SEAL Launches TLS Attestations Tool For Phishing Detection

Cybersecurity nonprofit, Security Alliance, has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year.

On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.

Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added.

SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.

“It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.

“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”

How SEAL’s verifiable phishing reports work

The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.

Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering.

Related: Venus Protocol user suffers $13.5M loss from phishing attack

The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.

*Attestation in action, identifying malicious links. Source: SEAL*

Verifiable Phishing Reports

Users can submit “Verifiable Phishing Reports,” which are cryptographically signed proofs showing exactly what content a website served them.

SEAL can then verify these are legitimate without needing to access the phishing sites themselves, making it much harder for attackers to hide their malicious content.

“This is a tool meant for advanced users and security researchers ONLY,” wrote SEAL on the GitHub download page.

Magazine: Bitcoin’s ‘macro whiplash,’ Shuffle suffers data breach: Hodler’s Digest

What's Hot

DOJ Had Enough Evidence to Convict Roman Storm, Prosecutors Say

61-Year-Old ‘Country Girl’ Has No Money But Owns a $26K Tractor for Her Acres of Worthless Land — Dave Ramsey Tells Her to Sell It All. Even the Deer

Red Bull Bragantino and Atlético reveal line-ups for early clash

DOJ Had Enough Evidence to Convict Roman Storm, Prosecutors Say

Is Bitcoin Bottom Near? BTC Approaches ‘Death Cross’ as Market Tests Key Historical Pattern

XRP Falls 4.3% Even After XRPC ETF Launch on Bitcoin Weakness, Finds Buyers Near $2.22

How Google Gemini Helps Crypto Traders Filter Signals From Noise

DeFi Soars with Tokenized Stocks, But User Activity Shifts to NFTs

DC facing $20 million security funding cut despite Trump complaints of US capital crime

Most Popular

No porpoising in 2026, but new F1 rules aren’t “straightforward”

DOJ Had Enough Evidence to Convict Roman Storm, Prosecutors Say

61-Year-Old ‘Country Girl’ Has No Money But Owns a $26K Tractor for Her Acres of Worthless Land — Dave Ramsey Tells Her to Sell It All. Even the Deer

Our Picks

Apple Stock Is Gaining Momentum, Is AAPL Stock a Buy?

Why the Mavs fired Nico Harrison and what’s next in Dallas

AppFolio Unveils AI-Native Overhaul to Reshape Property Management

Subscribe to Updates

What's Hot

SEAL Launches TLS Attestations Tool For Phishing Detection

How SEAL’s verifiable phishing reports work

Verifiable Phishing Reports

Related Posts

Subscribe to Updates