X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
   Reply to this topicStart new topic
> Anti-Phishing Browser Tools    
post Oct 5 2005, 11:04 PM

Utterly Abby-Normal
Posts: 15,813
Joined: 30-June 04
From: Seattle, WA [USA]

One of the faster growing treats to internet users are identity theft. An increasing phishing attacks only make things worse. In the typical phishing scam, an e-mail that purports to come from a bank or other well-known company (example: PayPal, eBay, etc.) asks you to click on a link to a site to "verify" personal information. However, although the site is legitimate-looking, it is not your bank’s site. Unfortunately, such attacks are not very amenable to technological solutions. There's usually no signature to scan for, and it is often as difficult for programs to identify the site's malicious behavior as it is for people. However, several vendors are taking a shot at the problem, and identifying the malicious sites in the form of free browser plug-ins.
The following lists information about such tools (in alphabetical order). The information was gathered from various technical publications (thanks go to PCMag and eWeek). I did not test all of the products.
Cloudmark SafetyBar:
Another good option for less-techie users, the Cloudmark SafetyBar, also supports only Internet Explorer. Cloudmark characterizes sites using green happy, red sad, and yellow neutral faces, and users can block and unblock individual pages. The ratings are based on the consensus of the community of Cloudmark users, under which each user has a reputation. Your reputation is based on the extent to which your ratings correspond to the consensus.
EartkLink Toolbar:
Users who are less sophisticated may be better served by the EarthLink Toolbar, which is also available rebranded through third parties such as Equifax. The toolbar, which supports only Internet Explorer, also includes a pop-up blocker. When you visit a site you get a green thumbs-up, a red thumbs-down, or a "neutral" indicator. EarthLink maintains its own list of known phishing sites, and if you attempt to visit one you will instead be brought to a page with warnings and explanations. If you're suspicious, you can view a page analysis, similar to Netcraft's, which looks at technical characteristics to see if the page exhibits phishing-like behavior.
FraudEliminator: (from homepage description)
FraudEliminator Pro is a toolbar for Internet Explorer or Firefox that warns you if the web site you're visiting is not what it seems. When you visit a known fraudulent site it will alert you with a popup. It can also alert you to sites with questionable features such as status bar misdirection or URLs that contain IP addresses. For every site you visit it displays the country of origin and date the domain was created – hovering the mouse over this information displays full WHOIS data in a popup window. A free version is available with less-frequent database updates.
Netcraft Toolbar:
It is now available for both Microsoft Internet Explorer and Firefox. It has compiled a list of known phishing sites from its own survey data and from user input. Users are encouraged to report sites, and a menu option on the toolbar makes it easy. If you attempt to visit a known phishing site, the toolbar will block it and warn you. With other sites the toolbar includes a "risk rating" indicator that slides from green to red, based on technical factors in the page that may be typical of phishing. A nice feature of the Netcraft toolbar is the historical database. It will show how long the site you're viewing has been monitored. If you think you are going to Paypal but the site is new, that's a clue that it's not really Paypal. And you can see the country in which the site is running (hint: Paypal.com is not hosted in South Korea) and the site's network provider.
The Netcraft Toolbar provides great information but is better suited to more savvy users, who will also appreciate the research links available through its menus. Some third parties, including banks, rebrand the Netcraft Toolbar as their own.
Two other toolbars are more limited but are useful nonetheless:
SpoofStick: for IE or Firefox—makes it easier to spot a spoofed Web site by prominently displaying the actual domain name of the site. Where phishing sites may use tricks to conceal the actual domain name, SpoofStick will state clearly "You're on pcmag.com" or "You're on"
The mozdev.org TrustBar: (Firefox only) lets you know whether you are on a secure Web site. It also displays the name that signed the certificate and the certificate authority, if any, that issued the certificate.
Go to the top of the page
post Oct 14 2005, 02:27 AM

UtterAccess VIP
Posts: 19,032
Joined: 29-September 03
From: Oklahoma City, Oklahoma

Thanks for keeping us informed!
Go to the top of the page
post Oct 14 2005, 10:16 AM

Utterly Abby-Normal
Posts: 15,813
Joined: 30-June 04
From: Seattle, WA [USA]

Sure thing.
tay safe out there o!
Go to the top of the page

Custom Search

RSSSearch   Top   Lo-Fi    2nd April 2020 - 07:41 AM