PhishTank vs. Anti-Phishing Working Group

phishingRecently I’ve been asked to design a system to detect phishing attacks for a rather large organization. One of the first things that came to my mind was to contact the anti-phishing organizations to see how I could integrate with their system .

Well, it turns out that the biggest two online anti-phishing databases are PhishTank and Anti-Phishing Working Group (APWG). However, I noticed some big differences between these two organizations.

1. Founders, Development and Support

  • PishTank is operated by OpenDNS
  • APWG apparently is operated on a voluntary base but their Premium and Sponsored Members list is impressive because you can find almost all the big names in security; it’s like a Fortune 100 security directory 🙂

2. Services offered

  • Phishtank offers free submission (free reg. required) of suspect URLs considered to be phishing sites. They even provide a free API to integrate in your applications. You can add and search for a phishing site right away. Impressive.
  • APWG on the other hand offers the possibility to submit emails which are considered phishing emails. And that’s pretty much all that’s offered for free. The most recent publicly available scam email is dated July 4, 2005 , almost 2 years ago.  But ! you can go to one of their partners which sells the complete database of 175916 email scams harvestes so far.

So I might be completly off the right foot here, but my guess is that PhishTank is trully a community effort whereas APWG is the product of a huge coallition of security vendors which use the submitted phising data to improve their security tools.

Am I wrong about these assumptions and sould lower the level of paranoia & conspiracy theory?  🙂
Which service do you use and where would you submit a piece of phishing evidence ?

Thank you for reading this post. You can now Read Comments (4) or Leave A Trackback. Print This Post Print This Post

4 Responses to “PhishTank vs. Anti-Phishing Working Group

  • 1
    David Ulevitch
    May 18th, 2007 01:06

    Interesting timing, as usual. Do you have a microphone in our office? 😎

    Check our press release section of OpenDNS on Monday.

  • 2
    Dragos Lungu
    May 18th, 2007 01:18

    I don’t have a microphone in your office but I’ll take a wild (educated) guess about your next step: Firefox / IE extension which checks PhishTank’s URL database.

    I would love to see that users have more alternatives for real time phishing notification.

    And of course, managed anti-phishing service for financial institutions would be great!

    Keep up the good work David and let me know when the PhishTank toolbar is released ! 🙂

  • 3
    David Ulevitch
    May 18th, 2007 07:32

    Somebody already made one of those…

    Toolbars aren’t are business (and they annoy me) — I don’t believe in making people download software when there is so much amazing potential to make the network smarter and more intelligent.

    Here’s another mini rant I was just thinking about: Why should my anti-virus software ask me if I want to auto-update? What a dumb question to ask. I’m lazy, I don’t want to “do” anything. If it needs to update it should just update. 🙂

  • 4
    PhishTank AND Anti-Phishing Working Group join forces | Dragos Lungu Dot Com
    May 22nd, 2007 10:55

    […] May 17 I wrote about the main differences between PhishTank vs. Anti-Phishing Working Group and I was quite suprised to read David Ulevitch’s comments on that post about an imminent […]

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge