CipherTrust sets up PhishRegistry.org to help combat phishing

At last week’s MIT Spam Conference, CipherTrust announced PhishRegistry.org, a tool designed to combat phishing attempts. This free service allows legitimate organizations to register their Web sites, after which CipherTrust will monitor these sites and the Internet and then notify registered organizations of attempts by phishers to misappropriate their brand and other Web site content, such as logos. PhishRegistry.org will provide registered organizations with weekly reports about suspicious Web site activity.

The PhishRegistry.org Web site lists a variety of organizations, including large organizations like Citibank, Cingular, Merrill Lynch and the Royal Bank of Canada. As of this writing, 795 organizations were listed on the site and nearly 80% had some form of phishing attack directed against them.

The goal of PhishRegistry.org is to shorten the time between the introduction of a new phishing attack and a victim organization’s awareness of it. The thinking behind the service is that if owners of legitimate Web sites can more quickly discover phishing attacks that use their brand and Web site content, they can more quickly notify their customers to be on guard against the attack, thus minimizing the impact of new phishing attempts.

While the theory behind PhishRegistry.org is certainly sound, it remains to be seen how effective the service will be, since a key element in combating phishing attempts is to make potential victims – namely, customers of victimized organizations – aware of the attempt and to take appropriate steps not to fall prey to it. In other words, while CipherTrust’s new service is an important step forward in the war against phishers, combating phishing is primarily about notifying potential victims rapidly and effectively.