Digital Edition

SYS-CON.TV
Fed Up With Phishing? Anti-Phishing Toolbar Launched
Fed Up With Phishing? Anti-Phishing Toolbar Launched

A new weapon against phishing has just been launched: The Netcraft Toolbar.

It happily coexists with Google and other toolbars, says UK company Netcraft, and uses Netcraft's enormous databases of Web site information to show users all the attributes of each site they visit on the Web, including the site's hosting location, country, longevity and popularity.

It also mobilizes the Netcraft community into a giant "neighbourhood watch" scheme to empower the most alert and experienced members to protect the vulnerable against fraud and phishing attacks.

Toolbar features, says Netcraft, include:

  • Clear display of sites' hosting location at all times helps you validate fraudulent urls (e.g. the main online banking site of a large US bank is unlikely to be hosted in the former Soviet Union).
  • Once you report a phishing URL, it is blocked for other community members subsequently accessing it. The leverage of widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) is utilized to expedite blocking of the fraud site.
  • Natively traps cross site scripting and other suspicious urls containing characters which have no common purpose other than to deceive.
  • Netcraft supervisor validation is used to contain the impact of any false reporting of urls.
  • Display of browser navigational controls (toolbar and address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls to disguise location.

    It runs on Internet Explorer on Windows 2000/XP or later. Anyone downloading it is welcome to use the feedback form below to report to other readers how well they think it works.

  • About Security News Desk
    SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

    In order to post a comment you need to be registered and logged in.

    Register | Sign-in

    Reader Feedback: Page 1 of 1

    Currently the toolbar is only available for IE but a Firefox version *is* under development.

    Usually, phishing also involves cracking a server somewhere. I'm in the email security business, so I feel almost as close as family to hundreds of wealthy but desperate Nigerians (who don't get to deliver much mail on the networks I protect) and loads of phishers (who don't get to deliver much more mail than the Nigerians).

    In almost all cases, the link in the phishing mail leads to a compromised host. Phishers (most of them, anyway) aren't dumb enough to put the phishing site on a host that's actually theirs. Usually, it's all too obvious that the rightful admin of the host in question is utterly clueless that he/she has been owned.

    Just say no to HTML email. people!

    That will stop 'standard' HTML phishers cold!

    It may 'eliminate' phishing as there is no HTML to hide the bogus URL behind the onscreen 'good' one.

    The rise of phishing just shows how broken the current internet and e-mail system is. In a age in which worms and scammers can gather address books, fake headers, copy websites of legitimate businesses, hijack browsers, create zombies, and log keystrokes, no e-mail (or even web page) can be presumed to be legitimate no matter who it comes from or how you got it.

    This problem saddens me greatly because it ruins the promise of global communications. Rather than a utopian information paradise for everyone, we seem to allowing the creation of a back alley in which few dare to tread.

    If e-mail and the internet are ever to become truly useful, they must become simply trustworthy (as in simple to trust). Consumers (i.e. non-geeks) must be able to trust incoming emails or email is useless. Consumers must be able to trust webpages and their computers or these tools become useless.

    Here in Denmark, I have yet to see a bank that sends out email at all.

    I am doing online banking with the two biggest banks "Nordea" and "Danske Bank", and none of them send out email. They only communicate electronically with the costumer through the online bank, so you need to log in to your home banking system to communicate with the bank.

    If this was the case on a global scale and people were aware of it, these scam mails might be a smaller problem.

    I received a very well done paypal phish recently. It was sent to my paypal email address (different from my ebay address and never used for anything else).

    There was a link that claimed to go to:

    https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?Regist erEnterInfo

    But mousing over revealed that it actually went to:

    http://signin.ebay.com-ogi-bin.tk/_eBaydll.php

    Note the com-ogi-bin.tk rather than com/cgi-bin

    >>>>>It runs on Internet Explorer on Windows 2000/XP or later<<<<

    Ironic that it runs on the one browser that no one wants to use any more. C'mon Netcraft, let's see this for firefox, a.s.a.p. please




    ADS BY GOOGLE
    Subscribe to the World's Most Powerful Newsletters

    ADS BY GOOGLE

    Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
    "Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
    Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
    NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
    CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
    SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
    Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
    When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
    In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
    Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
    Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
    Dynatrace is an application performance management software company with products for the informatio...
    In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
    All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
    Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
    Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
    Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
    Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
    Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
    Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...