The companies across the world will have a new free web service now which can automatically send out email notifications if any of their employees gets phished.
The service is named “I Got Phished” and is managed by Abuse.ch which is a non-profit organization known for its malware and cyber-crime tracking operations. Like other Abuse.ch services, I Got Phished will be free to use.
Any company can sign-up through the I Got Phished website which takes just a few seconds.
The companies can subscribe for email notifications on a domain name basis, and companies need not have to expose a list of their employee email addresses to a third-party service.
When a company’s security staff has subscribed to the service, I Got Phished will check its internal database for email addresses for the company’s email domain. This database contains logs from phishing operations, with emails for phished victims.
If ‘I Got Phished’ finds an email address for that domain, they will notify the company’s security staff through an email.
In order to prevent unauthorized persons from hijacking a company’s phishing notifications, I Got Phished will only send out notifications to official emails like: [email protected], [email protected], [email protected], or [email protected]
The idea about this service came from a system administrator known on Twitter as @JayTHL, who founded Cryptolaemus, a cyber-security group that keeps track of the infamous Emotet botnet.
The source of the data in the I Got Phished databases are logs collected by cyber-criminals conducting phishing operations. Many of these logs are stored online, in the web panels of command-and-control servers and phishing toolkits.
Some of these services are either not protected by a password, or are insecure, that has vulnerabilities allowing the security researchers to access the backend and retrieve information about who got phished.
Security researchers often collect this data and notify victims. Some do it through their employers — cyber-security or antivirus companies — while others do it privately, as a hobby.
Abuse.ch stated that the I Got Phished database is made up by submissions from the cyber-security community. At present, the I Got Phished database includes data on nearly 3,000 phishing victims, spread across more than 2,500 email domains.
A large amount of these domains belongs to small and medium-sized businesses and big organizations who are listed at stock exchanges around the globe.
Phishing always is a big issue even for Forbes Global 2000 companies.
The I Got Phished website lists an email address and API that security researchers can use to submit new logs obtained from ongoing phishing operations.
Whenever a new data is added to the I Got Phished database, all subscribing companies also receive an alert, in near real-time.
This notification allows the security teams to reset passwords for any phished employee, thereby reducing the chance of hackers to misuse the compromised credentials.
In future, this service might expand to include logs from other types of credential compromises, such as keyloggers.