Alert sounds alarm on phishing imposters

Phishregistry.org uses "fingerprint" of real site to root out fakes on the Web, then tells businesses if they've been targeted.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
A correction was made to this story. Read below for details.
A new online service promises to send an e-mail alert when a Web site is copied and possibly used in a phishing scam.

The free service, dubbed PhishRegistry.org, is run by e-mail security company CipherTrust. Web site owners can use the service to monitor abuse of their brand, while consumers can submit URLs they use, such as a bank Web site, to the list of those monitored, CipherTrust said in a statement Tuesday.

The Web addresses are submitted via forms on the PhishRegistry Web site. The system then analyzes the legitimate site using CipherTrust's "Phisherprinting" technology, the company said. The technology essentially creates a "fingerprint" of the genuine pages using source code, images and text as markers.

After that, the system scans the Web and when it comes across a site, determines whether it is authentic by comparing the markers. It sends out an alert when attempts to duplicate the legitimate site have been detected. Site owners will receive weekly reports with information about suspect Web sites, the company said.

Phishing is a prevalent type of online scam in which attackers attempt to dupe Internet users into giving up sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

A common method used to combat phishing is to blacklist known bad sites and to then prevent access to them.

"Blocking does not solve the problem. It's just a temporary fix," Jonathan Zdziarski, a research scientist at CipherTrust, said Tuesday at a spam event hosted by the Massachusetts Institute of Technology. "Our main purpose is to give ammo to the companies being phished so that they can go and perform take-downs of the phishing sites."

The CipherTrust announcement comes on the heels of another effort to help fight phishing. On Monday, Sunbelt Software and online security community CastleCops launched the Phishing Incident Reporting and Termination squad, a volunteer effort to take down phishing Web sites.

Despite industry efforts, phishing is still on the rise. A record 9,715 phishing Web sites were spotted in January, according to a report from the Anti-Phishing Working Group.

CNET News.com's Candace Lombardi contributed to this report from Boston.


Correction: The quote in this story was attributed incorrectly. The speaker is Jon Zdiarski, presenter for CipherTrust at the MIT 2006 Spam Conference.