Get a FREE personalised SASE assessment from Netskope!
Free hosting services are an issue and for a good reason. Scammers, phishers and other attackers use this as an opportunity to take advantage of users who are unaware of modern phishing scams. Scammers achieve success by continually setting up malicious sites to outweigh the sites that get blacklisted or taken down. In essence, it is hacking with an economy of scale and a game of whack-a-mole for hosting providers.
This is why it is best to avoid free hosting services like the plague and keep them at arm’s length from your organisation and employees.
Phishers typically like the idea of setting up thousands of phishing sites freely, quickly and anonymously. This is where PasteHtml.com comes in which is considered a haven for replica website phishing scams.
The hosting service PasteHtml is a free anonymous web hosting site that allows anyone to create any replica of a legitimate-looking page with a simple post request. It also offers a service that empowers phishers to do their job very effectively. Like many other free services, PasteHtml was not designed to host malicious content. They hold many legitimate pages but have become well-known for hosting phishing pages.
PasteHtml is starting to take these malicious acts seriously. The company often remove the majority of hosted phishing pages that get reported. Warnings are also issued to users who are about to click on a suspected malicious page. However, it’s an ongoing problem, and PasteHtml is still an easy hosting service to launch a phishing campaign.
A zero-tolerance policy
A majority of free web hosting services help users by lowering costs for creating websites. Moreover, they provide many advantages for new site owners to navigate and create professional or personal websites without any technical barriers. Although spammers often take advantage of these free hosting services, Google has stressed its concern and efforts to take corrective action against individuals against spammy pages or sites.
Additionally, Google has also made it clear that individuals who own a free hosting service should do the following to reduce or prevent spam:
Inform users that spamming is forbidden on your service - publish a clear statement about abuse policy and communicate it to your users, this can be done in various ways and one of the most common ways to share this message is via the sign-up process.
For more information on how to identify spammy accounts and how to monitor your service for abuse, Google has a page specifically about free web hosting that can be found here.
BONUS DOWNLOAD: 10 Critical Security Projects and How Netskope Can Help
How to identify website phishing scams?
Given the unprecedented cyberattacks that have happened since last year, there are now resources and tools people can use to identify and stop spammers. As a matter of fact, if you are searching for an inexpensive phishing simulator for your company, your choice is narrowed down to two:
Using open-source phishing platforms - This category has been beneficial to most businesses for several reasons. With this platform, you will have access to feature-rich free versions and community support. Additional features include Linux-based tools.
There are also simple tools you can use to create an email message and send it to one or more recipients using a specified mail server. There are useful features such as reporting or campaign management.
Infosec IQ - A phishing simulator that conducts phishing risk tests to determine an organisations phish rate within 24 hours. This platform also contains a full-scale phishing simulation tool, capable of running sophisticated simulations on an entire organisation.
Phishing Frenzy - While this tool is an open-source application, is it designed as a testing tool at identifying internal phishing by conducting internal phishing campaigns.
Visit gend.co/proveit and sign up for our Netskope demo where we will show you how to protect your employees and organisation from the impact of phishing scams using free hosted websites.