Internet service providers based in Dallas, Texas are carriers for more phishing attacks than in any other city, according to a PhD thesis from the University of Twente, the Netherlands.
For his PhD thesis, named 'Internet Bad Neighbourhoods', computer scientist Giovane Moura analysed the IP addresses associated with spam emails and phishing attacks.
He found that the majority of IP addresses associated with phishing attacks were allocated to ISPs in the US.
By city, Dallas was host to the largest number of ISPs linked to phishing attacks, with 107 sources. It was followed by Chicago, Provo (in Idaho), Houston and Montreal, Canada.
Moura pointed out in his thesis that the distribution of the sources of phishing attacks is correlated with the number of data centres in each location.
When it came to spam emails, Indian capital New Delhi topped the list with 297,638 sources. That was followed by Pakistani capital Islamabad and Indian high-tech city Bangalore.
The IP address linked to a phishing attack or spam email does not necessarily reveal where the people behind it are based, just where the IT infrastructure they use is located.
There are three reasons why an ISPs maybe associated with a high number of spam emails or phishing attack, Moura wrote.
"1. Some Internet service providers (ISPs) neglect malicious activities in their networks
2. Whenever a host is infected by a malware, it is more likely that this malware is going to succeed in infecting neighboring hosts belonging the same badly managed network than hosts in well managed networks
3. Non-technical local factors may contribute, such as the rate of software piracy, legislation, culture, economic, education level in a country."
Moura argues that finding out where the 'bad neighbourhoods' are on the Internet – i.e. ISPs that are most commonly associated with spam and phishing – would allow security companies and businesses to block IP addresses that may be risky.