishing websites are recompromised within a year, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites actually lower recompromise rates. We find that phishing websites placed onto a public blacklist are recompromised less often than websites only known within closed communities. Consequently, we conclude that strategic disclosure of incident information can actually aid defenders if designed properly.

Suggested Citation

  • Tyler MOORE & Richard CLAYTON, 2011. "The Impact of Public Information on Phishing Attack and Defense," Communications & Strategies, IDATE, Com&Strat dept., vol. 1(81), pages 45-68, 1st quart.
    • Handle: RePEc:idt:journl:cs8102
    as

    Download full text from publisher

    File URL: http://repec.idate.org/RePEc/idt/journl/CS8102/CS81_MOORE_CLAYTON.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Moore, Tyler, 2010. "The economics of cybersecurity: Principles and policy options," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 103-117.
    2. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gauguier, Jean-Jacques, 2009. "L’industrialisation de l’Open Source," Economics Thesis from University Paris Dauphine, Paris Dauphine University, number 123456789/4388 edited by Toledano, Joëlle.
    2. Gonzalez-Jimenez, David & Capozza, Francesco & Dirkmaat, Thomas & van de Veer, Evelien & van Druten, Amber & Baillon, Aurélien, 2025. "Falling and failing (to learn): Evidence from a nation-wide cybersecurity field experiment with SMEs," Journal of Economic Behavior & Organization, Elsevier, vol. 230(C).
    3. Sanjeev Goyal & Adrien Vigier, 2014. "Attack, Defence, and Contagion in Networks," Review of Economic Studies, Oxford University Press, vol. 81(4), pages 1518-1542.
    4. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    5. Lam, Wing Man Wynne, 2016. "Attack-prevention and damage-control investments in cybersecurity," Information Economics and Policy, Elsevier, vol. 37(C), pages 42-51.
    6. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    7. Schmidt, Andreas, 2012. "At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker," Telecommunications Policy, Elsevier, vol. 36(6), pages 451-461.
    8. Lam, Wing Man Wynne, 2014. "Ex Ante and Ex Post Investments in Cybersecurity," TSE Working Papers 14-519, Toulouse School of Economics (TSE).
    9. Yugang He, 2024. "China’s digital shadows: unveiling the economic toll of cybercrime," Humanities and Social Sciences Communications, Palgrave Macmillan, vol. 11(1), pages 1-10, December.
    10. Mezei, Péter & Verteș-Olteanu, Andreea, 2020. "Editorial: From trust in the system to trust in the content," Internet Policy Review: Journal on Internet Regulation, Alexander von Humboldt Institute for Internet and Society (HIIG), Berlin, vol. 9(4), pages 1-28.
    11. Moritz-C. Schlegel & Claudia Koch & Mona Mirtsch & Andrea Harrer, 2021. "Smart Products Enable Smart Regulations—Optimal Durability Requirements Facilitated by the IoT," Sustainability, MDPI, vol. 13(8), pages 1-14, April.
    12. Rowland, Jill & Rice, Mason & Shenoi, Sujeet, 2014. "Whither cyberpower?," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 124-137.
    13. Gubello, Michele, 2024. "Social trust and the support for universal basic income," European Journal of Political Economy, Elsevier, vol. 81(C).
    14. Malecki, Edward J., 2017. "Real people, virtual places, and the spaces in between," Socio-Economic Planning Sciences, Elsevier, vol. 58(C), pages 3-12.
    15. Richard J. Sullivan, 2014. "Controlling security risk and fraud in payment systems," Economic Review, Federal Reserve Bank of Kansas City, issue Q III, pages 5-36.
    16. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    17. repec:bcp:journl:v:9:y:2025:i:11:p:3056-3069 is not listed on IDEAS
    18. Schwemer, Sebastian Felix, 2020. "The regulation of abusive activity and content: a study of registries' terms of service," Internet Policy Review: Journal on Internet Regulation, Alexander von Humboldt Institute for Internet and Society (HIIG), Berlin, vol. 9(1), pages 1-22.
    19. Dirk Wrede & Tino Stegen & Johann-Matthias Schulenburg, 2020. "Affirmative and silent cyber coverage in traditional insurance policies: Qualitative content analysis of selected insurance products from the German insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 657-689, October.
    20. Sood, Aditya K. & Enbody, Richard J., 2013. "Crimeware-as-a-service—A survey of commoditized crimeware in the underground market," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(1), pages 28-38.
    21. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411, CPB Netherlands Bureau for Economic Policy Analysis.

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    JEL classification:

    • K42 - Law and Economics - - Legal Procedure, the Legal System, and Illegal Behavior - - - Illegal Behavior and the Enforcement of Law
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:idt:journl:cs8102. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: BLAVIER Thomas The email address of this maintainer does not seem to be valid anymore. Please ask BLAVIER Thomas to update the entry or send us the correct address (email available below). General contact details of provider: https://edirc.repec.org/data/idatefr.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.