Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams.

Netcraft launched an anti-phishing system at the start of 2005: people install a toolbar and effectively become part of a giant neighbourhood watch system whereby the most experienced members of the community can report phishing sites and effectively block them for the rest of the community.

Some 5,400 unique phishing sites have been detected and blocked to date [late April 2005] and the community has been widely featured in the media from the Washington Post & Wall St. Journal through to Slashdot.

Netcraft is now making available the list of phishing sites reported by the Toolbar community and validated by Netcraft as a continuously updated feed suitable for ISPs, hosting companies, enterprises, and other companies that operate mail servers and web proxies, or network monitoring systems.

The feed can be used to prevent customers and employees from succumbing to phishing attacks and presents an excellent opportunity for ISPs to win new customers and to reassure existing customers by taking a proactive stance against fraud by providing phish-free web and mail.

Well constructed phishing mails often get through conventional spam filters as they may carefully mimic bona fide communications. According to Verisign, between 3-5% of people receiving a phishing attack have given away details of their bank accounts.

The phishing site feed offers real time protection against phishing. This can be deployed in a variety of ways:

• Integration with mail servers to prevent customers from receiving emails that contain phishing URLs, and also to prevent such emails from being sent.
• Integration with web proxies to deny access when a phishing URL is visited.
• Integration with intrusion detection systems and other network monitoring tools to block phishing activity in unconventional channels such as Usenet, FTP and IRC.

Phishing Feed Details

The phishing site feed is a continuously updated encrypted database of patterns that match phishing URLs reported by the Netcraft Toolbar community and validated by Netcraft.

The feed employs a versioning system to ensure that customers who have fallen behind can catch up incrementally, or if necessary, by requesting the full database.

The feed is available for a wide range of proxy servers and mail servers, while reference code and technical documentation is supplied to demonstrate how to integrate the feed into bespoke content filters, firewalls, network IDS and similar applications.