Criminals setting up fake domains for phishing are prone to use the same words over and over and spotting those words can help identify malicious sites, according to a new threat detection model from OpenDNS.
Words like "update," "security," "login," "billing," when combined with a legitimate base domain name -- or its misspelled variation -- are common indicators of phishing sites, said Andrew Hay, director of security research at San Francisco-based OpenDNS.