Putting the phish in the tank
October 6th, 2006
SecurityFix reports on an interesting new idea to combat phishing – Phishtank is a service operated by the same people that also brought us OpenDNS. It is a reputation based community service that invites users to submit suspected phishing sites and then puts them up for voting with a screenshot. If a site gets enough votes, it will then be classified as a phishing site (and when I said “reputation based” earlier, that means the votes of regular submitters and reliable voters count more, so phishers can’t game the system), which means it will be blacklisted in OpenDNS. There is also an open API that others can use to integrate the results of the service into their own applications. There are even RSS feeds, so for instance an ISP can get a live feed of all the suspected phishing sites in their IP range.
There is one noticeable problem with the service at the moment – it only displays the URL and a screenshot of a suspected site. If I want to look at the sites and determine which are genuine and which are phishing sites, it would be much more helpful to have the email that the URL came in available as well. Voting can be difficult if there is only a screenshot to look at – the whole point of running phishing sites is to make it look genuine, the email might be the thing that tips the scales when I need to make the distinction between a legitimate and a fraudulent site. So hopefully at some point, there will be an option to see the email together with the URL before voting on it.
But I like the idea of a reputation based service and the way it’s been implemented makes a good first impression. This could really become yet another way of combating phishing – now what’s needed is a simple way to get the results of this service to those end-users who are unlikely to even worry much about phishing. If it gains enough momentum to be included in browsers or used by ISPs, it could become a really useful tool.
Entry Filed under: Technology
2 Comments Add your own
1. John Roberts | October 6th, 2006 at 12:40 pm
Glad you find PhishTank appealing.
We will surface more of the email information in the near future. It is collected and stored and analyzed — but we decided to wait on displaying it until we were sure (a) we can avoid accidental disclosure of the submitter’s email address and (b) we can make sure we don’t make the UI so "noisy" we confuse people.
More work to do!
Cheers,
John Roberts
OpenDNS, operators of PhishTank
2. Holger | October 6th, 2006 at 12:48 pm
John, thanks for this statement – I’ve seen a few other places where this seemed to be the main criticism and I’m glad to hear that you’re working on it. So far you’ve done a great job keeping the interface clean – I’m sure you’ll find a good way to integrate the email information as well.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed