Security News > 2022 > August > IPFS phishing on the rise, makes campaign takedown more complicated
To successfully run a phishing operation, cybercriminals do generally need to host phishing pages online.
Phishing pages sitting on IPFS are trickier to take down, compared to usual phishing pages hosted on the clear web.
Since several IPFS nodes can host the content, the phishing page could stay online for an undetermined period that could last for months, or naturally vanish if no node is hosting it anymore.
The email contains a malicious HTML file leading to a phishing page actually hosted on the IPFS network.
Figure C. Once the user has opened the attachment, the phishing page is accessed, hosted on the IPFS network.
Trustwave indicates that they have observed more than 3,000 emails containing phishing URLs that have used IPFS for the past 90 days and mentions that "It is evident that IPFS is increasingly becoming a popular platform for phishing websites."