Web company OpenDNS have launched the PhishTank system which allows registered users to enter details of sites they believe are involved in phishing, or to unlist sites that have been wrongly accused. Data also comes from other sources – presumably trusted online databases of known cybercriminals – and the data is available via a free API to allow it to be used in other systems.
The site is supposedly here (www.phishtank.org) though when I visited it I got an Apache server setup message, so things may not quite be in place yet.
Members can then use this service to keep them safe from visiting suspect sites. Exactly how this works isn’t entirely clear at present – whether it works via a toolbar or other downloadable service.
It sounds like it could be a good service if it becomes widely used and presuming it isn’t hijacked in some way. Not to tempt fate, but the ability of members – albeit registered ones – to block and unblock sites, has the potential to be used maliciously.
What do you reckon? Is an online repository of phishing sites a good idea?