Whatever your motivation, we salute you.

Some Carnegie Mellon University researchers would like to know more, as part of ongoing work at their CyLab on phishing in general.

We’re conducting a survey of anti-phishing volunteers, as part of ongoing
research in Human Computer Interaction regarding phishing. The survey will ask
you questions regarding how volunteers spend their time, motivations, and what
tools are important for the task. The survey should take 5-10 minutes to
complete.

Those who are willing may volunteer at the end of a survey to be interviewed.
Interviews will be held over the telephone, and we will offer a $10 gift certificate
as a token of our appreciation for those who participate in the interview. We
expect interviews will take from 30 minutes to an hour.

All personal information collected in the course of this research will be
anonymized before publication.

http://www.surveymonkey.com/s.aspx?sm=35TJTRQ4Niem30Zehbh_2fQg_3d_3d

Take a few minutes and let them know your thoughts. It’s useful when the good guys help each other.

By now, most of the PhishTank community has seen the dramatic surge in submissions. It’s not malicious, but it is quite noticeable.

In the last few days, two different organizations decided, independently, to start submitting the suspicious URLs they receive to PhishTank. They benefit because the data is further validated and distributed far and wide. PhishTank benefits from some high-quality submissions, and broader coverage in its free data distribution.

Clearly, though, the new volume is dramatic.

And it didn’t help that one of the feeds went awry. The submissions were still phish (or possible phish), but the filter wasn’t tight enough. Those have been removed. Still, lots to verify at the moment.

The community has some work to do in catching up. Thank you for your patience. We are digging on small, immediate steps we can take to speed things up and make the volume manageable. Also, we’re revisiting the thorny problem of how to judge a domain.TLD combination (example.com) as a phish, so that all the wildcarded submissions which match that domain.TLD combo gets the same designation. We know this would help dramatically.

This is not simple, but it has been discussed before, so we’re not starting from scratch. The community’s time and attention is valuable; we do not want to waste it. We also don’t want to lose the collaborative human judgment that makes PhishTank so useful to the Internet at large.

Please don’t stop telling us where we can get better, and don’t stop voting/submitting/flagging. I’d remind you all about the mailing lists, especially the user list.

Please do invite your friends to join this fight. We can always use some more help.

Note: the organizations in question would like to remain discreet for now; that’s fine with us, although we like to share where possible. If your organization would like to submit suspected phishing URLs/emails to PhishTank at a higher volume, please let us know.

Back in November, I welcomed the first group of PhishTank moderators.

That first group (Simurgh, clubjuggle, funchords, micha, Sedna, spamfighter, Chris1948) was joined by Char shortly afterwards, and MASA a couple of weeks later.

Last week, a bunch of stalwarts — quite recognizable from the stats page — joined the moderator crew. Please join me in greeting the new moderators: JustaPerson, cleanmx, ruralnetcop, milky, bowlby4, miowpurr, buaya, thelionheart, DougieLawson, polymorp, tetak, and pscs.

This expanded team has helped take charge of site activities, and there are lots of ideas percolating for improvements. On a related note, the users mailing list is quite active, too, with lots of good ideas. Many of the moderators are there, too.

As I type, the first outside developers (still room for more) are getting their development environments set up .

All over, 2007 is going to be a good year for the ‘Tank.

When blog comments are not enough... it's time for a mailing list. PhishTank can improve faster if its members and developers are talking directly to each other, not just sharing their ideas or frustrations directly with the team here. With that in mind, here are two mailing lists, one for anyone & everyone involved with PhishTank and one for developers who want to discuss the PhishTank API and data uses.

In both cases, only subscribed members may post to the list. Postings are not moderated. Postings are archived on a corresponding website, which isn't pretty yet, but email addresses are stripped, of course, to prevent harvesting.

Users

For general discussion within the entire PhishTank community: PhishTank Users

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/users/

Developers

For discussion about developing with the PhishTank API, and with PhishTank data more broadly.

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/developers/

The PhishTank administrators are on both lists, of course.

The following post was written by PhishTank member funchords, a very active member of the community, and currently the top submitter to PhishTank.

Submission 22779 is such a professional-looking employment ad, one might even wonder why it was submitted as a suspected phish site. Most likely, redpriest realized that the ad was looking for a Money Mule — a person who launders phishy money through their personal accounts and moves it overseas.

It’s both illegal and risky — and most Money Mules end up getting burned as soon as the phish-site victims realize that their credit cards or identities have been compromised. In addition to possible trouble with the police, the Money Mule gets to pay back the banks and institutions that were involved in the fraud. Money Mules take all the heat while the real crooks disappear into anonymity.

So why was Submission 22779 marked “Verified: Is NOT a phish?” Because, even though it probably is related to phishing, it really is not a phish. It isn’t masquerading as an institution one already trusts in order to obtain financial information.

While PhishTank endeavors to quickly and accurately identify Phish, our friends at CastleCops.com specialize in working with government and internet concerns to shut these criminals down. CastleCops has an e-mail address to report suspected Money Mule advertisements: mules@castlecops.com.

Got a phish? As always, throw it in the PhishTank. But if the crooks are “fishing” for a Money Mule, then report it to mules@castlecops.com.

Why were the OpenDNS offices empty by 4:45 yesterday? Because we were hurrying to a neighborhood haunt to watch PhishTank on TV!

Our very own John Roberts was interviewed for a segment called “ConsumerWatch: How To Fight Back Against Phishing” on KPIX, the local CBS affiliate in San Francisco. The segment came out awesome. You can watch it here. Note that submission #19362 got its 5 seconds of fame. Bet billwake didn’t think it would end up on TV when he submitted it. Thanks to billwake for submitting and Simurgh, krellis, alanjshea, hawk82, jbrunette, polymorp, IntrepidEddie, jkrieger3, irixman, someone1234, miowpurr, bastardblaster, clubjuggle, dr1, Sierran52, lyagushka and jpohl for verifying.

Some of us (not mentioning any names) never made it back to the office, which might explain why this post is just going up now, halfway through the day.

Yesterday eWEEK published a great column from seasoned security expert Larry Seltzer about PhishTank. I encourage everyone to read it as it addresses some important issues and concerns. Larry acknowledges that “The [PhishTank] voting system is good because it’s fair and effective, but it also makes it imperative that a large community be constantly examining the submissions and voting.” And Larry’s eWEEK colleague Ryan Naraine also wrote a well-informed news article about the site.

Thanks go to Eric Suesz at Macworld, for writing an article comparing PhishTank and OpenDNS to Symantec’s Norton Confidential for Mac. Eric raises some good points about phishing, including one in particular I agree with: “Maybe the solution to phishing is all about community.” Like the way you’re thinkin’ Eric.

Mark Joseph Edwards at Windows IT Pro, too, gets our thanks for his PhishTank article published yesterday. His headline, “PhishTank Aims to Blow Scammers Out of the Water,” is great and a play on the name of the site that I hadn’t yet heard. (And believe me, I thought I’d heard them all. )

CNET’s security guru Joris Evers takes a look at PhishTank one week into its life and reports that, at presstime, PhishTank had about 2,300 (!!) submissions. Joris mentions CastleCops, an organization we’re big fans of.

Last but certainly not least, UK tech writer Matthew Broersma wrote an article about PhishTank yesterday for Techworld.com that was picked up state-side by CIO Magazine. Glad to see he aknowledged Spamfighter, our No. 1 submitter with a total of 454 phishes - and climbing.