Cybersecurity nonprofit Security Alliance (SEAL) has unveiled a new tool designed to help security researchers verify crypto phishing attacks, which have resulted in over $400 million in losses in the first half of this year.
On Monday, SEAL announced that it has developed a system enabling “advanced users and security researchers” to verify whether reported phishing websites are genuinely malicious.
Researchers often struggle to replicate what users see when they encounter potentially harmful links because scammers use “cloaking features” that display harmless content to web scanners, SEAL explained.
The new system, called the TLS Attestations and Verifiable Phishing Reports platform, allows researchers to confirm that a suspicious website actually contains the phishing content reported by users.
“This tool is intended to help experienced cybersecurity professionals collaborate more effectively, rather than being used by the average user,” SEAL said.
“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”
How SEAL’s Verifiable Phishing Reports Work
The system operates by using a trusted attestation server as a cryptographic oracle during the TLS connection.
Transport Layer Security (TLS) is a web protocol that encrypts data to ensure secure communication over a network, protecting it from eavesdropping and tampering.
In practice, a user or researcher runs a local HTTP proxy that intercepts web connections, captures connection details, and sends them to the attestation server. The server performs all encryption and decryption operations, while the user’s device maintains the actual network connection.
Verifiable Phishing Reports
Users can submit Verifiable Phishing Reports, which are cryptographically signed proofs that capture exactly what content a website served them.
SEAL can then confirm the reports are legitimate without directly accessing the phishing sites, making it significantly harder for attackers to conceal their malicious content.
“This tool is intended for advanced users and security researchers only,” SEAL noted on the GitHub download page.
