Let’s start by briefly talking about what a Phishing attack is. Then, we will continue talking about what PhishTank offers us, some examples of how we can use it, and, finally, some tips to avoid being victims of a Phishing attack.
What is a Phishing attack
A Phishing attack is intended to steal the credentials of our accounts. The attack usually begins with sending a message that impersonates a legitimate company or organization. Usually, that message they send us contains a link that usually directs us to a cybercriminal’s website or a malicious file. Thus, we find a clear case of identity theft of a company in which the victim will believe that it is on the official website.
The purpose of a phishing attack is that the user, at the moment they log in, ends up giving the cybercriminal their account information, which includes username and password.
It should also be noted that this type of attack is common to direct them towards social networks such as Facebook, Twitter and Instagram. However, they are not the only ones, it also affects the main email servers such as Gmail, Yahoo! and Microsoft accounts. Nor should we forget about our bank accounts that can also suffer a Phishing attack.
What is PhishTank and what can it offer us
PhishTank We can define it as a free, community website where anyone can send, verify, track and share data related to phishing. As for its origins, they date back to October 2006 and another way to qualify it could be as an anti-phishing website.
There are also two things to note, one being gratuitous and another that offers no protection. In addition, it is a clearinghouse for information that provides accurate and actionable information to anyone trying to identify bad actors.
The website offers a community-based Phishing verification system where users submit suspected Phishing and other users vote on whether it is a Phishing case or not.
The data is provided free of charge for download or access via an API call, it can also even be used for commercial use, but under a restrictive license. A APIIn case you don’t know, it comes from the acronym for “Application Programming Interface” and its aim is to give computers a way to extract what they need from another computer.
One thing to comment on is that it can be used by both companies and individuals. To be able to do it with all the functions you need to be a registered user. It should also be noted that it is used by such important companies as Opera, Yahoo! Mail, McAfee, Mozilla, Kaspersky, and Avira. In 2018, it was announced that the website would be rebuilt with new features and functionality. However, it should be noted that in 2020 due to repeated abuse of the PhishtTank system, it does not support the registration of new users and remains deactivated for the moment.
Currently, it is being rethought from the ground up to provide the best support, eliminate abuse and operate faster with a machine learning identification system. It should be noted that, although we cannot register at the moment, we can carry out a series of checks, consult statistics and more.
Operation and different sections
The way of working begins when a user finds a suspicious Phishing link.
Then he goes to the section Add A Phish and sends it to the community for further study. Once it is done, it is studied and a decision is made about whether it is Phishing or not. One way to find out how they work and who the members of the community are is to see their statistics section.
Here we can see a graph with the number of daily Phishing attacks sent and verified. We can also observe the most active users knowing the main providers of links and verifiers.
Example of use
Now we are going to put an example in which we can check if a link is a Phishing attack. We are going to put an example in which it is seen that it is not Phishing and another that is. The first thing we have to do is go to the main page of the web, for which we will click on this link.
Its way of working is very simple, on the left we put the URL that we want to check and then click on the button: Is it a phish?
Let’s start with the example that is not a Phising attack, for which we are going to use this example:
After entering the URL, click on Is it a phish? and it will offer us these results:
The answer that gives us is Nothing known about, which means that they do not know anything about the site we have selected. Now it is time to use the tool with a link with Phishing, such as this:
As in the previous case we put the URL and click on the button Is it a phish? and PhishTank will offer us very different results:
Here we obtain the information that it has been verified that it is Phishing, and that the threat is still active online. Therefore, it can be a good tool to check in case of doubt whether it is a whether a link is Phishing or not.
What to do to protect ourselves from a Phishing attack
The first thing is have our equipment and devices updated with the latest updates. On the other hand, measures such as having a good antivirus and antimalware software are highly recommended. Also a very important tool is to use the common sense, and always be alert. For example, do not open links or download attachments from sources of questionable origin.
Other important things that can improve our security are:
- We must analyze the grammar and appearance of the message. In case it contains spelling mistakes, and the text seems to have been translated from another language, we should be suspicious.
- Make a check that the link has the correct domain before clicking on it.
- We must ensure the protection of our accounts with multi-factor authentication.
- When they play with the rush and urgency it can also be an indication that something is not right.
Finally, these measures together with PhishTank to check the links, can be the starting point to keep us safe.