Putting the phish in the tank
SecurityFix reports on an interesting new idea to combat phishing – Phishtank is a service operated by the same people that also brought us OpenDNS. It is a reputation based community service that invites users to submit suspected phishing sites and then puts them up for voting with a screenshot. If a site gets enough votes, it will then be classified as a phishing site (and when I said “reputation based” earlier, that means the votes of regular submitters and reliable voters count more, so phishers can’t game the system), which means it will be blacklisted in OpenDNS. There is also an open API that others can use to integrate the results of the service into their own applications. There are even RSS feeds, so for instance an ISP can get a live feed of all the suspected phishing sites in their IP range.
There is one noticeable problem with the service at the moment – it only displays the URL and a screenshot of a suspected site. If I want to look at the sites and determine which are genuine and which are phishing sites, it would be much more helpful to have the email that the URL came in available as well. Voting can be difficult if there is only a screenshot to look at – the whole point of running phishing sites is to make it look genuine, the email might be the thing that tips the scales when I need to make the distinction between a legitimate and a fraudulent site. So hopefully at some point, there will be an option to see the email together with the URL before voting on it.
But I like the idea of a reputation based service and the way it’s been implemented makes a good first impression. This could really become yet another way of combating phishing – now what’s needed is a simple way to get the results of this service to those end-users who are unlikely to even worry much about phishing. If it gains enough momentum to be included in browsers or used by ISPs, it could become a really useful tool.
2 comments October 6th, 2006