The new verifiable phishing reports tool, developed by SEAL, assists researchers in proving and combating crypto scams cryptographically.
SEAL, a nonprofit organization in cybersecurity, has released a new tool to combat crypto phishing by allowing more sophisticated users and researchers to provide phishing reports, which the tool can cryptographically check.
This will solve one of the main problems with phishing detection: fraudsters tend to wrap malicious scripts, presenting security scanners with innocent websites.
The system created by SEAL enables the researcher to demonstrate, irrefutably, that a URL was used to store phishing content, increasing confidence and cooperation in the war against phishing.
Seeing Through the Cloak: The Power of TLS Attestations
Older URL scanners have a hard time with anti-bot systems and CAPTCHA. Even worse, scammers hide their true content by showing safe-looking pages to automated scanners, so the malicious material goes unexamined.
SEAL worked around this by developing TLS Attestations – a cryptographic tool which records and signs the precise content that a user viewed over a secure web session.
This change allows security researchers to prove that what a user encountered was truly fraudulent, not just a claim.
How It Works: Cryptographic Proof Against Phishing
The tool works by intercepting web connections using a local proxy. The proxy records the session information and connects with some attestation server, which serves as a cryptographic oracle in the TLS-encrypted session.
The user is in control of the network connection; this is legitimate because the server is no longer in charge of encryption, as well.
Under this method, security researchers produce cryptographically signed verifiable phishing reports that display exact malicious web material.
SEAL can then independently verify these reports without direct access to the phishing sites, and it is nearly impossible to conceal malicious content.
The new tool by SEAL is aimed at targeting those with advanced skills and security researchers, specifically the experienced good guys, and enhance community actions against crypto scams, which have already cost people more than $400 million in losses only this year.
Source – X
According to what SEAL said on their official X account, what we needed was a method of seeing what the user was seeing.
Before believing someone’s claim that a URL is malicious, do your own check. This is an undisputed scientific advancement that now equips researchers.