Hunting down phishing sites

The most effective way of fighting phishing websites is to find and block them before a link to the site gets sent to potential victims via mass e-mailings. One way of finding phishing websites is to use the Mark Alert service from Domain Tools, which tells users when a domain which infringes their trademarks is registered with a registrar. This can, however, be used for more than just preventing trademark infringements - it can also be used to find websites which conceal nefarious purposes.

The manufacturer of F-Secure anti-virus software recently used Mark Alert to find a not yet activated, but already available phishing server and tried to remove it from the web. It is not unusual for, say, phishing websites posing as banks to include the name of the bank, whose customers they are trying to fleece, in their URL, in this case it was 0nline-bankofamerica.

If an organisation is able to receive alerts of all domain name registrations which include their trademarks in a URL, it becomes easy to recognise at an early stage if such sites are intent on fraud and to inform the provider or host, in order to remove the site from the web.

Mark Alert will send the user an alert if any matches are found between new domain name registrations and a string entered via its front end.

The service is free for the first alert for one monitored text string. Thereafter it costs 15 dollars for 10 alerts per month. Mark Alert can also be configured so that the user is alerted about variants of the text string in a domain name. Attempts to conceal "postbank" as "postbonk" will be found through the two text strings "post" and "nk".

See also:

• How to locate new phishing sites, weblog entry from F-Secure
• Mark Alert, Domain Tools homepage

(trk)