Security vendors are launching two sites aimed at helping people report and avoid phishing attacks. PIRT, the Phishing Incident Reporting and Termination squad (click here for more information), is a volunteer online community designed to take down phishing sites, while CipherTrust's PhishRegistry.org site, due to be launched today, will be a service designed to warn legitimate websites when they are being spoofed by phishers.
The PIRT site is looking for volunteers so it can report on phishing scams and get in touch with authorities to have the sites in question taken down as quickly as possible.
"It’s the first public takedown community we know of, and we hope to start nailing these sites," the site's founders said in a statement. PIRT is being managed by antispyware vendor Sunbelt Software and Computer Cops, owners of the CastleCops online security network.
The second effort, backed by security vendor CipherTrust, is a free online notification service where companies can register their sites and then be notified whenever CipherTrust's sensors detect that legitimate web pages are being spoofed by phishers.
Phishregistry.org will use the same Phisherprinting algorithms used by the company's CipherTrust Radar service to determine whether a site is being spoofed, explained Paul Judge, the company's chief technology officer. "This is an effort to allow a broader set of organisations to benefit from this monitoring," he said.
These two websites represent a growing movement to fight back against phishers, who send unsolicited email directing users to phony websites, all in the hope of tricking them into revealing sensitive information.
Last week, Microsoft pledged to bring about 100 legal actions against phishers in EMEA (Europe, the Middle East and Africa) over the next few months. Organisations such as the Anti-Phishing Working Group and Digital PhishNet have already been formed to combat this growing problem.
According to a poll of 600 business users conducted by security firm Sophos PLC last month, 22 percent of users receive at least five phishing email messages every day.
That's clearly too much, according to Andrew Jaquith, senior analyst with Yankee Group Research. "Users are mad, and damn it, they're not going to take it anymore," he said.