PhishTank Taps Community To ID Scams

mikesd81 writes, "The AP has an article on PhishTank, OpenDNS's service for fighting e-mail fraud. The free service seeks to tap the wisdom of the Internet community in identifying phishing emails and sites." From the article: "Users simply submit to PhishTank.com the messages they believe are scams. Others then examine the message and the site to which it links and decide whether it is or isn't a scam. When an item gets enough votes and the margin is wide enough, it is either dropped or classified as a phishing message. To prevent scammers from trying to game the system, votes are weighed based on how long, how often, and how accurate one has rated other messages." Update: 10/05 18:24 GMT by kd : David Ulevitch wrote to mention: "PhishTank, unlike any other anti-phishing service, provides a full API and open access to the data for any developer to use to secure their applications. Before PhishTank, someone from the SpamAssassin project or maybe the Squid Cache would have to fork over a lot of money for phishing data to groups like the Anti Phishing Working Group or Symantec. It's now available for free, and I believe in a far more accurate and usable form."

I Just Registered

[eldavojohn]

I just registered and flew through a few of them. Honestly, some of these are very very good phishing attacks. In fact, some are so good that it's unclear whether or not you can call them 'phishing attacks.' For instance, one asks you to apply for mortgage but doesn't ask you for sensitive information aside from your address and phone number.

Now, I don't want them selling this to telemarketers and snail mail SPAM but maybe there are people looking for mortgages and want to be contacted. What do I vote this as? There is no possible phishing attack to select. When I clicked 'phishing' attack, 70% said it wasn't while I was part of the 30% who said it was. Kind of confusing.

After voting on ten of them (all of which, I decided where scams), I found a classic Ukrainian eBay phish. 100% votes were phishing attack. I started to notice that the URL tells more than the actual message itself. I guess I wish the site would have a section firmly defining phishing attacks and what are obvious give-a-ways.

This is all they say on that:

What is phishing?

Phishing is a fraudulent attempt to get you to provide personal information, including but not limited to, account information.

How do I tell a phish email from just regular spam?

Spam is unsolicited commercial email...which may include phishing attempts, but is often simply unwanted marketing. Phishing often has criminal intent. Spam isn't always, though it can be.

So appearantly the mortgage example asked for personal information but was just Spam? I'm a bit confused.

Netcraft has done it for at least the past year

[Radice+Utente]

http://toolbar.netcraft.com/ Netcraft installs a tool bar on your browser that shows host information (including country) and the level of trustworthiness. Users can submit phishing links through a link on the bar. I use it mostly to spot the hosts of spammers, but it also raises useful questions such as a link from eBay with a web hosting service in Korea. They've recently become particular about what kind of URLs they consider phishing. For example I wouldn't consider a mortgage spammer hosted in China to be a serious candidate when it's time to re-fi the family manse. They also don't consider possibly illegal content (child porn for example) to be phishing.