Applications‎ > ‎

PhishGuard

Overview

PhishGuard anti-fraud prevention system consisted of the following components:
  • PhishGuard corporate web-site, with phishing content, links and information 
  • Microsoft SQL Server 2005 relational database, data modeled using Sybase PowerDesigner. 
  • Windows desktop application and service that intercepted all http network traffic and compared to a active database of over 10,000 known phishing scams, user submission capability, user inquiry 
  • Several HTTP/IIS web services performing registration, licensing/authentication, submissions, cached database updates and database message queue replication 
  • PhishGuard Administration ASP.Net 2.5 web application 
  • Automated scoring of user submissions using proprietary metrics and algorithms 
  • Integration services with 3rd-party networks and phishing lists 

Features

  • SQL Server data model can be found here. The PhishGuard application and data model supports: 
  • PhishGuard corporate web-site, online help 
  • Online registrations, users, with complex licensing and registration support 
  • User and role based security 
  • Maintenance of Internet and Phishing reference data 
  • User submissions of potential phishing email and URLs 
  • Cached set of phishing site updates 
  • Automated scoring routines 
  • ASP.Net 2.5/3.0 Web Administration tools, with interactive review, validation 


Client application and submission


Here a potential malicious website is dragged/dropped onto the PhishGuard desktop application and is submitted to PhishGuard.com for evaluation and inclusion in the phishing scam database. The submissions supported sumbissions from popular web-browsers (Internet Explorer, Firefox,...) and desktop mail client applications (i.e., Outlook, Oulook Express,...). 



Typical desktop alert


When the user navigated to a known phishing website, the PhishGuard services raises an alert to the potential security risk. Note, an override allowed the user to continue navigating to the website.


PhishGuard Administration Application


The Phishguard web administration and maintenance application is used to control the setup and operations of the PhishGuard network. The administration application knits together the setup and operations of the system, routine management of the fraudulent website database, ad-hoc query and drill-down and reviewing the automated scoring.

Example of a typical maintenance screen, e.g., supported Browsers




One of the key operational aspects was validating the automated scoring of potential malicious URL submissions prior to adding to the distributed SQL Server database.

 

Mainly due to the integration of phishing alerts in the popular browsers and anti-virus software, the PhishGuard service was discontinued in 2008.