Got Phish? Drop 'Em in the 'Phishtank'
Chances are that you regularly receive "phish" in your inbox -- e-mail messages that try to lure you into giving away your personal and financial data at fake bank or e-commerce Web sites. If you're at all like me, you probably long ago stopped alerting the banks or companies being impersonated in the fake e-mails after time and again receiving the same impersonal and automated reply: "Yeah, thanks, we're on it."
This week, however, saw the launch of Phishtank, a free, community-based service that puts the "phun" back into phish reporting. The service was created by OpenDNS, a start-up that hopes to offer consumers and businesses a safer and speedier domain name system (DNS) resolution service (DNS is what translates Web site names into numeric addresses that are easier for machines to process).
Sure, OpenDNS is using the data to black hole phishing sites for people who use its DNS service. But it also is giving away a free API, or "application programming interface," that lets third-party Web sites, Internet service providers and software engineers tap into Phishtank's reservoir of suspicious e-mails and Web sites.
Check out Phishtank's homepage and you'll see some of the more recent submissions, along with links to screenshots of the phishing site, as well as a form you can use to see whether a phish you've received has already been submitted. I submitted a couple that I'd received over the past two days; turns out they'd already been sent in.
But even if someone has already claimed your phish, you can still vote on, or "verify," submissions in the hopper -- provided you register a nickname with a valid e-mail address. The neat thing about this system is that you can track the progress of any phish you've submitted, either by visiting your account at Phishtank.com or by signing up for an RSS feed that tracks your submissions and can notify you once those sites are taken down.
"We've had ISPs call us and ask for our data, and we say sure, we'll even build you an RSS feed that gives you a real time look at all of the phishing sites that resolve to addresses on your network," said David Ulevitch, OpenDNS's founder and chief executive.
I thought I was pretty good at spotting phishing attacks, but it's hard sometimes when you don't have the benefit of seeing the e-mail led the user to the suspicious site, as is the case with Phishtank -- at least for now. For instance, I voted on whether this one Bank of America site someone submitted was in fact a phishing site. The screenshot of the site looked just like the real thing, and Phishtank also has an option to load the site into a frame that pulls up the actual live site under discussion (more on this later). That site also defaulted to Bank of America's default login page, "https://www.bankofamerica.com/index.jsp". So, not having any more information on this site, I voted against as listing it as a phishing site. Turns out 47 percent of voters agreed with me, while 53 percent called it phishy.
Ulevitch said the company is still working on some Phishtank's finer details, such as how and whether to display e-mails as well as the number of people who voted on each potential phishing site. But in order to prevent gaming the system, Phishtank is reputation-based, in that greater weight will be given to submitters and voters who consistently pick true phishing sites. Ulevitch said Phishtank developers also are toying with a feature that would allow users to reverse their votes. "It's complicated, because once we show you votes of everyone else, you are biased."
Posted by: Thomas L. Jones, Ph.D. | October 5, 2006 10:41 PM | Report abuse
Posted by: Thomas L. Jones, Ph.D. | October 5, 2006 10:43 PM | Report abuse
Posted by: Jay George | October 6, 2006 8:57 AM | Report abuse
Posted by: Sadler | October 6, 2006 10:37 AM | Report abuse
Posted by: ajune Dennis | October 6, 2006 6:28 PM | Report abuse
Posted by: William Palmborg, SecuraSystem.com | October 6, 2006 9:02 PM | Report abuse
Posted by: Henry Hertz Hobbit | October 12, 2006 1:13 AM | Report abuse
Posted by: Henry Hertz Hobbit | October 12, 2006 2:43 PM | Report abuse
The comments to this entry are closed.