We just posted PhishTank statistics for April 2008. No major surprises: The United States is, for the thirteenth straight month, hosting more phishes than any other country; A group of large banks, eBay, and PayPal round out the top most spoofed brands; And the PhishTank community of submitters and verifiers continues to have an impressively high accuracy rate.

The headlines tell us the phishers are not giving up. Seemingly every week we see reports of a new type of phishing scam. This week it’s Google AdWords phishing, where AdWords account holders are sent emails alerting them their account needs updating. The account holder logs into the spoofed AdWords interface and hands over their credit card information.

The AdWords phishing scam is interesting to me largely because, in lots of cases, it’s targeting businesses. People understand identity theft. But what happens when a business’s identity is stolen? There’s no easier or more efficient avenue to get reimbursed for a business than for an individual. Basically, whether you represent yourself or your company, you have to go to your credit card company and beg for forgiveness. (Whether or not it should be the banks — some of the most commonly spoofed brands — that are responsible for reimbursing money stolen through phishing is part of a separate debate.)

And the spoofed AdWords account interfaces, at least the ones I’ve seen, are good. I can easily understand how the marketing person tasked with managing AdWords for their company could be fooled. I know plenty of small and mid-size companies that rely on online advertising to drive traffic to their site, and see huge dents in revenue when something goes wrong and the traffic doesn’t come. That marketing person has plenty of incentive to make sure their account information isn’t wrong and nothing is preventing potential customers from seeing their ads.

Experts repeat the same warning about AdWords phishing that we’ve all heard about phishing in general for years: Educate yourself about phishing and look skeptically at URLs. Remember that as a general rule, you won’t be warned via e-mail that your account has been compromised, so if you are ever encouraged via e-mail to login to an account and update information, proceed with caution and look closely at the URL you’re encouraged to click.

Take for example, one of the AdWords phishes someone submitted to PhishTank. See the “d0l9i.cn” in the middle of the URL? If you open a new window and load http://adwords.google.com/select/login, you’ll see the real site’s URL doesn’t include that series of characters. That should be a red flag.

[NOTE: This is a known, verified phishing site. We recommend you do NOT visit it.]

OpenDNS users and users of other services leveraging PhishTank data — McAfee, Opera, Yahoo! Mail, Kaspersky Labs, to name a few — have an extra line of defense when it comes to phishing — they benefit from PhishTank and the wisdom of the community. But it’s abolsutely a good idea to learn to look for inconsistencies in URLs and think twice before providing sensitive information online, whether it’s your own or your company’s.

And starting today, it is, between Anti-Phishing Working Group and OpenDNS.

This is a big day for us, folks, and for all of you who have worked to make our community site, PhishTank.com, the most authoritative source of phishing data on the Web.

Anti-Phishing Working Group is big, and has a member list boasting companies like eBay, Microsoft, Yahoo!, Verisign and Cisco. They’ve been at phish-fighting since 2003 and have made great progress in raising awareness about the seriousness of Internet crime.

We’re young, but growing at lightning speed. The human approach OpenDNS and PhishTank bring to the table is an incredibly important element to combatting the problem.

Anti-Phishing Working Group and OpenDNS make a great team and we’re excited about what we can accomplish together.

[Cross-posted to PhishTank and OpenDNS blogs.]

Opera and OpenDNS announced this morning that the latest version of the browser blocks phishing sites with PhishTank data. We’re pretty excited about it. (Just blogged about this over on the PhishTank blog, too.)

If you’re poking around the site because you were given the Gift of Safe by an Opera user, welcome.

If you have any problems setting up OpenDNS don’t hesitate to e-mail us at contact at opendns dot com. We’ll reply asap and help you get started. And once you’re all set, pay it forward. Give the Gift of Safe to everyone you want to protect from phishing sites.

If you’d like to add your story, send it along with a photo to gift of safe at opendns dot com. It’s a great way to show someone you care about them without spending any money.

There’s no denying it. The holidays are officially here.

My family will be en route to San Francisco by tomorrow morning and come early Thursday, the house will smell of baking turkey and sound of screaming football fans. (Not kidding about the screaming part. The neighbors have complained.)

It’s at this time of year, more than any other, that we’re compelled to pause and appreciate what we have - family, friends, health, a place to live and food to eat.

If you’re traveling to visit family or friends this week, I urge you to share your knowledge of OpenDNS and help keep them safe from phishing. Perhaps they don’t know what phishing is, even. Think about how much you’ve benefited from the service and know you can pass the benefit along. Take two minutes to add 208.67.222.222 and 208.67.220.220 to their Internet preferences and know you’ve done them a service - one that will give over and over again.

If you choose to share OpenDNS, tell us about it. We’d love to hear.

PS - A reminder to print the instructions out before you travel. If you don’t know what type of router your friends or family use, our single computer instructions for Mac and Windows are a good way to go.

PPS - If you live in a part of the world that doesn’t celebrate Thanksgiving, this is still as good a time as any to tell friends and family. Giving thanks shouldn’t happen only once a year, anyway.

As we mentioned over on the PhishTank blog, Mozilla, maker of Firefox, announced today it selected PhishTank data as the benchmark for comparing phishing protection in Firefox 2.0 and Internet Explorer 7.0. This is a big deal, considering the number of phishing-data sources to choose from.

The results? Firefox blocked 243 phishing sites that IE7 missed, making it the better of the two at blocking phishing sites, according to third-party evaluator (hired by Mozilla) Smartware.

Check out today’s articles about the testing in Slashdot, SearchSecurity and The Washington Post.

If you’re not a member of the PhishTank community yet, we hope this validation is the motivation you needed.