Its remarkably simple to create a new phishing site. Most phishers visit the target site using a standard web browser, save a local copy of the HTML code for the login page (and sometimes the images too), make a few minor modifications to the HTML so the form data can be captured, and finally upload the HTML code to a new location. I’d guess this would take about 5 minutes. Wouldn’t you think phishers would want their bogus site to be as similar as possible to the target site?
The screenshot above shows some HTML comments that PayPal embeds in their HTML (PayPal is one of the most frequently targetted sites for phishing attacks). The live PayPal site is using version 29 of the HTML code. Below it is an excerpt from a PayPal phishing site we saw today… its using version 24, and was created on October 29, 2004. Another one we saw today version 17, created on May 23, 2004. Talk about stale bait!