OpenDNS, provider of the world’s leading Internet navigation and security services that make networks safer, faster, smarter and more reliable, today announced that PhishTank.com, the free community website where anyone can submit, verify, track and share phishing data, reached the one million phishes submitted milestone. The one million submitted phishes represent a four-year effort by the PhishTank community and OpenDNS to help shed light on one of the dark corners of the Internet.
Launched in October 2006, PhishTank employs a voting system that allows its global community of security professionals, researchers and academics to both submit suspected phishing sites and vote “phish” or “not phish” on others’ submissions. The process works by allowing community members to contribute to the intelligence of the system, reducing the possibility of false positives and improving the overall breadth and coverage of the phishing data. When a submission is verified as a phish, users of services leveraging PhishTank data, which include OpenDNS, Yahoo!Mail, the Opera Web Browser and many more, are automatically protected from the fraudulent sites.
Prior to the existence of PhishTank, anti-phishing functionality in Internet services was powered by large security companies working independently to identify and verify phishing sites. The approach was imperfect: It was both slow-moving and resulted in a high number of false positives. Additionally, given there are a finite number of phishing sites live on the Internet at any given time, the security companies were all evaluating the same sites. PhishTank aims to consolidate efforts, proving that a concerted approach where everyone contributes into a common data source that’s open and accessible gives the good guys an advantage over the bad guys. Phishes are identified and verified faster and fewer unsuspecting people fall victim to Internet scams.
“The 1 million phishes milestone is a huge accomplishment for the PhishTank community and for OpenDNS, and one that certainly validates the site’s unique approach,” said David Ulevitch, CEO of OpenDNS. “We started PhishTank in 2006 because we believe that fighting phishing should be a collaborative effort. The data collected by PhishTank and used by services around the world has prevented tens of millions of people from exposure to fraudulent and identity-stealing websites.”
The one-millionth phish submitted to PhishTank was a website posing as a Citibank UK sign-in page. Community members quickly verified it as a phishing attempt.
Signs this website was phish include:
• A non-secure sign in: A bank website that is asking you to sign in to your account will always have secure sign in (https://). This Website does offer it.
• A forged URL: This website’s domain is “focuforum.sk.” Citibank’s UK website address is http://www.citibank.co.uk.
• Poor resolution: Because phishing websites are created with urgency and have a short lifespan, they frequently have poor resolution, as this one does.
“OpenDNS is firmly committed to maintaining and improving PhishTank as a service to the Internet,” said Ulevitch. “We’ll be devoting more engineering resources to it in the coming months, and over the past two weeks have begun deploying all new hardware for PhishTank’s infrastructure. These enhancements and investments will make PhishTank easier to use for the community of dedicated submitters and verifiers, and also faster-moving for the companies and organizations pulling data out.”
Image of the 1 millionth phish available here: www.opendns.com/img/phish-example.png
Trending in phishing over the years:
The spoofed bank URL is not atypical of the type of websites submitted to PhishTank. Over the past four years, different brands have become more or less popular to spoof as they’ve become more or less popular online. Month after month, eBay and Paypal are two of the most phished brands, but other popular targets vary. In 2006 and 2007, the PhishTank monthly most-phished brands list was dominated by online banking websites. Starting in late 2008, Google became a popular target of phishing websites. In 2010, social networking sites like Facebook, MySpace and Orkut and gaming sites like World of Warcraft and Steam round out the monthly most-phished brands list, with online banking services still making frequent appearances. See stats for the month of July 2010 here. www.opendns.com/about/announcements/180/
PhishTank is operated by OpenDNS and is the first and only effort of its kind. Launched in October 2006 to coincide with National Cyber Security Awareness Month, the site employs a sophisticated voting system that requires the community to vote “phish” or “not phish,” reducing the possibility of false positives and improving the overall breadth and coverage of the phishing data. PhishTank makes all phishing data it accumulates public and available via programmable APIs, which allow other software developers to incorporate the anti-phishing data into their tools. The open access is intended to encourage the sharing of information and increase the chance of eliminating phishing all together. For more information about PhishTank, please visit: www.phishtank.com
OpenDNS is the world’s leading provider of Internet navigation and security services that make networks safer, faster, smarter and more reliable. Through DNS resolution, cloud-based Web content filtering and security services, OpenDNS empowers millions of households, schools and businesses to control how users navigate the Internet on their network, while dramatically increasing the network’s overall performance and reliability. For more information about OpenDNS, please visit: www.opendns.com