A nonprofit focused on cybersecurity has launched a new tool designed to assist security professionals in authenticating reports of phishing attacks, which resulted in losses exceeding $400 million in the first half of this year.

On Monday, the Security Alliance (SEAL) revealed that it has been developing a tool that allows experienced users and security experts to participate in the ongoing battle against crypto phishing by confirming that a reported phishing site is indeed harmful.

Often, cybersecurity specialists are unable to replicate what users observe upon encountering a potentially dangerous link since scammers have integrated ‘cloaking mechanisms’ to present safe content to suspected web scanners.

SEAL’s new tool, dubbed the ‘TLS Attestations and Verifiable Phishing Reports’ system, is intended to aid security experts in demonstrating that a phishing site contains the malicious content users claim to see.

“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”

The mechanism operates by using a trusted attestation server as a cryptographic oracle during the TLS connection, thereby making the verification process more robust.

Transport Layer Security (TLS) is a web protocol designed to ensure secure communication through data encryption, safeguarding it from unauthorized access.

Users will be able to file ‘Verifiable Phishing Reports,’ which are cryptographically signed proofs that detail exactly what a website has displayed to them.

This allows SEAL to authenticate such reports without needing to visit the phishing sites directly, increasing the difficulty for attackers to disguise their harmful content.

“This is a tool meant for advanced users and security researchers ONLY,” clarified SEAL on their GitHub download page.