Phishing Initiative is a joint project led by Lexsi, Microsoft and Paypal which allows users and organisations to report phishing attempts. Every single case is analysed and leads, when appropriate, to a ban in Chrome, Internet Explorer, Firefox and Safari.

Our contribution to Phishing Initiative made us analyse a recent phishing case usurping – ironically – SpamHaus’ identity.

Spamhaus

For this attack, the spam-fighting organisation’s website was copied in order to lure mailbox owners to provide their personal credentials in an attempt to gain access to their email account. The fraudulent website was hosted on a legitimate – but hacked – Ukrainian server which has been known, in the past, for hosting previous phishing campaigns against BT and other companies.

Spamhaus swiftly blacklisted this domain right until the site was finally cleaned a few days later.

SpamHaus enables its users to filter out a significant share of spams, thus concentrating the hatred of the spammers community and making it a target of choice for hackers. As an example, the largest DDoS attack ever launched targeted SpamHaus.

Now it looks like phishers may finally appreciate this service for its phishing bait capabilities in their quest to steal email accounts. Those accounts can then be used to collect information and used as pivot point to facilitate other attacks such as spam campaigns, theft of credentials, etc.