- Dec 30, 2012
- 4,809
This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes. So what upside is there for an attacker?
Reputation. More specifically, a non-negative reputation because that's a valuable thing to attackers wanting to mount a phishing campaign. This happens on an alarmingly regular basis and there was a perfect illustration of precisely this when it was discovered that spammers were hosting files on Equifax's website (every time we thought it couldn't get any worse...). This subheading within the piece describes precisely what the attraction is:
Further Reading
Reputation. More specifically, a non-negative reputation because that's a valuable thing to attackers wanting to mount a phishing campaign. This happens on an alarmingly regular basis and there was a perfect illustration of precisely this when it was discovered that spammers were hosting files on Equifax's website (every time we thought it couldn't get any worse...). This subheading within the piece describes precisely what the attraction is:
Further Reading