Free Website Building services (FWBs) provide individuals with a cost-effective and convenient way to create a website without requiring advanced technical knowledge or coding skills. However, malicious actors often abuse these services to host phishing websites. In this work, we propose FreePhish, a scalable framework to continuously identify phishing websites that are created using FWBs. Using FreePhish, we were able to detect and characterize more than 31.4K phishing URLs that were created using 17 unique free website builder services and shared on Twitter and Facebook over a period of six months. We find that FWBs provide attackers with several features that make it easier to create and maintain phishing websites at scale while simultaneously evading anti-phishing countermeasures. Our study indicates that anti-phishing blocklists and browser protection tools have significantly lower coverage and high detection time against FWB phishing attacks when compared to regular (self-hosted) phishing websites. While our prompt disclosure of these attacks helped some FWBs to remove these attacks, we found several others who were slow at removal or did not remove them outright, with the same also being true for Twitter and Facebook. Finally, we also provide FreePhish as a free Chromium web extension that can be utilized to prevent end-users from accessing potential FWB-based phishing attacks.

翻译：免费网站建设服务（FWBs）为个人提供了一种经济高效且便捷的网站创建方式，无需具备高级技术知识或编码技能。然而，恶意行为者经常滥用这些服务来托管钓鱼网站。本研究提出了FreePhish，一个可扩展的框架，用于持续识别利用FWBs创建的钓鱼网站。通过FreePhish，我们在六个月内检测并特征化了超过31.4K个钓鱼URL，这些URL使用17种独特的免费网站建设服务创建，并在Twitter和Facebook上分享。我们发现，FWBs为攻击者提供了多项功能，使其更容易大规模创建和维护钓鱼网站，同时规避反钓鱼对抗措施。研究表明，与常规（自托管）钓鱼网站相比，反钓鱼黑名单和浏览器保护工具对FWB钓鱼攻击的覆盖率显著较低，且检测时间较长。虽然我们及时披露这些攻击帮助部分FWB服务删除了相关攻击，但仍有数家服务响应缓慢或未彻底删除，Twitter和Facebook也存在同样情况。最后，我们还将FreePhish作为免费的Chromium网页扩展提供，用于防止终端用户访问潜在的基于FWB的钓鱼攻击。