The University of Alabama at Birmingham (UAB) has created the PhishIntel
system. It is used to gather phishing information to share with the law enforcement community. More than 100 law enforcement officers from more than 15 countries have received in-person training on how to use the system to assist in phishing investigations, and more than 100 industry security experts participated in a two-round Beta to provide suggestions for improving the tool.
The system currently contains archived investigative data on more than 300,000 unique phishing URLs, including 189,000 URLs analyzed during calendar 2011. But we need more data! As members of the SpywareHammer
community, we want to request your help in getting even more phishing URLs.
In order to reward participation, eBay has generously provided our first round of prizes for the top submitter of unique phishing URLs each month - an iPad 2!These are the steps you need to follow in order to participate in this contest:
This basically lets us know that these are "your" phishing URL and that you have the right to share them with us, and that you are giving us the right to use these URLs without any restrictions.
When you've registered, you will get an email address that gives you your "ID number
After that, you submit phish to the contest one of two ways:
1) You can use the webform.https://phishintel.cis.uab.edu/contest/submit
If you submit this way, you can cut and paste URLs, one per line, up to 50 per submission.
2) You can use email to "phishcontest
@cis [dot] uab [dot] edu"
If you submit by email, we ask that you change the email subject line to be your user ID number
. So for instance, my "ID number
" is "1268
". So my email will have: Subject:
We're using this as a bit of a spam-filter/turing test. Emails that don't have a valid ID number as the subject line are thrown away as spam. Any URL that is found in the email will be assumed to be a phishing submission. Non-URL text is fine, but the automagic process will extract URLs and process them as potential phish.
What happens next?
When a submission is received, we fetch the submitted URL and subject it to a multi-round phishing test. Three automated rounds attempt to label the phish, and if these fail, they are processed by the UAB Phishing Operations Team manually.
To get a "point
" in the contest:
a) It has to be a "live phish
" at the time we fetch the content (which is withing 10 minutes of your submission)
b) You have to be the first person who submitted the phish to us.
c) The phishing URL has to be "unique
" and "non-wild-carded
". For example, we all know that there are some phishing sites that spam out 1,000+ variations of the URL, but which all point to the same submission. Although the automated system may give points for these, the "winner
" for the month will have their submissions manually verified and "points for duplicates
" will be removed.
At the end of the calendar month, the scores will be verified, and within two weeks the iPad will be on its way to its new owner!
Director of Research in Computer Forensics
UAB Computer Forensics Research Laboratory
part of the Center for Information Assurance and Joint Forensics Researchhttp://thecenter.uab.edu/Note:
Read the SpywareHammer KnowlegeBase Article - What is Phishing?
As a review or for a better understanding of what phishing is. Look in our Glossary for the definition of an URL