Alert sounds alarm on phishing imposters uses "fingerprint" of real site to root out fakes on the Web, then tells businesses if they've been targeted.

A correction was made to this story. Read below for details.
A new online service promises to send an e-mail alert when a Web site is copied and possibly used in a phishing scam.

The free service, dubbed, is run by e-mail security company CipherTrust. Web site owners can use the service to monitor abuse of their brand, while consumers can submit URLs they use, such as a bank Web site, to the list of those monitored, CipherTrust said in a statement Tuesday.

The Web addresses are submitted via forms on the PhishRegistry Web site. The system then analyzes the legitimate site using CipherTrust's "Phisherprinting" technology, the company said. The technology essentially creates a "fingerprint" of the genuine pages using source code, images and text as markers.

After that, the system scans the Web and when it comes across a site, determines whether it is authentic by comparing the markers. It sends out an alert when attempts to duplicate the legitimate site have been detected. Site owners will receive weekly reports with information about suspect Web sites, the company said.

Phishing is a prevalent type of online scam in which attackers attempt to dupe Internet users into giving up sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

A common method used to combat phishing is to blacklist known bad sites and to then prevent access to them.

"Blocking does not solve the problem. It's just a temporary fix," Jonathan Zdziarski, a research scientist at CipherTrust, said Tuesday at a spam event hosted by the Massachusetts Institute of Technology. "Our main purpose is to give ammo to the companies being phished so that they can go and perform take-downs of the phishing sites."

The CipherTrust announcement comes on the heels of another effort to help fight phishing. On Monday, Sunbelt Software and online security community CastleCops launched the Phishing Incident Reporting and Termination squad, a volunteer effort to take down phishing Web sites.

Despite industry efforts, phishing is still on the rise. A record 9,715 phishing Web sites were spotted in January, according to a report from the Anti-Phishing Working Group.

CNET's Candace Lombardi contributed to this report from Boston.


Correction: The quote in this story was attributed incorrectly. The speaker is Jon Zdiarski, presenter for CipherTrust at the MIT 2006 Spam Conference.
Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft demos wearable holograms on HoloLens

Microsoft shows off holograms you can hold with a mixed-reality game called Project X Ray. The new game runs on the company's HoloLens platform.