Criminals setting up fake domains for phishing are prone to use the same words over and over and spotting those words can help identify malicious sites, according to a new threat detection model from #opendns.Words like “update,” “security,” “login,” “billing,” when combined with a legitimate base #domain name — or its misspelled variation — are common indicators of phishing sites, said Andrew Hay, director of security research at San Francisco-based OpenDNS.OpenDNS has assembled a list of these #keywords, as well as a list of domains commonly targeted by spammers.The idea comes from algorithms mostly commonly used in fields such as bioinformatics and data mining, and uses natural language processing techniques.