Slashdot Mirror
PhishTank Taps Community To ID Scams
mikesd81 writes, "The AP has an article on PhishTank, OpenDNS's service for fighting e-mail fraud. The free service seeks to tap the wisdom of the Internet community in identifying phishing emails and sites." From the article: "Users simply submit to PhishTank.com the messages they believe are scams. Others then examine the message and the site to which it links and decide whether it is or isn't a scam. When an item gets enough votes and the margin is wide enough, it is either dropped or classified as a phishing message. To prevent scammers from trying to game the system, votes are weighed based on how long, how often, and how accurate one has rated other messages." Update: 10/05 18:24 GMT by kd : David Ulevitch wrote to mention: "PhishTank, unlike any other anti-phishing service, provides a full API and open access to the data for any developer to use to secure their applications. Before PhishTank, someone from the SpamAssassin project or maybe the Squid Cache would have to fork over a lot of money for phishing data to groups like the Anti Phishing Working Group or Symantec. It's now available for free, and I believe in a far more accurate and usable form."
To prevent scammers from trying to game the system, votes are weighed based on how long, how often, and how accurate one has rated other messages.
I dont really see how that prevents scammers from gaming the system. All it means is that it'll take a few more scammers to make sure their definition of 'scam' isn't what everybody elses is. If they do that, when people vote scam pages as scams the system will think "Hey thats not right" and it'll lower the legit users accuracy.
Your hair look like poop, Bob! - Wanker.
Now, I don't want them selling this to telemarketers and snail mail SPAM but maybe there are people looking for mortgages and want to be contacted. What do I vote this as? There is no possible phishing attack to select. When I clicked 'phishing' attack, 70% said it wasn't while I was part of the 30% who said it was. Kind of confusing.
After voting on ten of them (all of which, I decided where scams), I found a classic Ukrainian eBay phish. 100% votes were phishing attack. I started to notice that the URL tells more than the actual message itself. I guess I wish the site would have a section firmly defining phishing attacks and what are obvious give-a-ways.
This is all they say on that: So appearantly the mortgage example asked for personal information but was just Spam? I'm a bit confused.
My work here is dung.
Actually, it will do a good job of keeping scammers out as it specifically is designed to keep scammers out. You obviously do not understand how harddrives work, as this technology makes it impossible for untrusworthy users to edit the harddrive. This technology is amazing and I hope it is used in all future voting robots.
yo listen up heres a story
For as long as I can remember there have been attempts to fix email so that it won't be subject to spammer stupid-tactics. How long is it going to take? Answer: Until M$ makes OE use digital signatures by default.
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
I'd trust them a whole lot more if they were honest about their own name.
All PhishTank has to do is to inject known phishing messages. For example, each 1/10 messages the user rates are known to be phishing by PhishTank. If a user repeatedly marks that message as legit, we know that user is trying to game the system. Alternatively, (or perhaps additionally) a few trusted PhishTank users in the beginning can seed the system. Anyone who consistently votes against them will be gaming the system.
A lot of the phishing scams I receive nowadays are real messages, such as ebay alerts, with the link pointing back to a phishing site that appears to be the real thing but actually is used to steal passwords. Other include fake announcements from banks, etc, again where everything is fairly close to the real thing exempting the actual web address linked.
So how would it differentiate between these and the emails from the original site. While some of the bank ones are most likely just make up to look legit, the ebay and others are copied from modified messages.
Huh. Moderating messages, with some kind of 'meta-moderation' to keep track of the moderators.
Nope, that'll never catch on.
((pre coventry)) And know the ph is usually sysnonymous with some sort of scammage, a scheme, and what not. How did we go so far away form the originally usage?? [assuming that no one was "phishing" before phish formed} I hope this isn't toooo oftopic?? ;) Also rather nice to see the continued usage of the power of the people, democratic methodology, rather like when those things are put to use.... Thanks all the dev's out there ((slashdot included 3 )) who keep that set of values rolling... And hopefully progressing...
TAGS!!! EGOR!!! TAGS!!!!
"Spam" is in the eye of the beholder.
But this could also be phishing if the phisher is building a database linking email addresses to real names / physical addresses / phone numbers.
The more pieces of information they can get, the easier it is for them to get the missing pieces. Remember HP's "pretexting" story?
What is the minimum amount of info you need to "steal" someone's identify? Name, Social Security number (if USA) and address? Can it be done with less?
If I were criminally inclined, I would be building a database with all that information on every person I could get it on. I'd be aiming for "identity theft" in a major way. And I would be trying to fill in the missing/starting items as innocuously as possible.
Luckily, someone reported him and the shut down his domain.
Now I get spam from d.d333dkc@7777dxe3.net.
I hope someone shuts him down. Then that will be the end of that.
Why not just set up a scheme by which I can forward some of my spam-phish filter hits to their receiver?
When I get a new one I've never seen, I just add the name of the institution to the top of the rule. It doesn't take ME long to rule out all mails claiming to be from First Mutual of Podunk, even though there may exist some legitimate mails from FMoP to their customers, wherever that is.
[
Phishing sites and phishing emails are spewed out by zombie desktops. Blacklisting them is like spitting in the ocean.
Dear PhishTank user: There has ben a problem with your account information. Please go to http://www.phishtank-org.uk/UserID357zzzzx.html to make appropriate changes.
It wasn't me, it was the one-armed
sounds a little like the old Cloudmark spam net.
http://toolbar.netcraft.com/ Netcraft installs a tool bar on your browser that shows host information (including country) and the level of trustworthiness. Users can submit phishing links through a link on the bar. I use it mostly to spot the hosts of spammers, but it also raises useful questions such as a link from eBay with a web hosting service in Korea. They've recently become particular about what kind of URLs they consider phishing. For example I wouldn't consider a mortgage spammer hosted in China to be a serious candidate when it's time to re-fi the family manse. They also don't consider possibly illegal content (child porn for example) to be phishing.
You'd be amazed at how technically sophisticated some of these phishing crews are becoming. They've all got botnets in which they wield large numbers of compromised computers. If a bot can be trained to sign up for a Blogspot blog and autogenerate SpamSense blogs, they may find a way to vote for/against sites on this system as well. Bot nets are perfect for online voting, as they can send a steady stream of votes from different IP addresses. That's why blogs have such trouble with comment spam - it's coming from 50 different IP addresses.
RichM
Data Center Knowledge
I get this garbage all the time. I know instantly whether or not it is a Phish. If I get an email from a bank about some security issue, and I do not do business with that bank, it is a Phish. If there is any doubt, I can look at the data behind the link that is given. If it goes to www.bankofamerica.com, it is legit. If it begins with some IP address, it is not. I personally do not need group concensus to know it is a Phish. Being a good Netizen, I will hit the link to see if it is still active, and if it is, forward it to BOFA, Paypal, or whatever service is being used as bait. They also do not need any goup's concensus to know if it is a Phish, and they will take care of it, quickly. About half the time, by the time I open the email and check the link, it is already down, presumeably because the team dedicated to online fraud at the organization in question has had it shut down. Once it is shut down, NO-ONE can be duped by it. If I were to to use this site, I probably would be to lazy to ALSO forward the email on to the organization in question. The result is that, instead of a group who can actually kill it getting it as soon as possible, it is eventually, after a bunch of people have looked at it and made thier own determination, shut down for only those people who actually subscribe to that list, leaving it open for the rest of the Net to be duped. Now, if the idea was to identify, as in name and address, that bastards RESPONSIBLE for the Phish, I would be all for it. same thing with SPAM. Build something that gives us all names and addresses of the bastards, I will be first in line. This idea, however, simply delays and extends the useability of the Phish. Bad Idea Phil
I'm not sure that if I'm getting legitimate emails that might be a scam I want to submit it to find out. I recognize that email isn't secure and there shouldn't be any private information in them, but there is. At least partial information such as the last 4 CC digits. Often a token to take you direct to the page where you can input your personal info.
This is primarily geared towards people who have trouble determining if it's a scam or not. Should those people really be forwarding emails to a phishing detection service?
Not that I don't trust the intent of this group (nor do I necessarily trust them), but I would be uncomfortable with the idea of them having such a large collection of non-scam emails. If they had bad intent, that sounds like the ultimate phishing scam, send us everything that CLAIMS to need your personal info and this service will tell you whether's that was real or not. And if they are successfully detecting phishing scams, what a trove of private non-scam emails that were volunteered.
The grandparent is somewhat right. The term's "ph" originates from an original attack vector from back in the days of 300 baud called "phone phreaking".
Phishing (with a ph) is a homage to that.
You better watch out, there may be dogs about . .
Is there some way to tell if a slashdot comment is just phishing for more comments, or actually has something to say?
Have you read my journal today?
It's not always as black and white as the examples you mention.
Until the US government takes at least the same level of action against phishers it has taken against online gambling establishments, phishing will continue unabated.
Sent from my ASR33 using ASCII
I do generally forward anything that looks remotely phishy to the organization that it appears to be from. Hopefully they'll shut down the phishing sites or give their own pages URLs that are under their domain instead a third partiy domain.
I've never gotten a useful reply back (5 pages of boilerplate about how to report abuse is not useful to sobebody who just reported abuse correctly).
More importantly, I've seen phishing sites that were still up weeks after I reported them to the hosting ISP and the company being phished.
A lot of the users on the site seem to be unclear of what phishing is. In short, according to wikipedia, phishing is a criminal act where you decieve someone to obtain sensitive information (bank accounts, credit cars numbers) from them. While some of the "2 minute mortage" messages on the site may seem like phishing, they aren't really that quite simply because you are not revealing any sensitive information to the site except your phone number (which all the tele marketers have anyway).
The goverments definition of phising seems to be at odds with that of wikipedia, which I assume is the average internet users definition. Take a look
But then again, "sensitive information" is a relative term. If one considers record of his bankruptcy sensitive information (i'm quite certain thats a matter of public record in most countries), then yes, the message above is phishing.
That said, a lot of people easily go through with these links and they're often working for days on end. I don't know what you're talking about, honestly. I check this links and try to do stupid things like fill in my username as "fuckyou" and my password as "f_u_8_c_k_9_y_o_u"... yeah, I'm a geek with some angst. Anywho, the antifraud organizations at most of these places, like PapyPal are way flooded and they hardly do anything about it.
I mean think about it... if things were so dandy why did PhishTank startup and why do these phishes even exist? It's because they are highly profitable for whoever is running the scam. It wouldn't be profitable if the organizations and their antifraud departments were doing a bang up job and shutting things down left and right. It would be downright frustrating and would not yield a profit... so much time spent for so little when you may as well flip burgers and make more money. Of course, that's not true -- Phises are highly profitable because there is very little effective action being taken against them.
Boycott Sony