What motivates you to help with PhishTank?
posted by John Roberts on December 19th, 2007 in Community, Members, PhishTank
Whatever your motivation, we salute you.
Some Carnegie Mellon University researchers would like to know more, as part of ongoing work at their CyLab on phishing in general.
We’re conducting a survey of anti-phishing volunteers, as part of ongoing
research in Human Computer Interaction regarding phishing. The survey will ask
you questions regarding how volunteers spend their time, motivations, and what
tools are important for the task. The survey should take 5-10 minutes to
complete.Those who are willing may volunteer at the end of a survey to be interviewed.
Interviews will be held over the telephone, and we will offer a $10 gift certificate
as a token of our appreciation for those who participate in the interview. We
expect interviews will take from 30 minutes to an hour.All personal information collected in the course of this research will be
anonymized before publication.
http://www.surveymonkey.com/s.aspx?sm=35TJTRQ4Niem30Zehbh_2fQg_3d_3d
Take a few minutes and let them know your thoughts. It’s useful when the good guys help each other.
Leave a response below, or send a trackback from your own site.
I am quite motivated to assist with this site, and have been an active anti-phishing advocate. However, Ive noticed the following:
As an operator or numerous legitimate sites. Ive stumbled upon a serious problem with this site and whole concept. The methods of phishing have evolved, and they often use legitimate sites as a means to carry out phishing attempts. I am a victim of this, as I have seen my sites victimized, weither it be spoof attempts, or cross linking, by phishers, and subsequently seen my site blacklisted, a process which is long and arduous to recover from. It is IMPERATIVE for those identifying phishers that you identify the phishers themselves, not the site they exploited to carry out their attack. I currently host many users free of charge and provide services to many, however one phisher uses these resources for malice, and rather than be identified, my entire site becomes blocked, leaving the phisher free to employ methods elsewhere. An argument would be that all site admins are responsible for securing sites against this, but it takes relatively little effort for phishers to stay 1 step ahead at least for an effective timeframe. Finding phishing pages is NOT as simple as cut and pasting a URL, as phishers are smart, and we should assume so. They will almost NEVER use their own servers/resources directly and obviously with information leading to them available via url or whois. It is much more complex than this post, vote and condemn. Granted there are obvious attempts, such as similar domains, but overall the most effective phishing on the net are not nearly so simple. My own and many others have been the victim of this site and others who use SIMPLE MEANS TO SOLVE A COMPLEX PROBLEM. I support the effort here, however I strongly believe it needs much work and consideration.
What were the results?