Huginn, an active phishing discovery tool, processed URLs from public threat intelligence feeds in February and identified 254 confirmed phishing sites. Google Safe Browsing (GSB) missed 83.9% of them at the time of discovery. Key findings include: 149 of 254 phishing sites were hosted on trusted platforms like Weebly, Vercel, and even Google's own infrastructure (16 sites on Google Docs/Forms/Sites, none flagged by GSB). Microsoft, Google, Netflix, Amazon, and AT&T were the most impersonated brands. Detailed attack breakdowns cover a two-stage S3 credential harvesting campaign with one-time token evasion, a Calendly impersonation targeting Google credentials, and a car wrapping scam. The post contrasts GSB's blocklist-based reactive approach with Muninn, a browser extension that uses automatic and deep screenshot-based scans, achieving zero false negatives on the dataset with its deep scan.
Table of contents
The NumbersWhere Phishing LivesWho's Being ImpersonatedAttacks Worth ExaminingWhat This MeansSort: