OpenDNS runs PhishTank.com, the largest clearinghouse of phishing data on the Internet. So we’re often the first to see new, particularly sneaky phishing attacks. The one we’re sharing with you today is both of those things.

At the surface, this scam looks like hundreds of thousands of others we’ve seen over the years. It impersonates an HSBC Bank website and encourages people to enter their login credentials, which would then, presumably, be stolen and used nefariously. While any kind of phishing is gross, it’s what’s happening behind the scenes here that’s particularly alarming.

Simply put, the scam actually turns 404 errors into phishing websites. So this phishing website returned 404 headers to your browser, which normally tell your browser that the website you’re trying to load is down or can’t be found. Instead of saying a page couldn’t be found, their “error” page just looked like HSBC Bank’s website to visitors.

The reason this is especially crafty is that it completely circumvents one of the primary ways PhishTank tests if a phish is still live and functional, which is watching for 404 errors. Normally a 404 would only be returned after the offending website was fixed, indicating the content is no longer available. However, a website administrator can put whatever content they want on their 404 error page. This is exactly what we saw happen. By returning a 404 error, but still rendering the phish, the website administrator avoided being caught by Phishtank. But not for long.

Our exceptional community of security researchers, IT professionals and academics, quickly identified the phish and verified it, blocking it for more than 30 million people around the world instantly. And OpenDNS engineering is working now to update the way PhishTank works to make sure we catch these types of phishes without delay going forward.

The moral of the story here, and the moral to every story about Internet security: the bad guys are crafty and constantly trying new ways to trick Internet users. Security companies like OpenDNS need to be vigilant and work with the security community to quickly react to threats and always stay ahead of the bad guys. You can bet we will continue to do just that.

Update: The phishes referenced in this post were submitted by PhishTank community member Michael Molsner, who works for Kaspersky Lab.

Editor’s Note: Kids are more connected than ever these days and OpenDNS is the preferred choice to keep them safe online. But we wanted to take a deeper look at how kids today are balancing time online and off. To get some insight, we talked to Jonathan Rhodes, IT Consultant for the Cole YMCA.

OpenDNS: Kids are more connected then ever these days. How do you help kids balance active choices with the time they spend online?
JR: It’s been my experience that kids will choose to be active if the option is there. At the YMCA, I often see kids playing basketball after putting their backpacks down in the stands. Classrooms are getting more and more technologically sound and because they are surrounded by technology all day they seem to appreciate the opportunity to set it aside to run around and play with their friends.

OpenDNS: What trends do you see in kids using the Internet while away from home?
JR: You might be surprised to hear this but one thing that really impresses me about the kids I observe on our network is that they make really responsible choices. Our local high school provides some of its students with laptops to take home and I see many of them using our free Wi-Fi to finish up homework assignments or do research before hitting the basketball courts or the pool. The schools trust the kids to use technology responsibly, and since we go one step further and protect our networks with OpenDNS, it’s easy for them to focus on schoolwork.

OpenDNS: What can facilities like yours do to help parents understand the importance of Web security for their homes?
JR: While the children are in the YMCA their browsing is protected from malicious sites and adult content. This is as much for the protection of our network and guests’ equipment as it is for the parents’ peace of mind. We let parents know how we filter content so it’s easy for them to replicate the same OpenDNS filtering settings at home, but we also want them to teach them about Phishing and malware.

OpenDNS: Why do you love working at the YMCA?
JR: I came to the YMCA for the first time at age 25 and this place has had such a positive impact on my life. Everything about the YMCA is geared toward health and wellbeing. Whether I’m installing network computing equipment and making choices on the best security and content management programs to support it or I’m coming for a strength training workout, I just love being here.

OpenDNS: What are your favorite offline activities?
JR: I enjoy strength training at the YMCA, as well as spending time with my family, and reading tech news. Okay, that’s online, but I can’t help myself!

Editor’s note: It never ceases to amaze us how just how busy OpenDNS users can be. Between work, family, games, development and staying current with technology, most of you we hear from can’t manage to stay still! We checked in with OpenDNS fan and blogger Rick Beckman to see how he manages.

OpenDNS: You have a five-year-old at home and another baby on the way. Does using a service like OpenDNS open the door for discussions about safe Internet browsing?
RB: Absolutely. As soon as our five-year-old starts reading I will show her the basics of the Internet. My biggest objective is keeping her safe online.  And not just from adult content but also from malware or anything else that may catch a kid off guard. I absolutely love that OpenDNS makes that job much easier!

OpenDNS: A new puppy, a five year old, and a new baby on the way! How are you going to find time for work, let alone sleep?
RB: Yes, and also numerous websites and a side job documenting a popular WordPress theme. And eating, which I’m told is mandatory. It’s all about finding a balance that makes the family happy, and while I’d love to say I have it all figured out, every day is a learning experience. I try and be strategic, though. For example, while the kiddo is getting ready for school in the morning, I have some time to catch up on email.

OpenDNS: You’ve found time to do some cool things with WordPress, an open source blog platform. Why are you such a fan of the service?
RB: Aside from building a cool WordPress plugin, I also maintain installations for family and friends, including my dad, sister and folk musician Adrienne Young. I am overjoyed that blogging has given a voice to so many people, and it’s a great feeling to host, tweak and sometimes even fix the blogs that give them that outlet.

OpenDNS: We hear you’re a gamer, too. What’s the coolest thing happening with video games right now?
RB: Video gaming has transcended being the pastime of gamers and has become something everyone is enjoying everywhere: Social media platforms, smart phones, tablets and casual gaming on Nintendo OS systems. From FarmVille to Angry Birds, Mafia Wars to Wii Sports, it seems as though gamers are becoming as ubiquitous as moviegoers. It is great to see all of these new ways of playing games bringing people together cooperatively. The world needs more of that.

OpenDNS: Okay last question. What did you name the new puppy?
RB: Mulder, of course

One of the many reasons more than 30 million people around the world choose OpenDNS is a feature called automatic typo correction.  It works by automatically redirecting common typos in top-level domains (.com, .net, .edu, etc.) to the right place, so if you type www.google.cmo, and that domain doesn’t exist, we just automatically take you to www.google.com.

Although this feature helps with a tremendous amount of typing mistakes and enables people to stay on-course online, an increasingly popular phenomenon called typosquatting means there are still typos we can’t fix, some of which are much more precarious than a dead end.  Typosquatting is what happens when someone registers a domain that’s nearly identical to that of a popular brand: Twtter.com and Twitter.com, for example. It banks on the idea that a fast-fingered typist may not notice that she’s arrived at the unintended site due to an omitted “i”. And since the typo exists in a real, registered domain, we don’t interfere.

Twtter.com is a particularly tricky example. In the case of this site, the typo — an omitted “i” — might not even be apparent at first glance.  The people who run this site are clearly trying to capture typo traffic destined for Twitter.com.  And regardless of the fact that the site has a URL redirect (the domain in the address bar changes after the site has been resolved), the blatant use of Twitter’s well-known design themes prove the site is aiming to fool people into thinking it’s the real website of Twitter.

Typosquatting is not new, but this sort of high-polish, branded version seems to be on the rise.  In the case of Twtter.com, the Twitter.com imposter, the site’s entire function is to get your contact information. A very appealing offer is presented to answer two survey questions and get what is, by all accounts, an awesome prize: an iPad2. It’s unclear what will happen with your personal information once it’s in the wrong hands — it could range anywhere from being used to send SMSs to your cell phone that you get charged for or simply selling your email address.

As with any online threat, protecting yourself and those people using the networks you manage starts with education.  Here are three tips for outsmarting typosquatting:

1. Use OpenDNS:  It’s the only service that will automatically correct common typos in TLDs, and help ensure you end up at the website you want.  OpenDNS solves a large portion of the problem, and also automatically blocks phishing websites.

2. Watch the address bar:  Legit websites rarely do redirections like Twtter.com does.  Keep an eye on what the site is doing and note suspicious redirects.  Also simply note the URL of the website you’re visiting after you’ve been taken there. Is the site the one you wanted? Did you make a typo?

3. Don’t share your personal information:  If a website offers you a chance to win a prize, simply for providing personal information or taking a survey, be skeptical.  You should never share your personal information online unless you’re on an extremely trusted website.

For businesses, schools and households alike, online safety is of the utmost importance. And it’s all about education.  Know what to look for and you can outsmart much of the bad stuff.  And use OpenDNS and tell others to do the same.

We’d love to hear your thoughts:  We’re considering an opt-in service that would let people avoid these kinds of unintended redirections.  Even in cases like that of Twtter.com, where technically it’s a real, registered website.  What do you think?  Would you use such a service?