Digital Edition

SYS-CON.TV
Fed Up With Phishing? Anti-Phishing Toolbar Launched
Fed Up With Phishing? Anti-Phishing Toolbar Launched

A new weapon against phishing has just been launched: The Netcraft Toolbar.

It happily coexists with Google and other toolbars, says UK company Netcraft, and uses Netcraft's enormous databases of Web site information to show users all the attributes of each site they visit on the Web, including the site's hosting location, country, longevity and popularity.

It also mobilizes the Netcraft community into a giant "neighbourhood watch" scheme to empower the most alert and experienced members to protect the vulnerable against fraud and phishing attacks.

Toolbar features, says Netcraft, include:

  • Clear display of sites' hosting location at all times helps you validate fraudulent urls (e.g. the main online banking site of a large US bank is unlikely to be hosted in the former Soviet Union).
  • Once you report a phishing URL, it is blocked for other community members subsequently accessing it. The leverage of widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) is utilized to expedite blocking of the fraud site.
  • Natively traps cross site scripting and other suspicious urls containing characters which have no common purpose other than to deceive.
  • Netcraft supervisor validation is used to contain the impact of any false reporting of urls.
  • Display of browser navigational controls (toolbar and address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls to disguise location.

    It runs on Internet Explorer on Windows 2000/XP or later. Anyone downloading it is welcome to use the feedback form below to report to other readers how well they think it works.

  • About Security News Desk
    SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

    In order to post a comment you need to be registered and logged in.

    Register | Sign-in

    Reader Feedback: Page 1 of 1

    Currently the toolbar is only available for IE but a Firefox version *is* under development.

    Usually, phishing also involves cracking a server somewhere. I'm in the email security business, so I feel almost as close as family to hundreds of wealthy but desperate Nigerians (who don't get to deliver much mail on the networks I protect) and loads of phishers (who don't get to deliver much more mail than the Nigerians).

    In almost all cases, the link in the phishing mail leads to a compromised host. Phishers (most of them, anyway) aren't dumb enough to put the phishing site on a host that's actually theirs. Usually, it's all too obvious that the rightful admin of the host in question is utterly clueless that he/she has been owned.

    Just say no to HTML email. people!

    That will stop 'standard' HTML phishers cold!

    It may 'eliminate' phishing as there is no HTML to hide the bogus URL behind the onscreen 'good' one.

    The rise of phishing just shows how broken the current internet and e-mail system is. In a age in which worms and scammers can gather address books, fake headers, copy websites of legitimate businesses, hijack browsers, create zombies, and log keystrokes, no e-mail (or even web page) can be presumed to be legitimate no matter who it comes from or how you got it.

    This problem saddens me greatly because it ruins the promise of global communications. Rather than a utopian information paradise for everyone, we seem to allowing the creation of a back alley in which few dare to tread.

    If e-mail and the internet are ever to become truly useful, they must become simply trustworthy (as in simple to trust). Consumers (i.e. non-geeks) must be able to trust incoming emails or email is useless. Consumers must be able to trust webpages and their computers or these tools become useless.

    Here in Denmark, I have yet to see a bank that sends out email at all.

    I am doing online banking with the two biggest banks "Nordea" and "Danske Bank", and none of them send out email. They only communicate electronically with the costumer through the online bank, so you need to log in to your home banking system to communicate with the bank.

    If this was the case on a global scale and people were aware of it, these scam mails might be a smaller problem.

    I received a very well done paypal phish recently. It was sent to my paypal email address (different from my ebay address and never used for anything else).

    There was a link that claimed to go to:

    https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?Regist erEnterInfo

    But mousing over revealed that it actually went to:

    http://signin.ebay.com-ogi-bin.tk/_eBaydll.php

    Note the com-ogi-bin.tk rather than com/cgi-bin

    >>>>>It runs on Internet Explorer on Windows 2000/XP or later<<<<

    Ironic that it runs on the one browser that no one wants to use any more. C'mon Netcraft, let's see this for firefox, a.s.a.p. please




    ADS BY GOOGLE
    Subscribe to the World's Most Powerful Newsletters

    ADS BY GOOGLE

    A valuable conference experience generates new contacts, sales leads, potential strategic partners a...
    Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
    Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
    SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st I...
    We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
    SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22n...
    Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
    DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
    Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
    Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
    DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by Fi...
    Today, we have more data to manage than ever. We also have better algorithms that help us access our...
    DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
    @DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
    Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
    DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
    CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
    The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
    Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
    CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...