Internet security firm OpenDNS is announcing today that it has stopped more than a million online scams aimed at stealing your identity.
OpenDNS runs the world’s largest DNS (Domain Name Service), or address book for the internet. Back in 2006, OpenDNS created the Phish Tank, a free community web site, to test links that are suspected of being “phishing” attempts, or scams that attempt to trick you out of your username and password for various online accounts.
Users, security professionals, researchers and academics can submit suspected phishing sites and then vote “phish” or “not phish” on others’ submissions. In that sense, it’s an example of leveraging the “wisdom of the crowd,” which usually winds up getting it right. When a submission is verified as a phish, that fact is shared with a variety of online services, including Yahoo Mail, McAfee, Opera Software, Mozilla, Kaspersky Lab, and a number of other entities.
Prior to the creation of the Phish Tank clearinghouse, anti-phishing work was performed by large security companies working independently to verify phishing sites. That didn’t work well because it was slow and resulted in a lot of false positives, where sites were wrongly classified as phishing sites. Phish Tank eliminated duplicate efforts and showed there was a way to leverage the entire community’s knowledge to catch up with the bad guys.
After four years of catching phish, OpenDNS said the 1 millionth phish link identified was a fake Citibank site. The clues were multiple. First, it had a non-secure sign in. Bank web sites always have a secure web link that starts https://. The phish site also had a forged link, or URL. Here, the domain name was focuforum.sk. In fact, Citibank’s U.K. web site is http://www.citibank.co.uk. The site also had fuzzy images and poor resolution.
“The 1 million phishes milestone is a huge accomplishment for the PhishTank community and for OpenDNS, and one that certainly validates the site’s unique approach,” said David Ulevitch, chief executive of OpenDNS. “We started PhishTank in 2006 because we believe that fighting phishing should be a collaborative effort. The data collected by PhishTank and used by services around the world has prevented tens of millions of people from exposure to fraudulent and identity-stealing websites.”
Ulevitch said that OpenDNS will maintain and improve Phish Tank as a service on the internet. In the coming months, the company will devote more engineering resources to it. In the past two weeks, the company has deployed new hardware for the Phish Tank’s infrastructure. The enhancements will make Phish Tank easier to use and faster.
The fake bank link is typical of the web sites submitted to Phish Tank. Brands are commonly attacked. Paypal and eBay are two of the most popular targets of phishing scammers. Back at the beginning, online bank sites were phishing victims. Then Google became a popular target in 2008. In 2010, social networking sites such as Facebook, MySpace and Orkut became targets, as did World of Warcraft and Valve’s Steam game distribution site. Check here for the latest stats.
OpenDNS was founded in 2005 and has 28 employees. The company has received two rounds of funding from Sequoia Capital and Greylock Partners. The amount is undisclosed. Today, roughly 1 percent of the world’s internet users use OpenDNS.