StopScum

What is the The Phish Report Network (PRN)?

"The Phish Report Network enables companies to reduce online identity theft by safeguarding consumers from phishing attacks. As the first worldwide anti-phishing aggregation service, the Phish Report Network provides subscribers with a mechanism for staging a united defense against phishing."

How does PRN work?

"The Phish Report Network is comprised of Senders and Receivers. Any company being victimized by phishing attacks, such as a financial services or e-commerce company, can subscribe to the Phish Report Network as a Sender and begin immediately and securely reporting confirmed phishing sites to a central database operated by WholeSecurity.

Other companies, such as Internet Service Providers (ISPs), spam blockers, security companies, and hosting companies, can join the Phish Report Network as Receivers. Subscribing as a Receiver provides access to the database of known phishing sites submitted by the Senders. Using this information, Receivers can effectively protect consumers by blocking known phishing sites in various software, email, and browser services. Additionally, real-time notifications of new phishing sites are available to Receivers to ensure up-to-the-minute protection against the latest attacks" Source

Nice try but NOT!

While I certainly support the education of surfers about the dangers of Phishing and even if we assume that the member sites will regularly update their sites with current data on Phishing attacks, PRN is not an effective device to significantly reduce Phishing. I'm also amused by the use of "defense" in the first paragraph of their mission statement.

First of all, surfers rarely go to the "real site" to see if the email they received is legitimate. They normally just click the link inside the email, submit their data, and the result is ID theft.

The first solution. SUE!

Next, haven't we learned anything from the battle against Spam? Thinking in terms of defensive actions is an exercise in futility. What should have happened first, is a series of legal procedures across multiple countries, accompanied by restraining orders to shut down the Phishing sites. These procedures are the only way to significantly reduce ID theft.

For an example of exactly what I'm talking about please take note of the numerous law suits filed in a short period of time by Microsoft and Pfizer. Microsoft sues for violations of the Federal CAN-SPAM law and at the same time Pfizer sues for violations of it's trademark on Viagra. These parallel lawsuits are an effective way to reduce abuse. You force the fraudsters to defend themselves across numerous courts, incur large legal bills, and let due process run it's course. Use this exact same principal against Phishing and you will reduce this ID theft.

My advice for you has not changed

Trash all emails which contain requests to click a link and visit a site to submit your confidential data. I don't care who the email appears to be from. Don't do business with firms who use email in this manner. Don't waste your time visiting sites for alerts and or installing ToolBars in your browser which attempt to notify you of a fraudsters Phishing site. If you wish to visit a site like PayPal then first launch a blank browser session and carefully type the URL into your browser. Look for the Padlock and double check the URL once you arrive.