Cybersecurity nonprofit, Security Alliance, has launched a new tool to assist security researchers in verifying crypto phishing incidents, which have led to substantial thefts exceeding $400 million in the initial half of this year.

On Monday, Security Alliance (SEAL) introduced a tool designed to allow “advanced users and security researchers” to verify the legitimacy of reported phishing websites.

Cybersecurity experts often face challenges in replicating the user experience when clicking on potentially harmful links, as scammers have employed cloaking techniques to display harmless content to web scanners. SEAL’s tool, named the “TLS Attestations and Verifiable Phishing Reports” system, aims to authenticate that malicious sites do in fact contain the phishing elements users report seeing.

“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”

How SEAL’s verifiable phishing reports work

This system involves a trusted attestation server acting as a cryptographic oracle during the TLS connection, which is essential for secure communications across the web.

The user or researcher must run a local HTTP proxy that intercepts connections, captures connection details, and transmits them to the attestation server, which manages all cryptographic operations while allowing the user to maintain the network connection.

Verifiable Phishing Reports

Users can submit these “Verifiable Phishing Reports,” which are cryptographically verified proofs that demonstrate the specific content a site delivered to them.

SEAL can authenticate these reports without requiring direct access to the phishing websites themselves, significantly complicating matters for attackers attempting to conceal their malicious activities. SEAL emphasized that this tool is strictly for advanced users and security researchers only.