Yahoo hosting 'thousands' of phishing sites

Yahoo hosting 'thousands' of phishing sites

Summary: Spamhaus has accused Yahoo of failing in the fight against online fraud, and Microsoft has admitted there is room for improvement

TOPICS: Security

Yahoo is playing host to thousands of phishing sites and doesn't have sufficiently well-trained staff to address the problem of online fraud, according to a leading anti-spam and security organisation on Tuesday.

Richard Cox, chief information officer of Spamhaus, told an audience of politicians, security experts and law enforcement officials that Yahoo has just under 5,000 domains hosted and registered with the words 'bank', 'eBay' and 'PayPal' within the domain names.

Most of those are used as phishing sites, Cox told the London "eConfidence — Spam and Scams" conference.

Cox said that ISPs are failing to train their staff to recognise this as a security issue. "ISPs are treating abuse issues as customer service issues," Cox claimed.

In response, Yahoo said it would follow up Cox's claims. "We take security very seriously and will be investigating this issue fully," Nick Hazell, alliance director for Yahoo Europe, told ZDNet UK.

It is understood that most of these domains were registered in the US; it may be hard for Yahoo to take action until the domains are used in a phishing attack.

Meanwhile Ed Gibson, Microsoft UK's newly appointed chief security advisor, praised Spamhaus for its work. "Hats off to Spamhaus," Gibson told the audience. "We don't do a good job of responding to abuse. Spamhaus is excellent at highlighting areas of deficiency."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What about the domain registrars? They should be held accountable.
  • True, any site can just keep bouncing from web host to web host using the same domain. In the end, a phisher is going to do more than that, though.

    Problems.. problems.