If you haven’t yet heard, Opera and OpenDNS announced this morning that the latest version of Opera has built-in phishing protection powered by PhishTank. That’s right, the phishing sites you submit to PhishTank, that are then verified as real phishes, are blocked for users of Opera 9.1.

Opera’s community manager, Espen Overdahl, blogged about the addition of PhishTank intelligence to 9.1.

Welcome to PhishTank, Opera community.

What if you could get all the intelligence of PhishTank right in the application where you receive the suspicious emails? For Outlook and Outlook Express users, you can now!

The team at Project Honey Pot used the PhishTank API to bring PhishTank capabilities right into Microsoft Outlook and Microsoft Outlook Express, the popular Windows email clients.

The key feature is the ability to check a suspicious email against the PhishTank database right in your email client and (if necessary) report a phish. It’s seamless, giving you a one-click way to make your Internet use safer. PhishTank will benefit, too, from making submitting suspected phishes even easier.

You do need a free PhishTank user account to benefit from the Addin. For security’s sake, you will be asked (once) to authorize the use of the Addin with your PhishTank account.

Go learn more and get the software.

Kudos to Brandon and Eric, especially, and thanks to the entire team at Unspam (the company behind Project Honey Pot).

Submission 40965 is NOT a phish.

The PhishTank community is slowly reaching the right conclusion. Emphasis on slowly. But it’s hardly the community’s fault.

The site is http://www.paypalchristmas.co.uk/. It is not operated by PayPal, as you can tell on the Technical Details tab of #40965, adding to the confusion!

But the site is affiliated with and approved by PayPal.

Given their high profile (#2 in November 2006, for example), PayPal should think very carefully about using alternate URLs for anything with their name on it. Submissions 42483 and 42482 are additional examples where the site is legitimately affiliated with PayPal, but it is very hard to know that without digging deep.

But a company’s domains are their choice. I simply wanted to draw the attention of the PhishTank community to this example, as I’ve done with other examples.

Firefox 2.0 improperly calls this site a phish. IE 7 is confused, some times saying it’s a phish, some times saying it doesn’t know. I’d like to encourage PhishTank to get it right.

So, vote wisely. Vote NOT a phish. Please.

P.S. eBay (parent company of PayPal) hosts images and other, well, static content at the genuine domain ebaystatic.com is a genuine domain, so submission 46522 is also NOT a phish.

P.P.S. 42482, 42483 and 40965 were submitted by MASA as tests, with approval: they were known to be confusing, but legitimate. The community is passing the test, but I wanted to hurry the process along. Just wanted to make it clear that MASA is not polluting the Tank here; in fact, MASA is a moderator.

When blog comments are not enough... it's time for a mailing list. PhishTank can improve faster if its members and developers are talking directly to each other, not just sharing their ideas or frustrations directly with the team here. With that in mind, here are two mailing lists, one for anyone & everyone involved with PhishTank and one for developers who want to discuss the PhishTank API and data uses.

In both cases, only subscribed members may post to the list. Postings are not moderated. Postings are archived on a corresponding website, which isn't pretty yet, but email addresses are stripped, of course, to prevent harvesting.

Users

For general discussion within the entire PhishTank community: PhishTank Users

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/users/

Developers

For discussion about developing with the PhishTank API, and with PhishTank data more broadly.

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/developers/

The PhishTank administrators are on both lists, of course.

Wasting no time at all, we added statistics for November 2006 to our stats page today. We also issued a press release about the Tank’s findings.

Highlights include:

• Total number of votes by the PhishTank community: 93,103
• Total number of unique, suspected phishing scams reported: 18,130
• Country hosting the most phishing sites: South Korea
• Percentage of phishing sites hosted in South Korea: 39
• Median time it took for the PhishTank community to verify phishes: 5 hours, 28 minutes

The big change we noticed from last month’s stats was country of host. In October the country hosting the most phishing sites was the United States with 24 percent. In November it was South Korea, with a much higher 39 percent. Don’t interpret this to mean that phishing is a bigger problem in South Korea than in other countries - it doesn’t mean it’s where the target of the phish is and it doensn’t mean it’s where the phisher sent the e-mail from. It just means it’s where the phishing Web site is being hosted.

If there are additional stats you’d like to see, let us know.