PDA

View Full Version : Anti-phishing


Don L. Jewett
2006-05-31, 09:14 AM
Below is an article on anti-phishing.
Can any of these capabilities be brought
into OmniWeb?

Thanks,

Don J.

Protect Yourself With an Antiphishing Toolbar
These browser plug-ins can help make your surfing safer.

Andrew Brandt
PC World
Wednesday, May 31, 2006; 12:10 AM


Think you can spot a phishing site? Don't be too sure. A recent study determined that a well-constructed fake Bank of the West page fooled 90 percent of the study's participants, including some very technically sophisticated people. Fortunately, several tools can help ensure that you don't fall for such a con.A number of companies make free browser plug-ins that can detect phishing sites. Most give you a visual warning when you're on a site that's trying to pass itself off as something it's not. Some assemble a list of fake sites based on reports from users who've stumbled upon them. Others analyze the site's address to see if it's misleading: For instance, the URL might have "ebay" in it when it's not actually a part of ebay.com. Several toolbars use a combination of approaches.

The Netcraft toolbar is my favorite. It shows you who the site is registered to, and provides a "risk rating" that can help you quickly decide whether you want to enter your password. A close second comes from TrustWatch , which makes a toolbar for Internet Explorer that validates legitimate Web sites and, like Netcraft, can provide a detailed site report. TrustWatch's reports let you know whether the site is included on any blacklists of suspect sites and whether it uses SSL technology for secure transfers. TrustWatch also makes an extension for Firefox that embeds site-report links in Google search-result pages.

Other good options abound. The EarthLink Toolbar with ScamBlocker alerts you with a pop-up message when you visit a site that has hosted phishing attacks. (You don't need to be an EarthLink subscriber to use the tool.) Corestreet's SpoofStick helps clue you in to a phishing site by putting the domain name of the site that you're visiting in huge, bold letters in IE's toolbar. Cloudmark's IE Toolbar automatically blocks sites known to host phishing scams. And eBay offers a toolbar equipped with an Account Guard feature that warns you if you're about to enter your eBay or PayPal password in a fake Web site's log-in page.

The phishing study cited above, however, found that a quarter of participants didn't look at phishing clues already present in browsers, like the padlock icon and address bar. These days it doesn't pay to be asleep at the wheel as you cruise the Net.

©*2006*PC World Communications, Inc. All rights reserved

Gregory
2006-05-31, 10:35 AM
I'd really like to see a Caution dialog display whenever I surf to a URL (usually activated from my email agent) which is not what it appears to be. for example, it appears to point to the ebay.com domain but actually points somewhere else by using hex characters or a well placed @ character, etc.

Forrest
2006-05-31, 12:15 PM
I tend to think this sort of stuff adds a false sense of security.

mcglk
2006-06-02, 01:28 PM
Well, you’re almost certainly right about that, but it would also help people like my mother, who’s likely to click on everything she can see on her screen. A stern warning from the computer once in a while about something phishy would help (’cos Lord knows she won’t listen to me).

sachiwilson
2006-06-03, 12:58 AM
I tend to think this sort of stuff adds a false sense of security.I would agree if all it is is warning notices.

But what if browser updates could modify the .hosts file to block known phishing or fraudulent urls? This would have to be done up front, of course, by notifying the user "We are going to block these known sites." Or even provide the list of sites to block, and give the user instructions on how to modify the .hosts file herself. Whatever works! (I've set mine to block every possible ad . . . . :p )

Ilgaz
2006-06-03, 05:05 AM
We (turks) had to access the famous (here) eksisozluk.com with IP address as some morons reported them to cops so they lost their DNS entry at turk telecom for sometime via court order.

This thing should be handled by companies offering "protection proxy" to their customers, 3rd party tools AND mail clients such as Eudora which does phishing protection offline (via simple logic). In fact Eudora invented the offline phishing protection. http://www.eudora.com/email/features/scamwatch.html

I keep saying offline as I know Omnigroup can't run their own host, it is a very huge bandwidth and tens/hundreds of people required to handle such services by keeping list, getting attacked (yes,phishers DOS attack) and remember this... It will sound very funny but if Omniweb starts to send your URL to their own Omnigroup host, via TLS whatever, people will jump up and down shouting "spyware".

At least clueless, lame Mozilla fanatics will do it. It became "ideological" fight rather than "technical". About one should pay for a browser or not. So, expect every kind of stupid attack from fanatics.

Note: I use Fanatic instead of fan on purpose by its meaning. Not saying anything about fans.

mwayne
2006-06-17, 12:01 AM
Unfortunately it's a major number of humans who are just plain stupid and just don't think when they get e-mails that ask them for info and log in details. If you stopped them in the street and asked them to hand over all their money and car keys they would tell you to ***k **f. Send them a simple email written by a Nigerian or Russian bonzo who can't spell or enunciate properly and they will send details.
Software companies can make capital out of this (good luck to them, business is business) and get you to hand the money over to them to provide a blocking mechanism or a browser writer to build in anti phishing capabilities but I believe the best deterrent is to let people get suckered in and lose their money.
All banks and financial institutions inform all their customers not to give out details but people for some reason ignore this advice.

What we really need to do is get all the good folk en mass to go to these sites and fill in the details with nonsense and bring down the servers.

kerry
2007-11-22, 02:15 PM
I completely agree with what mwayne says here,about people falling prey for phishing email scams and giving out there complete vital and personal information over web.
And also once your money is gone then it's just gone,what i suggest here is to go through each and every possible webpage to get educate yourself about identity theft , phishing email scams , PayPal scams , dating scams and credit card frauds and many more scams.....Iam able to say this because i browsed 100's of webpages about these scams.And i found many articles,but also i found this website called www.onlinegaurds.com which educates you about many scams and also read this topics page http://onlineguards.com/topics/phishingfraud.aspx which lists almost everything about latest scams and trends.