Gone Phishing? Collaborative Site Roots Out E-Mail Scams
It's time to assemble your pole, bait the line and drop a hook into the wild waters of the Internet. Yes, Switched fans, we're looking to get the catch of the day, PhishTank style.
The folks at PhishTank, part of OpenDNS, have tapped the social-linking-collaborative environment of Web 2.0 to assemble what could be the master list of all phishing scams out there on the Web today.
A phishing scam is an attempt by some ne'er-do-well to to steal your personal information, usually with an e-mail entreaty to start. These e-mail messages look like they come from a reputable and trusted source, like a bank or eBay, but they ask for lots of important personal information, such as a credit card number, Social Security number, account number or password. It may seem like common sense to ignore such a request by e-mail, but plenty of people -- perhaps in a rush to be cooperative -- give away all these details, and then it's open season on their accounts by the criminals.
PhishTank, the brainchild of OpenDNS CEO David Ulevitch, is a clearing house for suspected phishing scams, with all the suspected scams submitted by users (just like you), which are then vetted by other users and OpenDNS employees.
By opening up the process to the Web community at large, PhishTank is able to take advantage of an enormous pool of interested users.
"In fact, there are a whole bunch of users who hang around PhishTank and review sites," Ulevitch explains. "Once a suspected phishing scam reaches a threshold of users it gets identified as a phish."
Users actually get points for each suspected phishing scam they submit. Amassing these points increases their status within PhishTank, making their submissions and reviews more valuable. The site was set up to be somewhat like Digg, which relies on users to vote for all kinds of Web content to determine popularity and relevance.
"The more you vote, the more your votes count. So this prevents the phish creators from coming in and trying to offset the valid assessments," Ulevitch says.
The site is approaching half a million suspected phishing submissions and has already had more than two million votes.
Other Internet security companies compile lists of phishing scams, but Ulevitch says the open and community nature of PhishTank has enabled OpenDNS to amass the largest and most accurate list of scams on the Internet today.
The list is used by OpenDNS to provide its clients with protection from scams. Individual users can also use OpenDNS in their Web surfing to take advantage of its protections. Set-up is relatively easy.
By opening up the process to the Web community at large, PhishTank is able to take advantage of an enormous pool of interested users.
"In fact, there are a whole bunch of users who hang around PhishTank and review sites," Ulevitch explains. "Once a suspected phishing scam reaches a threshold of users it gets identified as a phish."
Users actually get points for each suspected phishing scam they submit. Amassing these points increases their status within PhishTank, making their submissions and reviews more valuable. The site was set up to be somewhat like Digg, which relies on users to vote for all kinds of Web content to determine popularity and relevance.
"The more you vote, the more your votes count. So this prevents the phish creators from coming in and trying to offset the valid assessments," Ulevitch says.
The site is approaching half a million suspected phishing submissions and has already had more than two million votes.
Other Internet security companies compile lists of phishing scams, but Ulevitch says the open and community nature of PhishTank has enabled OpenDNS to amass the largest and most accurate list of scams on the Internet today.
The list is used by OpenDNS to provide its clients with protection from scams. Individual users can also use OpenDNS in their Web surfing to take advantage of its protections. Set-up is relatively easy.
