A phishing site that uses the .fish generic top-level domain (gTLD) has become the first of its kind to display malicious content directly on its homepage.
While .fish and .fishing have been used to lure in phishing victims before, parser.fish is unique in that the bait is posted directly on the site (which then redirects you to a separate phishing site in Vietnam).
After the site redirects you, the new website impersonates a French banking cooperative, BRED, and steals your bank credentials.
In a blog post full of puns, Netcraft, a UK-based internet services company, describes how they found and then blocked the malicious website.
Paul Mutton, a web tester for Netcraft, explains how of the top million websites, there is only one .fish domain, and another singular .fishing domain - so while clever, this is by no means common.
In a Netcraft survey that scanned 1.8 billion sites, less than 6,000 used either the .fish or .fishing domain.
"The parser.fish domain has been registered through Tucows, using its Contact Privacy domain privacy service to prevent the registrant's details being displayed publicly; but this could just be a red herring and doesn't necessarily mean it was registered with fraudulent intent," Mutton explains in the blog post.
The malicious content has since been removed, which may also mean that the site was hacked, rather than having been created with ill purposes in mind.
Want to learn more about phishing? Register now for SecureWorld's upcoming web conference, 'How Phishing Your Users Will Make You More Secure'.