Think of this example: A user receives an email from PayPal or his bank which states that the account was comprised and that action needs to be taken right now. A link is provided and most users will click on that link to get to the website fast. The website looks like the real PayPal or bank website which adds to the trust the user has in the process. The website asks for authorization and most users will enter their data without hesitation. The data that is entered will be collected by the attackers and used in criminal activity.

What is phishing:

• Phishing always requires a user to visit a specifically prepared website (most of the time through a link that is added in emails or messaging)
• The fake website looks a lot like the real website (there are ways to detect fake websites)
• The goal of the attackers is to get the user to enter the data that they are after into a web form.

Phishing protection:

The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.

• If you are not a customer of the site delete the email immediatly. Don´t click on the link or reply.
• If you are a customer and you are not sure if the email is legit do one of the following:
• Contact the institute by phone or contact at the official website ( do not use the email link of course) and ask if the mail is official.
• Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time). If not, use 2a to verify the email.

Thankfully though there are quite a few tools out there to aid and protect the user against phishing attacks.

• Most web browsers these days come with phishing protection enabled. The lists that they use are usually updated several times a day. It has to be noted though that they only detect phishing websites that are already in the list.
• Several email clients, like Mozilla Thunderbird, but also online email services, like Gmail or Yahoo Mail, make use of phishing protection as well.
• Internet security programs do come with phishing protection as well.
• Password managers can be an excellent aid. If you have saved the login for a website in the password manager you usually can login automatically (Last Pass for example supports that option). The password manager will only work on the real website and not the phishing website.

The most powerful protection again is the user’s common sense. Here are a few pointers on how to detect if a website is real or a phishing site:

• Check the url in the address bar. Is it pointing to the right website? Make sure you look close for chars that look similar, e.g. o and 0.
• Is it a https website? Is the certificate valid?
• Does the website look different? Open another web browser tab to enter the url manually just to be on the same side (if you have opened an external link)

Firefox users can check if the phishing protection of their web browser is working. Do you have additional phishing protection tips?

The test analyzed the web browser’s phishing protection. Both Internet Explorer 8 and Firefox 3 (that is Firefox 3.0.11 and not Firefox 3.5) managed to score an average block rate of 83% and 80% during the 14 days of testing. Opera 10 managed to block 54%, Google Chrome 26% and Safari a whopping 2%.

The average phishing URL catch rate for browsers over the entire 14 day test period ranged from 2% for Safari 4 to 83% for Windows Internet Explorer 8. Internet Explorer 8 and Firefox 3 were the most consistent in the high level of protection they offered. Statistically, Internet Explorer 8 and Firefox 3 had a two-way tie for first, given the margin of error of 3.96%. Opera 10 beta came in third due to inconsistent protection during the test. Chrome 2 was consistent, albeit at a much lower rate of protection, and Safari offered minimal overall protection.

The test analyzed the average response time to phishing attacks. Internet Explorer 8 finished first with an average response time of about 5 hours closely followed by Firefox and Google Chrome. It took Opera about double the time and Safari more than 10 times to protect against emerging phishing attacks.

Many users will criticize the test because it has been sponsored by Microsoft. This alone should not be reason to dismiss the findings as inaccurate. There have however been accusations of manipulated reports by NSS Labs in the past which are for example mentioned in a blog post at the Opera website. Some of the points of criticism like mixing beta and final versions or limiting test urls to a very low number are also valid points in the new report.

Even critics have to admit on the other hand that Microsoft has made progress with Internet Explorer 8. The web browser might still not be as fast as the others but it is definitely a solid web browser which could be the most secure web browser when it comes to protecting users from phishing attacks. It has to be noted that the test is only considering the automated protection.

A new widget has been recently added to Gmail labs that increases email security by offering phishing protection for the two services PayPal and eBay. Emails send by these two services are authenticated by the widget and an authentication icon is displayed in the Gmail interface so that the user can see at first glance that the emails are coming from the original source.

The main advantage of this added layer of phishing protection is that emails that claim to be from either PayPal or eBay but are not will now be deleted before they reach the user’s email account meaning that they will not appear in the spam folder either. Google is hoping to add additional services in the future to increase the reach of the additional email security layer.

Users can add the new phishing protection by logging into their Gmail account, clicking on the Settings link in the top right corner, switching to the Labs tab and enabling the Authentication icon for verified senders widget.

Experienced users on the other hand know that no software or script will reach an accuracy of 100%. There will always be false positives and negatives meaning regular websites that are identified as phishing websites (although they are not) and phishing websites that are not identified as such. The latter is obviously more devastating for the user.

Adding the hostname to the titlebar gives the user the opportunity to quickly check if he is on the right website. This in addition to other indicators can aid the user tremendously. More tips can be found at our Phishing Explained article.

There is however another benefit for users who work with password managers like KeePass who make use of the title for identification purposes.

Hostname in Title Bar (via Technix Update) is an experimental Firefox add-on which means that you have to sign in to the Mozilla website before you are allowed to download and install it.