PhishTank Taps Community To ID Scams

← Back to Stories (view on slashdot.org)

PhishTank Taps Community To ID Scams

Posted by ryuzaki0 on Thursday October 5, 2006 @05:13AM from the going-anti-phishing dept.

mikesd81 writes, "The AP has an article on PhishTank, OpenDNS's service for fighting e-mail fraud. The free service seeks to tap the wisdom of the Internet community in identifying phishing emails and sites." From the article: "Users simply submit to PhishTank.com the messages they believe are scams. Others then examine the message and the site to which it links and decide whether it is or isn't a scam. When an item gets enough votes and the margin is wide enough, it is either dropped or classified as a phishing message. To prevent scammers from trying to game the system, votes are weighed based on how long, how often, and how accurate one has rated other messages." Update: 10/05 18:24 GMT by kd : David Ulevitch wrote to mention: "PhishTank, unlike any other anti-phishing service, provides a full API and open access to the data for any developer to use to secure their applications. Before PhishTank, someone from the SpamAssassin project or maybe the Squid Cache would have to fork over a lot of money for phishing data to groups like the Anti Phishing Working Group or Symantec. It's now available for free, and I believe in a far more accurate and usable form."

5 of 58 comments (clear)

Min score:

Reason:

Sort:

Not really by OverlordQ · 2006-10-05 05:15 · Score: 2, Interesting

To prevent scammers from trying to game the system, votes are weighed based on how long, how often, and how accurate one has rated other messages.

I dont really see how that prevents scammers from gaming the system. All it means is that it'll take a few more scammers to make sure their definition of 'scam' isn't what everybody elses is. If they do that, when people vote scam pages as scams the system will think "Hey thats not right" and it'll lower the legit users accuracy.

--
Your hair look like poop, Bob! - Wanker.
1. Re:Not really by joe+155 · 2006-10-05 05:23 · Score: 2, Interesting
  
  Indeed. Although it would take a lot of scammers... maybe this is just a sophisticated phising attack, waiting for all the scammers to register and start voting (the way that they know is the wrong way) and then they have the scammers IP address. BAM! you've got one.
  
  Sure some people will use a good proxy, but it only takes one idiot spammer to fall for it to be of use ; )
  
  --
  *''I can't believe it's not a hyperlink.''
Phishers Will Test This by miller60 · 2006-10-05 06:21 · Score: 2, Interesting

You'd be amazed at how technically sophisticated some of these phishing crews are becoming. They've all got botnets in which they wield large numbers of compromised computers. If a bot can be trained to sign up for a Blogspot blog and autogenerate SpamSense blogs, they may find a way to vote for/against sites on this system as well. Bot nets are perfect for online voting, as they can send a steady stream of votes from different IP addresses. That's why blogs have such trouble with comment spam - it's coming from 50 different IP addresses.

--
RichM
Data Center Knowledge
I think this is a bad idea... by Phil_At_NHS · 2006-10-05 06:23 · Score: 2, Interesting

I get this garbage all the time. I know instantly whether or not it is a Phish. If I get an email from a bank about some security issue, and I do not do business with that bank, it is a Phish. If there is any doubt, I can look at the data behind the link that is given. If it goes to www.bankofamerica.com, it is legit. If it begins with some IP address, it is not. I personally do not need group concensus to know it is a Phish. Being a good Netizen, I will hit the link to see if it is still active, and if it is, forward it to BOFA, Paypal, or whatever service is being used as bait. They also do not need any goup's concensus to know if it is a Phish, and they will take care of it, quickly. About half the time, by the time I open the email and check the link, it is already down, presumeably because the team dedicated to online fraud at the organization in question has had it shut down. Once it is shut down, NO-ONE can be duped by it. If I were to to use this site, I probably would be to lazy to ALSO forward the email on to the organization in question. The result is that, instead of a group who can actually kill it getting it as soon as possible, it is eventually, after a bunch of people have looked at it and made thier own determination, shut down for only those people who actually subscribe to that list, leaving it open for the rest of the Net to be duped. Now, if the idea was to identify, as in name and address, that bastards RESPONSIBLE for the Phish, I would be all for it. same thing with SPAM. Build something that gives us all names and addresses of the bastards, I will be first in line. This idea, however, simply delays and extends the useability of the Phish. Bad Idea Phil
Re:Netcraft has done it for at least the past year by ostiln · 2006-10-06 04:25 · Score: 2, Interesting

Personally I prefer WOT. It's a website reputation system, which lets me vote on the trustworthiness without leaving the site. More on their technology can be found on their blog. They say it knows over 10M sites already, which is quite impressive.