Saturday, October 28, 2006

Phishing Protection in Your Browser

Wikipedia defines phishing as "a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well."

Usually, emails that contain links phishing sites have deceptive subjects like "Important message from your Bank", use fake email addresses, copy logos and text from the sites they want to imitate. The URLs included in the emails may contain redirects, IP addresses or may look similar to the genuine URLs.

FraudWatch International reports that, on average, phishing sites remain active for 5 days before they are shut down.

To protect you against the increasing number of phishing sites, the latest versions of many browsers have added phishing protection.

IE7
* the Phishing Filter is opt-in.
* two ways:
- automatically check sites you visit against the list of known phishing sites on the Microsoft server.
- check individual sites, if you have a reason to think they may be used for phishing.
* there's also an heuristic way to detect common elements included in phishing sites. In this case, IE7 shows a warning.
* IE7 has a whitelist, that includes sites like microsoft.com
* privacy: "When you use Phishing Filter to check websites automatically or manually, the address of the website you are visiting will be sent to Microsoft, together with some standard information from your computer such as IP address, browser type, and Phishing Filter version number. To help protect your privacy, the address information sent to Microsoft is encrypted using SSL and limited to the domain and path of the website. Other information that may be associated with the address, such as search terms, data you entered in forms, or cookies, will not be sent."
* the Phishing Filter is also available as an add-on for MSN Search Toolbar, in IE6.



Firefox 2
* the Phishing Protection is on by default.
* two ways:
- by default, Firefox checks each webpage you visit against a local list of pages, that's regularly updated (approximately twice per hour)
- you can also choose a real-time protection, but that means you send every URL you visit to Google or to other provider (for the moment, Google is the only provider).
* Firefox doesn't use heuristics to see if a web page may be used for phishing.
* privacy:
"Firefox sends the URL of the web page, in addition to your IP address and other Non-Personally-Identifying Information, to the selected third party service provider. Firefox displays a warning if the third party service provider returns with a response indicating that the URL you are accessing is a suspected web forgery. Finally, if you take any action in response to a phishing protection warning message, the selected phishing protection service provider may record that action and the URL of the page, and a cookie may be placed on your computer. While it is possible that a URL sent to your service provider may itself contain Personally-Identifying Information, Mozilla's third party service providers have entered into a written agreement with Mozilla not to use Personally-Identifying Information for purposes other than to enhance and maintain their service."
* the real-time phishing filter is also available in Google Safe Browsing and Google Toolbar for Firefox.

Opera 9.1
* anti-phishing will be included in Opera 9.1, as reported by Johan Borg, an Opera developer.
* Opera will include only real-time protection and will send to opera.com the domain name and a hash of the current page. "The reply from the server is an XML document containing the trust level of the domain. This reply will be cached by Opera for a time indicated by our server."
* privacy:
Opera won't store IP addresses or store cookies and chose to sent requests over HTTP, in plain text.

Other interesting solutions:
* Netcraft Toolbar (IE, Firefox) that shows a Risk Rating for each site you visit.
* eBay Toolbar (IE 6.0), that includes Account Guard, a feature that lets you know when you're on a eBay site and when they site you visit is a known phishing site.
* Earthlink Toolbar (IE, Firefox) includes ScamBlocker, a real-time detection feature that shows whether a site is dangerous, questionable, safe or whether there isn't too much information to judge it.

From my empirical testing, Firefox 2 (and also Google Toolbar for Firefox) and Netcraft Toolbar offer the best protection.

If you don't want to use anti-phishing features included in your browser or in other toolbars, it's a good idea to read these tips from Anti-Phishing Working Group.

No comments:

Post a Comment