Sponsored by..

Monday 14 June 2010

Phishtank FAIL: hsbcnet.com / hsbc.net

hsbcnet.com is a valid and legitimate website belonging to HSBC. Traffic is redirected to this site from hsbc.net. The site itself is hosted on AS26381 63.111.163.110 which is delegated to an HSBC subsiduary called Household International from Verizon. The hsbcnet.com  was registered in 1998 to a registrant with an hsbc.com web address:

Registrant:
HSBC
   One HSBC Center
   Floor 21 - HTS eBusiness
   Buffalo, NY 14203
   US

   Domain Name: HSBCNET.COM

   Administrative Contact, Technical Contact:
      Fischer, Chuck  charles.fischer -at- us.hsbc.com
      HSBC Bank USA
      One HSBC Bank
      eBusiness, 21st Floor
      Buffalo,, NY 14203
      US
      (716) 841-2075 fax: (716) 841-5022


   Record expires on 04-Dec-2010.
   Record created on 04-Dec-1998.
   Database last updated on 14-Jun-2010 04:41:11 EDT.

   Domain servers in listed order:

   NS3.HSBC.COM                
   NS4.HSBC.COM       
         

It's clearly not a phishing site, and yet Phishtank say that it is.


Now, Phishtank does just allow any old user to mark a site as phishing. In this case, the site was submitted by a user called dvk01  and then verified by SEVEN other people as a phish - stuartgrant knack NotBuyingIt cybercrime marcoadfox Aminof theGeezer - although some people have said that it isn't. As a result of this faulty groupthink, 71% of reports say that this legitimate site is a phish.

This false positive has now filtered down to OpenDNS and a number of other blocking services (e.g. Sophos) that are now erroneously blocking access to HSBC.

Don't get me wrong, Phishtank and other similar service can be very useful. But in this case it shows that Phishtank's verification process really doesn't work.. as any actual examination of the web site in question would surely identify is as legitimate.

No comments: