A newly launched project wants to help inform IT security representatives and domain owners when their users fall victim to phishing.
Named ‘I got phished’ and coming from malicious activity monitoring site abuse.ch, the project collects information on users who became victims of phishing by entering their credentials on a phishing website.
“The purpose of the project is to notify security representatives such as CERTs, CSIRTs, SOCs but also domain owners about potential phishing victims within their constituency,” the service’s maintainer explains.
The data is not generated by ‘I got phished’ or by abuse.ch, but comes from third-party, trusted IT security researchers. Thus, the project is not interested in how the data was procured or its accuracy.
As part of the project, only the email addresses of the victims that got phished are stored, as they are needed to notify the service’s users about the compromise.
‘I got phished’ does not store passwords and doesn’t directly notify phishing victims either, which sets it apart from Have I Been Pwned, the service maintained by Australian cybersecurity expert Troy Hunt.
The service only accepts submissions from vetted security researchers and only sends notifications to IT security representatives and domain owners, based on the domain name.
“If you are an individual (user), it is not possible to register your email address on I got phished. I got phished reports based on the domain name and not on an individual email address,” the service’s maintainer explains.
Security teams and domain owners can register to ‘I got phished’ to receive notifications if their corresponding domain name is present in newly added data sets. Only domain names can be registered, but not sub-domains.
The service also provides an API that vetted security researchers can use to feed data on phishing victims.
To date, ‘I got phished’ has over 2,000 registered users and information on more than 4,100 domains whose users fell victim to phishing, with 5,400 email addresses compromised in phishing attacks.
Related: Advanced “16Shop” Phishing Kit Expands Offerings
Related: Europol on Methodology Behind Successful Spear Phishing Attacks
Related: Understand More About Phishing Techniques to Reduce Your Digital Risk
More from Ionut Arghire
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- Critical QNAP Vulnerability Leads to Code Injection
- GitHub Revokes Code Signing Certificates Following Cyberattack
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Microsoft Urges Customers to Patch Exchange Servers
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
