An Empirical Analysis of Phishing Blacklists

In this paper, the authors study the effectiveness of phishing black-lists. They used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing tool-bars. They found that 63% of the phishing campaigns in their data-set lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at hour zero. They also found that blacklists were updated at different speeds, and varied in coverage, as 47%-83% of phish appeared on blacklists 12 hours from the initial test. They found that two tools using heuristics to complement blacklists caught significantly more phish initially than those using only blacklists.