Skip to Main Content
One way banks mitigate phishing's effects is to remove fraudulent websites or suspend abusive domain names. The removal process, called a "take-down," is often subcontracted to specialist firms, who refuse to share feeds of phishing website URLs with each other. Consequently, many phishing websites aren't removed. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might free-ride off their efforts. Here, the authors propose the Phish-Market protocol, which enables companies to be compensated for information they provide to their competitors, encouraging them to share. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor's clients and only those previously unknown to the receiving firm. The receiving firm, on the other hand, is guaranteed privacy for its client list. The protocol solves a more general problem of sharing between competitors; applications to data brokers in marketing, finance, energy exploration, and beyond could also benefit.