An average of 126,000 domain names are registered every single day¹. Some of these can be registered for less than $1 USD and used to launch any number of phishing campaigns on unsuspecting users. An attacker can quickly copy over legitimate logos, diagrams, and graphics from trusted companies and easily create fake forms to capture user passwords and sensitive data. By the time someone spots and reports the abuse, the attacks have long since vanished.
This creates a problem for companies that rely on human-generated blocklists. The lag-time associated with human reporting means they will never be able to respond quickly enough to this type of attack. Whether the list is crowd-sourced or managed by a professional security company, it shares the same fatal flaw, phishing sites won’t be blocked until they are reported and added to a list. Are there any better alternatives?