It’s been a full two years since we launched PhishTank. In that time more than 1 million unique, suspected phishing scams have been reported to this Web site. They’ve come from folks all over the world, and they’ve been all kinds of phishes.

Predictably, we’ve seen phishers keep up with trends and events and take advantage of unsuspecting people. When U.S. tax season rolled around, we saw an influx of I.R.S. phishes. When MySpace and Facebook reached a critical level of popularity, we saw phishes using those brands. Most recently, we’ve seen phishes exploiting the global financial crisis. (”Your bank is shutting its doors. But we now offer you the option to have your account moved on our servers abroad. This will prevent any financial loss from your account in case the U.S. financial system collapses. Please give us your info so we can move your account.”)

The 1 million number is certainly impressive, but perhaps a more important number is 350,000: that’s the number of verified phishing attacks PhishTank has blocked for users of OpenDNS and all the many other services that use PhishTank data. That’s 350,000 phishes, each one with potentially devastating outcomes for thousands of recipients.

When PhishTank was launched in 2006, it was because OpenDNS had set out to find a source of phishing data that was accurate and reliable. That didn’t happen. All of the phishing feeds available were ridden with false-positives and way too expensive. We were convinced there was a better way. And after two years of resounding success with PhishTank, it turns out there was.

Congratulations to everyone involved in the PhishTank community, from the people who’ve submitted just one phish to the moderators who spend hours and hours working to clean up the Internet of phishing and keep others safe. Here’s to another 2 years.

Fantastic news: Yahoo! Mail, the world’s largest Web mail service, uses PhishTank data to help protect its 250 million users.

Here is the press release on the OpenDNS site, or read the official release on PRWeb. One quote:

“By combining the data received from PhishTank.com with other anti-phishing resources, we are currently protecting Yahoo! Mail users from nearly 14 million phishing email messages per day. Listening to the community, developing enhanced technologies and collaborating with security leaders continue to be priorities as we work to protect email users from the industry-wide problem of phishing,” said Miles Libbey, Yahoo! anti-spam product manager.

Our thanks to Miles, Carlo Catajan, and others on the Yahoo! Mail team for taking this step and doing even more to protect their customers. I’ll share one more quote, which sums up our feelings here at OpenDNS:

“OpenDNS is thrilled Yahoo! Mail has chosen phishing protection powered by PhishTank,” said David Ulevitch, CEO of OpenDNS. “PhishTank is firmly rooted in the belief that the fight against phishing is a collaborative effort and we encourage other organizations to follow Yahoo! Mail’s lead.”

To the entire community: Thank you!

Matt Horning of NMGI wrote to share their use of the PhishTank data. NMGI focuses on managed services, consulting, and its DoubleCheck product, an email appliance that provides anti-spam, anti-virus, and anti-phishing services.

We use SpamAssassin for a majority of our spam accuracy. We also use URI blacklists like URIBL and SURBL. We use Clamscan for our phishing protection up until recently. Now that we’ve combined the predictive accuracy from Clamscan and the known phishing links from the PhishTank data on SURBL, we’re offering our customers superior protection.

---

It’s fun to see where PhishTank data is used. If your organization, company, product or service is using PhishTank data and is willing to tell the world, we’d like to hear about it.

We’ve got more good news to share.

Andrey Nikishin, the Director of Hosted Security Services at Kaspersky Lab, wrote:

I would like to inform you that Kaspersky Lab uses PhishTank database to detect phishing messages passing through the Kaspersky Hosted Security : mailDefend service. The PhishTank database allowed us to increase the accuracy of detection. Thank you very much for the excellent job you are doing.

Excellent! Nice to see the global PhishTank community helping out an international information security company. It’s also great of Andrey and Kaspersky to let us know.

I would also like to thank one of our moderators, Micha, both for individual contributions (check the stats page!) and for educating Kaspersky about PhishTank.

---

Is your organization using PhishTank data? We’d love to hear about it.

While PhishTank currently is presented in English, phishing is worldwide. The submissions reflect that global scale, and the stats tell the same global story.

From Germany, Michael Schindler was kind enough to point out his company’s program, Officer Blue. This Windows program, offered in German and English, incorporates PhishTank data (via the XML file) as a key element in its ratings for sites. Michael noted that Officer Blue always makes a point of referencing PhishTank. That’s helped get PhishTank some German press, too. Danke schön!

My understanding of the product is courtesy of the English version of their site, which may be useful for others as well.

Companies and organizations of all sizes find the PhishTank data useful. I love telling you about them all!

St. Bernard is on the larger side, with thousands of customers using their software on millions of computers. I don’t know everything St. Bernard’s software and services do, but phishing prevention is part of their solution.

So I enjoyed receiving the following note from Morgan Christian, the iGuard Development Manager.

As a global provider of comprehensive security and hosted office solutions for small and midsize businesses, St. Bernard uses PhishTank to augment its phishing site listings.

When PhishTank is part of the solution, we’re all doing our part.

---

Reminder: the high-quality data created by the PhishTank community is free for all, and available in multiple ways.