One day down… the Tank is fillin’ up!
posted by Allison on October 3rd, 2006 in PhishTank, PhishTank in the news
A short post to extend our sincere thanks to everyone who checked out PhishTank on its first day. You guys are awesome.
And an extra special thanks to everyone who wrote about PhishTank. That’s you, Paul, Scott, Jason, Dr. Subrahmanyam, Chew, RSnake, Tyler, Abdul, Amit, Scotty, Chris, DJN, Ramanan, Cyberfrancis, Tom, Kelly, Mathew, Andy, Jordan, Owen and Oliver, Joe, Karl, David and Ben.
As I write this, we have more than 330 submitted and 160 verified. Not bad for the first day-and-a-half. 
Keep it up, guys. It’s working…
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.
Leave a response below, or send a trackback from your own site.
Your offline detector is not always working, it says offline while the phishing site is still online.
We review all the flags (seen yours, thanks!), and we’re reviewing the online/offline process. Community helps us learn what to improve, which is great.
Yeah, I ran into the same situation. I submitted email about it to the developers too
your project PHISHTANK having BUG and causing phishers using backdoor to fool the voteing system,
proof :
in your phishtank verify section one site is there
http://202.129.37.114/update/cgi-bin/webscrcmd_login.php
if you see screen shot it will show something goodscreeen not REAL one.
BUT IF YOU open that link in browser it will show REAL SCAM site.
sir, dont use site screen shot as default for voteing system, phishers got hack for your system, they showing wrongs image – while you extract your system, but if you open that phihing link it will show real “scam” site ,,, make site open in frame as default not screen shot
Thanks
you can contact me at any time – big2all@gmail.com
Many thanks to Gina Trapani at Lifehacker for alerting me to this excellent site.
No no, Thank you PhishTank developers. You guys are the ones allowing us to, as a community, stop these script-kiddes. Now, if only we had some way of vengeance; there a way to do a DoS or eat their bandwidth? Seriously though, thanks a bunch.
It’s just what the internet needs.
David Branco,
Something will be done. People like the folks at PIRT can take our data and start doing the detective work and going after sites and operators. I don’t think DoS’ing the sites is the right course of action because it’s usually just hosted on a compromised web server that some random person has no idea is being used to run a phish scam.
You missed me! http://www.existdifferently.com/archives/2006/10/02/toss-some-phish-in-the-tank/
David S. – My sincere apologies. You, of course, were one of the first to blog about PhishTank!
Please see edited list.
When I forward from my yahoo email account, it is showing MY EMAIL page…. not the site I am trying to report… please fix that!
Neat resource – thanks to those who offer it.
I’ve been reporting phish attempts received in my email
to the following entities for several months now:
reportphishing@antiphishing.org, phish@ists.dartmouth.edu,
spam@mailpolice.com, phishing-report@us-cert.gov,
postmaster@mailsecurity.net.au, report@reportphish.org
About a year ago, my aunt’s bank account was drained
as a result of one of these scam emails, and I have
made it a mission to get some payback. Here’s hoping
that PhishTank can help me to do that.
[...] The service seems to have got off to a good start, with nearly 12,000 (amendment: according to this post only 330 ) phishing sites reported already! If these rates continue, which I doubt they will after the hype, the service would be huge. However, if this could be integrated into webmail systems (for example, if the Report phishing option, in Gmail forwarded it to PhishTank), this would be sustainable. [...]
OK – you’ve made a good start – but what I want is this integrated into my WebMail client!!!
Could you talk with the guys at GoDaddy.com ? They are using an open source webmail client that’s widely used.
They could easily integrate via their Ajax front end into your API. That way when I open an obvious Phishing email – I can just right click on it (they have that menu already for Spam logging) – and choose “Report Phishing”.
You can then scan the email for http: in it – extract – record – and even link to a copy of the email itself so people know what to look for.
Then of course the reverse beckons – when they deliver my email – they can flag suspected phishing mail…
Thanks!
Oh – one more thing – since they register to your api. – they will proxy me – since you trust they know who their paying email custimers are.
That way – I do not have to register at phishtank too – since I just proxy in thru them – and you have the audit trail already – to “GoDaddyUsers”.
Cheers, DW