FYI...Phishing piers on legitimate sites
May 21, 2008 - "Let's say that you want to phish for PayPal accounts. One might attempt to register something such as paypol-sevice .com. But that's too obvious and is likely to be discovered and abused before the phishing even begins... So instead of a clever misspelling, more obscure URLs such as paypalcom .cq.bz are required. However, even obscure URLs can be taken offline quickly as they have no legitimate functions. Sending a message to the host providers with a request that the entire bogus site be taken offline does the trick. So what next?
Instead of setting up their own sites, we're seeing more and more evidence of phishing from hacked sites
; legitimate sites that are unknowingly hosting phishing. And then the site cannot simply be pulled offline without collateral damage to the legitimate business. So the website's administrator must be contacted to repair the damage. Sites such as bbcsales .com, a 15 year old business with a long-standing Web presence. Until the website's vulnerabilities are resolved, the phishers will just continue to hack-and-pier..."(Screenshots available at the URL above.)