Phishers beware. A vigilante group is on the prowl for online fraudsters who are stealing personal information by luring unsuspecting victims to look-alike web sites.

Called the Phishing Incident Reporting and Termination squad, the group is dedicated to hunting down sites of a popular security scam called phishing and shutting them down.

The PIRT squad, a community-driven effort, consists of members who report phishing scams and security experts, or handlers, who take the action needed to terminate the sites.

During the process, PIRT also sends reports to the Anti-Phishing Working Group and to companies like Netcraft that create anti-phishing toolbars.

PIRT was started by CastleCops, a security and privacy organization, and Sunbelt Software, a security software company. It is a good Samaritan effort on the Internet, said Paul Laudanski, president of CastleCops. “It is about getting everyone involved to make a difference,” he said.

Phishing has become a growing problem on the Internet. The Anti-Phishing Working Group, a nonprofit organization, said the group received 17,877 reports of phishing in January compared to 15,244 incidents in the same period last year.

Democratizing a Hunt

While large security companies and some smaller startups target phishers and try to put them out of business, their services are available only to larger institutions that can afford them. PIRT hopes to make the process more democratic. “I wouldn’t want my mother to fall victim to a phish that a commercial company is not covering,” said Mr. Laudanski.

PIRT is composed of volunteers, mostly security professionals, who are incensed about the phishing problem and want to do something that will make a difference, said Mr. Laudanksi. Currently, the initiative has about 10 “handlers,” but is rapidly adding more volunteers.

All volunteers have to go through a vetting process. Once they apply to become a part of PIRT, someone from the organization will contact them and ask them for details of their technical background, references, and personal identifying information.

“We want to make sure we have everyone who is legitimate and will contribute to our cause,” said Mr. Laudanksi.

PIRT has touched some right chords. Since Monday, when the project went live, it has gotten about 1,500 reports of phishing. Reports can be submitted by anyone either through email or through the web site. “The response to PIRT been overwhelming,” said Mr. Laudanski. “The community really believes in this.”

Once a phishing email or incident is reported, then PIRT volunteers extract the URL, confirm if it is indeed a scam, and then poke around the fraudulent site to gather as much information about it as they can.

PIRT volunteers can gather the name of the Internet service provider hosting the site, the email service provider that the phisher is using, the owner of the domain name, and send them emails requesting for the site to be shut down.

“We contact the ISPs, drop courtesy emails to the institution being phished, and follow it up with phone calls,” said Mr. Laudanski. “Within a couple of hours of someone reporting a phishing site, we are able to shut it down.”

Most ISPs are happy to help, and PIRT sees success rates of up to 60 percent, said Eric Sites, vice president of research and development at Sunbelt Software. “ISPs understand the problem,” he said. “There are U.S. laws on hosting copyright information that can be used to make ISPs withdraw a site.”

PIRT’s failures are typically related to phishing attempts in foreign languages and ISPs in countries that don’t have strong laws on the issue, said Mr. Sites.

“We don’t do anything illegal. We don’t hack any server or bring down a site,” said Mr. Laudanski. “Everything we do is legal and through the contacts that we have at ISPs.”

Finding Greater Acceptance

The idea has appeal, said Mike Rothman, president of Security Incite, a security analyst firm, but it needs to create a road map of its long-term goals if the initiative wants to find broader acceptance.

“Anything we can do to streamline some of these sites and get it offline quickly is good,” said Mr. Rothman. “But apart from giving some retired computer engineers, or folks with too much time on their hands, an outlet, I don’t see much value beyond that.”

PIRT will have to figure out how it differs from the nonprofit Anti Phishing Working Group, and how the value it can provide differs from other security firms focused on the problem, said analysts.

There’s also the question around the long-term commitment of the volunteers.

“What happens when volunteers feel they don’t have the time to contribute, or the thrill has worn off?” asked Mr. Rothman.

However, PIRT believes that eventually it can get big security companies like Symantec and McAfee on board. And with over 100 volunteers and 150,000 registered members, CastleCops said it has a huge community that it can depend on.

“The sooner we can stop this, the fewer people are affected,” said Mr. Sites.“Every little tool or service we can provide to protect people helps.”