A Better Anti-Phishing Toolbar?

← Back to Stories (view on slashdot.org)

A Better Anti-Phishing Toolbar?

Posted by Cliff on Tuesday December 27, 2005 @06:50AM from the browsing-where-you-are-supposed-to-be dept.

Saqib Ali asks: "There have been recent discussions on Security Focus mailing lists about several Anti Phishing Toolbars available for Firefox. Do Slashdot readers have any recommendations on which Anti Phishing toolbar to use, or on how to improve upon the existing ones?"

6 of 33 comments (clear)

Min score:

Reason:

Sort:

Never tried them. by Threni · 2005-12-27 07:17 · Score: 5, Informative

> Do Slashdot readers have any recommendations on which Anti Phishing toolbar to
> use, or on how to improve upon the existing ones?"

If you're smart enough to install this kind of solution then you're not going to fall for the phishing attempts in the first place. Email from paypal/ebay/your bank that doesn't start with your name? Delete it. Get a plausible looking email asking you to click on a link and log in? Type the URL manually anyway (I use a local homepage which just contains a bunch of links to those accounts, Slashdot etc). Have an account somewhere that doesn't address you by your full name in emails? Close the account and use another bank.

By the same token, this stuff is obvious to everyone reading Slashdot. Right?
1. Re:Never tried them. by XO · 2005-12-27 13:35 · Score: 2, Interesting
  
  yeah, exactly how does an "Anti Phishing" toolbar work? Only thing I can think of is a built-in blacklist. Just use Opera, and it will flat out tell you if the site you are looking at is the site that it claims to be.
  
  --
  "Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
anti phishing already installed in IE7 by mdman · 2005-12-27 07:45 · Score: 2, Interesting

IE7 has anti phishing features installed in it already..
Phishing? whazzat? by redelm · 2005-12-27 07:52 · Score: 3, Interesting

My email reader does not render HTML. When I encounter pure HTML email, I just delete it. Or bounce it back to spoof@... as eBay and PayPal have requested.
In the unusual case (once per week) that I actually _want_ to look at a website mentioned in email, I cut'n'paste.
HTML email is abomination. Autoload images is evil.
Google solution. by ScaryFroMan · 2005-12-27 11:16 · Score: 3, Informative

"Google Safe Browsing" seems to work pretty well.

--
In Soviet Russia, backwards is everything.
Re:Sticker by MrNougat · 2005-12-29 04:40 · Score: 2, Insightful

I've worked for a company with 1000 employees in 72 locations in the US. Financial services company. If that's not bureaucratic, I don't know what is.

I think, generally speaking, much time is spent trying to prevent social engineering attacks with technological methods. Phishing is not an attack against a technological resource; it's an attack against a person using technology. The weakness being exploited is in the person, not in the computer system. Trying to protect a computer system from phishing is like trying to protect a bank teller from being robbed. It's not the bank teller being robbed, it's the money in the bank. Sure, the bank teller is a conduit through which robbery can occur, and by that logic, protecting the bank teller will reduce the risk of robbery. But a better way is to protect the money by putting it in a vault. I don't know of any banks that don't have vaults.

Reducing people's weakness to phishing by telling them - over and over, or with a sticker - that no legitimate company will request personal information via email is like putting the bank's money in a vault.

--
Web 2.0 == Giant Blogspam Circle Jerk