Trend Micro are reporting about yet another Facebook phishing attack that is currently in the wild. The attack begins – like most phishing attacks – by mass mailing potential Facebook users informing them that they need to update their Facebook login credentials. A link is offered in that email and if they follow that link they land on a website that looks like Facebook. What’s interesting here is that the email address field of the Facebook login form is already filled out so that the Facebook user only needs to enter the Facebook password to complete the process.

A click on the login button will open a new page that contains a link to an update tool which installs a trojan on the user’s system.

It attempts to access a Web site to download a file which contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.

The blog post contains security tips on how to distinguish legit from phishing emails. Users who are interested in those can visit the blog post but the most important lesson once again is to avoid clicking on links that are send via email.

Related posts

• Facebook Login Page (28)
• facebook login (34)
• Worio Combines Bookmarking And Web Search (2)
• Windows Live Photo Gallery Facebook Plugin (4)
• Which Facebook Apps do You Think are Worthless? (9)

SafeOnline is a security program developed by Prevx that is available as a standalone software or as part of Prevx 3.0. This program, according to its developers, is able to protect PCs against many forms of phishing and pharming even if they are infected.

How is it done?

The core protection lies in the ability to block keyloggers, screen scrapers, man-in-the-browser attacks, session hijackers, clipboard grabbers, and a number of other threats commonly installed by trojans like SilentBanker, Bancos, Zeus, Torpig, and Curtwail onto thousands of PCs daily. Rather than focusing on being able to identify the threats themselves, SafeOnline works to isolate the browser from the rest of the system even if unknown threats exist that try to steal data from the user. System level malware generally attempts to read data from the browser but Prevx introduces a layer in-between the browser and the rest of the operating system, tricking the threats into thinking that they have successfully read and transmitted the user’s credentials outside of the system when they have not. Unlike other solutions, Prevx SafeOnline works with the user’s existing browser, without requiring the use of a specialized browser so there is no need for the user to change their browsing habits – protection is applied seamlessly and silently in the background.

This sounds like a reverse sandbox where the contents in the sandbox are protected from the rest of the computer system. According to Prevx it offers protection against

* Man-In-The-Browser
* Phishing attacks
* Keyloggers
* Screen Grabbers
* Cookie Stealers
* Info Stealing Trojans such as ZEUS, MBR, Goldun, and Silent Banker

Prevx has contacted several banks in the UK offering their product for free to the bank’s customers. Six banks so far have shown interest in the product. These banks had special requirements according to PC World that included that the product would work with other security software and would not force the banks to change their websites. The security product was able to meet all of these requirements.

Verdict: The main question here is if it is really safe. Will it really defeat all keyloggers and phishing attacks? What if the security software fails do to so? What if users feel overconfident using the software? It might work as an extra layer of defense on a PC system but it might take a while before the company can build enough trust in their product. Thanks Dante for the tip.

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Windows 7 Firewall Control (4)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• Web of Trust: collaborative online security (7)

Here is how Mikko describes what happended in his blog: He posted a warning about a new MySpace phishing website two month ago as a tweet using his Twitter account. This message contained an unclickable url of the phishing website to warn users and spread the word.

Twitter, after two months, figured that the url was a phishing url and made the decision to suspend the account. It is not clear if this was an automatic or manual suspension. The Twitter account of Mikko was restored after two days and the following explanations was given:

I’ve unsuspended your acct.
You were suspended for using the malware URL rnyspeceDOTcom in DMs.
Be careful!
We scan evrythng for malware.

To make matters worse all of his followers and people that he followed were not restored. Both counts showed 0.

The whole incident raises several questions:

• Why was the Twitter account banned after two months and not immediately?
• Why did no one notify the Twitter user about the suspension
• Why did it take two days to restore the account
• Why can’t the followers and followed be restored

Twitter’s reaction fell short and put the blame on the Twitter user rather on an ineffective way of handling the incident. Until things change Twitter users should be very careful what they post in Twitter.

Related posts

• Yahoo Meme Opens Registrations For Anyone (1)
• Yahoo Meme Invites (47)
• Webmasters: Search For Links Posted On Twitter (3)
• Web of Trust: collaborative online security (7)
• Use Twitter As a Reminder Service (4)

Think of this example: A user receives an email from PayPal or his bank which states that the account was comprised and that action needs to be taken right now. A link is provided and most users will click on that link to get to the website fast. The website looks like the real PayPal or bank website which adds to the trust the user has in the process. The website asks for authorization and most users will enter their data without hesitation. The data that is entered will be collected by the attackers and used in criminal activity.

What is phishing:

• Phishing always requires a user to visit a specifically prepared website (most of the time through a link that is added in emails or messaging)
• The fake website looks a lot like the real website (there are ways to detect fake websites)
• The goal of the attackers is to get the user to enter the data that they are after into a web form.

Phishing protection:

The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.

• If you are not a customer of the site delete the email immediatly. Don´t click on the link or reply.
• If you are a customer and you are not sure if the email is legit do one of the following:
• Contact the institute by phone or contact at the official website ( do not use the email link of course) and ask if the mail is official.
• Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time). If not, use 2a to verify the email.

Thankfully though there are quite a few tools out there to aid and protect the user against phishing attacks.

• Most web browsers these days come with phishing protection enabled. The lists that they use are usually updated several times a day. It has to be noted though that they only detect phishing websites that are already in the list.
• Several email clients, like Mozilla Thunderbird, but also online email services, like Gmail or Yahoo Mail, make use of phishing protection as well.
• Internet security programs do come with phishing protection as well.
• Password managers can be an excellent aid. If you have saved the login for a website in the password manager you usually can login automatically (Last Pass for example supports that option). The password manager will only work on the real website and not the phishing website.

The most powerful protection again is the user’s common sense. Here are a few pointers on how to detect if a website is real or a phishing site:

• Check the url in the address bar. Is it pointing to the right website? Make sure you look close for chars that look similar, e.g. o and 0.
• Is it a https website? Is the certificate valid?
• Does the website look different? Open another web browser tab to enter the url manually just to be on the same side (if you have opened an external link)

Firefox users can check if the phishing protection of their web browser is working. Do you have additional phishing protection tips?

Related posts

• Another Report Finds Internet Explorer 8 To Be The Most Secure Web Browser (8)
• Add Hostname To Firefox Titlebar (3)
• Web of Trust: collaborative online security (7)
• Twitter Account Suspended? Be Careful What You Post (3)
• Truemark Email Identification (5)

Firefox will display a warning whenever the user tries to open a website that is a reported phishing website. Updated phishing and malware lists are automatically downloaded every 30 minutes if the web forgery protection is enabled in the web browser.

The following screen is then displayed if a website is opened that is on that list of phishing and malware websites.

The user still has the option to ignore the warning and proceed with the site loading but it is generally recommended to stop at this point and close the tab. There is however one nagging questions that some Firefox users have. How can they be sure that the phishing protection is working in the web browser?

Mozilla has created a specifically prepared website that will trigger the phishing protection. Users who open the It’s a trap website at Mozilla.com will see the web forgery warning if the phishing protection is enabled and working in the web browser. Everyone else will simply see the test website.

Firefox users who do not see the warning page should go into the Tools > Options > Security in the Firefox options and ensure that the entries Block reported attack sites and Block reported web forgeries are checked.

The phishing test website will not work with other browsers even if they offer phishing protection as well.

Related posts

• Add Hostname To Firefox Titlebar (3)
• Web of Trust: collaborative online security (7)
• Web Browser: Firefox 3.0.7 (5)
• Top 5 Security Plugins For Firefox, Chrome And Internet Explorer (16)
• Secure Firefox with Firekeeper (2)

Microsoft determined that the attack was not a breach of internal Microsoft data and believes that the account data was gained by a phishing attack. Phishing attacks are common ways these days to lure users into entering their account data on websites that look like the real deal but are not.

Hotmail users are encouraged to immediately change their account password to protect the account from unauthorized access. It is furthermore recommended to change the account password on other websites if the same password was used for accounts there as well.

A good tool that can help users create and use secure passwords is the Last Pass extension which is available for Firefox,Internet Explorer and Google Chrome.

Related posts

• Truemark Email Identification (5)
• Leaked Hotmail Password Data Analysis (4)
• Hotmail Login (0)
• Gmail Adds Email Import (1)
• Enable Hotmail POP3 In All Countries (31)

Sites like Web of Trust allow users to share information about phishing sites, but scores of similar tools exist and as it would be counter-productive for each to maintain their own database of phishing sites.

PhishTank centralises phishing reports and allows developers to use their data free-of-charge in their own applications, with manual or automatic download enabled (although the latter requires a free API key).

PhishTank offers a service a lot of web users will use without even realising it. Whilst certain tools might submit their data to PhishTank too, you can help your fellow web users and fight phishers through submitting data directly to PhishTank.

With a free registered account, reports can be submitted through a web interface or through email. It is extremely easy to send the next phishing attempt that manages to get through your spam filters to PhishTank. Providing you have that email address registered with them, all you have to do it forward it to phish (at) phishtank.com .

Whilst it might not directly benefit you to do so, you are helping users who might help you too. If nothing else, you are keeping your credit card interest rate down marginally, as your bank has to pay less out to compensate phishing victims!

Related posts

• Web of Trust: collaborative online security (7)
• Add Hostname To Firefox Titlebar (3)
• Truemark Email Identification (5)
• Realtime Anti-Phishing Add-on for Firefox gone bad (9)
• PayPal to Block Unsafe Browsers (6)

The test analyzed the web browser’s phishing protection. Both Internet Explorer 8 and Firefox 3 (that is Firefox 3.0.11 and not Firefox 3.5) managed to score an average block rate of 83% and 80% during the 14 days of testing. Opera 10 managed to block 54%, Google Chrome 26% and Safari a whopping 2%.

The average phishing URL catch rate for browsers over the entire 14 day test period ranged from 2% for Safari 4 to 83% for Windows Internet Explorer 8. Internet Explorer 8 and Firefox 3 were the most consistent in the high level of protection they offered. Statistically, Internet Explorer 8 and Firefox 3 had a two-way tie for first, given the margin of error of 3.96%. Opera 10 beta came in third due to inconsistent protection during the test. Chrome 2 was consistent, albeit at a much lower rate of protection, and Safari offered minimal overall protection.

The test analyzed the average response time to phishing attacks. Internet Explorer 8 finished first with an average response time of about 5 hours closely followed by Firefox and Google Chrome. It took Opera about double the time and Safari more than 10 times to protect against emerging phishing attacks.

Many users will criticize the test because it has been sponsored by Microsoft. This alone should not be reason to dismiss the findings as inaccurate. There have however been accusations of manipulated reports by NSS Labs in the past which are for example mentioned in a blog post at the Opera website. Some of the points of criticism like mixing beta and final versions or limiting test urls to a very low number are also valid points in the new report.

Even critics have to admit on the other hand that Microsoft has made progress with Internet Explorer 8. The web browser might still not be as fast as the others but it is definitely a solid web browser which could be the most secure web browser when it comes to protecting users from phishing attacks. It has to be noted that the test is only considering the automated protection.

Related posts

• Xenocode Web Browser Sandbox (0)
• Web Browser Popularity (51)
• Web Browser Memory Usage Benchmark Gets It All Wrong (15)
• Web Browser Have Impact On Battery Life (1)
• Web Browser Benchmark Comparison (19)

Enter Truemark by Iconix. Truemark uses authentication techniques to identify more than 1500 different company email addresses including the three companies in the example above. It is backed by some of the most popular shopping and financial websites on the Internet which makes it attractive for many users. Even better is the fact that the software is free to use and compatible to several popular email providers like Gmail, Hotmail, Yahoo! Mail or Aol Webmail but also Microsoft Outlook 2003 and 2007.

Another advantage of Truemark is that is it working in both Internet Explorer and Mozilla Firefox which should cover more almost 90% of the web browser market. The installation of the software will install a Browser Helper Object in Internet Explorer and an add-on in Firefox.

Truemark will automatically scan the emails in the mail inbox if the user opens a supported email client or web email client. It will display a verification icon next to the email to notify the user that the email is legit.

Moving the mouse over the icon will show an overlay with additional information about the sender and if the sender passed both identification and authentication.

Related posts

• How to defeat Phishing (4)
• Gmail Adds Email Import (1)
• Automated Email Archiving and Monitoring In Microsoft Outlook (1)
• Yahoo Mail, Search And Messenger Upgrades (2)
• Xobni for Microsoft Outlook (1)

Experienced users on the other hand know that no software or script will reach an accuracy of 100%. There will always be false positives and negatives meaning regular websites that are identified as phishing websites (although they are not) and phishing websites that are not identified as such. The latter is obviously more devastating for the user.

Adding the hostname to the titlebar gives the user the opportunity to quickly check if he is on the right website. This in addition to other indicators can aid the user tremendously. More tips can be found at our Phishing Explained article.

There is however another benefit for users who work with password managers like KeePass who make use of the title for identification purposes.

Hostname in Title Bar (via Technix Update) is an experimental Firefox add-on which means that you have to sign in to the Mozilla website before you are allowed to download and install it.

Related posts

• Youtube Video Download (11)
• Youtube It Firefox Add-on (4)
• Youtube Comment Cloud Firefox Add-On (4)
• Web of Trust: collaborative online security (7)
• Web Development: Widerbug For Firefox (8)

Users rate websites on their ‘Trustworthiness’, ‘Vendor reliability’, ‘Privacy’ and ‘Child Safety’. Information about websites is also gathered from Compete, comments by users and through links from reliable sources (such as Digg, Lifehacker, Open Directory Project and Wikipedia).

Web of Trust sits alongside your navigation buttons, ensuring it has your attention, and should a website be cause for concern the button will change colour. Information is also integrated in webmail and search results, to ensure you won’t stumble across an unsafe website.

It currently has information regarding of about 21,000,000 websites based on feedback from the extension’s users. It can also be used as parental control, blocking children from websites not suitable for kids.

The website has flaws. It relies on a user spotting a phishing site before someone falls prey to it and naturally, intelligent scammers could trick it through rating their own site. Then again, I imagine this would rarely happen and even when it does, one would expect it to be quickly rectified.

Related posts

• Realtime Anti-Phishing Add-on for Firefox gone bad (9)
• Protect your privacy from Google AdSense’s new behavioral ads (17)
• Help the fight against phishing with Phishtank (1)
• Firefox Extended Copy (3)
• Add Hostname To Firefox Titlebar (3)

A new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an international IP from an unregistered computer and that their “Foreign IP Spy” detected that breach.

It is asking the user to verify and register his current computer by logging in to the Bank of America website. That link leads to a new window which opens a phishing website that is using a fake address bar. Most users who clicked on that link will surely enter their login information.

This approach is basically appealing to the user to secure his account. That’s tricky and many users will probably fall for this because they believe that thiefs would not ask them to secure their accounts. What they obviously miss is the fact that the added security feature is fake and not existing.

Websites with that fake address bar can be easily identified by right-clicking on that website and selecting properties from the context menu if Internet Explorer is the browser of choice. Firefox users click on Page Info in that right-click menu while Opera users press Alt + Enter or right-click and selected Edit Site Preferences.

The best protection against phishing is to not open any links in emails. Always open the website directly in the browser. If you are insecure call the company and ask if they have send that email to you.

Related posts

• Test The Phishing Protection In Firefox (3)
• Add Hostname To Firefox Titlebar (3)
• When on Digg be careful (2)
• Web of Trust: collaborative online security (7)
• Twitter Account Suspended? Be Careful What You Post (3)

That’s what PayPal (thanks Lee for the email) mentioned in a Whitepaper and I have to agree with it. There is virtually no reason why someone would still use Internet Explorer 3 or 4 to surf the Internet for example. Those browsers probably have so many known security holes and lack so many security features that it’s highly likely that the browser will get successfully attacked eventually.

This still does not take care of the user who is working with the computer which is in my opinion the greatest security risk of them all. I always like to say that if you do not understand basic security concepts, for instance the ability to differentiate between http and https websites, then you should not be doing security related stuff on the Internet including banking but also eBay, Amazon or PayPal.

The battle against Phishing is something that companies cannot win alone. Companies cannot do anything about a user who cannot differentiate between fake and original websites. Systems like Extended Validation SSL Certificates which highlight the address bar in green will surely help those users in the long run.

What should not happen though is the exclusion of a browser simply because it is being used by a smaller community. Say Safari for Mac. When I worked at one of the biggest German financial corporations I always had to tell Mac users that their browser was not officially supported. Security is not an excuse to lock out some users with more “exotic” browsers.

Related posts

• Ingenious PayPal mimicing spam (8)
• Web of Trust: collaborative online security (7)
• Truemark Email Identification (5)
• Securing Your Web Browser (0)
• Paypal anti-laundering safety regulations (13)

Dante send me this interesting article from Techworld that describes the mechanism behind selling Credit Cards. They are sold in so called dumps which seems to be packs of one hundred numbers starting from $10 per 100 for regular Visa and Mastercard Credit Cards up to $150 for European Gold and Platinum cards.

Techworld calls it a Credit Card Supermarket which does not seem to fit the website at all in my opinion. It looks pretty spammy, probably to keep regular visitors from exploring the website. I think it is interesting to note that there is no obvious way to contact the sellers other than to reply with a comment on your own which would make a seller pretty vulnerable to investigations unless they take extra precautions.

Related posts

• Web of Trust: collaborative online security (7)
• Twitter Account Suspended? Be Careful What You Post (3)
• Truemark Email Identification (5)
• Test The Phishing Protection In Firefox (3)
• SafeOnline Protects PCs Even If They Are Infected (2)

I personally do not install software like this especially if it has Norton / Symantec or McAfee written on it. Still this might be useful for some and it is free after all. Here are the steps that you need to do: (Thanks to Raymond for finding another great offer)

Visit the Natwest website and click on the huge banner at the bottom saying Free PC Security, Protect your PC for 12 months with McAfee VirusScan Plus. This will lead you to a McAfee website that has a Register Now button. Click on that button and fill out the registration form.

McAfree VirusScan Plus 2008 Features

• Safe Search, Safe Surf. McAfee® SiteAdvisor™ adds ratings to websites to help you avoid online dangers.
• Home License Subscription Service. Automatically delivers the latest software features and threat updates and lets you easily manage security subscriptions for all your PCs.
• Stops Viruses. Blocks and removes viruses and even stops them before they even get to your PC.
• Stops Hackers. Protects and conceals your computer from hackers.
• Blocks Spyware. Blocks spyware before it installs on your computer and removes existing spyware.
• Improves PC Health. Cleans clutter off your computer so it stays healthy and secure.

It requires your name, email and a password. You might want to uncheck the options below the form so that you do not subscribe to those newsletters. Click on the I Agree button to proceed and in the next window on the Go To My Account button.

This should load the account window and you should see the McAfee VirusScan Plus 2008 subscription in a table on that page. A download / install button is available in the same row, click that button to download the file DMSetup.exe and execute it when the download is finished.

You should be automatically logged into your account, if not the option is given in the tool. Just click on the Download button to download the real product which takes a while. Once the download is completed you click on Install to install the product.

The Register Now link is not working all the time. My first test through up an error message. Just try it again and it should work afte all.

Related posts

• Steganos Security Suite 2007 for free (18)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Norton Antibot Free 1 Year License (15)
• Hide Antivir Scans, Updates and Advertisement (11)
• Free Winrar 3.62 License (20)

The new kind of phishing emails is actually using the knowledge of those first gen phishing emails by warning users about those emails which will lead to a fake website. Since this is a relatively new scheme many users will probably fall for it believing the message that is send to them.

Who would believe that a message that is warning the user about phishing emails is actually a phishing email ? The best way to defend against this kind of attacks ? Never open links in mails, always visit the website directly.

Related posts

• Truemark Email Identification (5)
• Ingenious PayPal mimicing spam (8)
• 20 Minute Guide to Pc Security (0)
• Web of Trust: collaborative online security (7)
• Temporary Email from BugMeNot (2)

Virtual mail accounts can be created in many online mail accounts including Gmail and Yahoo Mail. If you wanted to create such a virtual mail account in Gmail you would simply change the email address at the site where you are registered at to youraddress+added@gmail.com. To give you an example, you could use the email ghacks+paypalcom@gmail.com as your main email in PayPal.

You would then set a filter in Gmail to filter all messages send to this email. Now, whenever an email from PayPal arrives that was not send to this virtual email address you can be sure that it is a phishing email. To be effective you need to hide this email from everyone, even the people who send or receive money. This is done by using a second email for this purpose that is not your default email in PayPal.

This system works fine if the service accepts email addresses with plus signs. Most websites need only one virtual email address, your bank for instance, eBay and every other website where the email is not visible to contacts.

Related posts

• Truemark Email Identification (5)
• Gmail Increases Email Security With Phishing Protection (7)
• Gmail And Yahoo Mail Users Now Protected Against eBay And PayPal Phishing Mails (1)
• Yahoo Mail, Search And Messenger Upgrades (2)
• Ingenious PayPal mimicing spam (8)

This email confirms that you have sent an eBay payment of $47.85 USD to hineswhittier@yahoo.com for an eBay item using PayPal.

If you look at the email, it does look like a PayPal email at first glance. There are differences, but who can really recall an invoice at first glance? I have to say, that despite my “mental training” to be really cautious, I almost clicked on the link. My first thought was, maybe someone hacked my account. I don’t have a load of money on there, but I do have over $48, so if they did hack it, it would make sense to only send that small amount. If you read a bit further, here’s what you see, and this is what arose my suspicion.

Note: If you haven’t authorized this charge ,click the link below to dispute transaction and get full refund (Encrypted Link )
*SSL connection: PayPal automatically encrypts your confidential information in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available)

First of all, yeah right, I click dispute, and I get all my money back, how nice of PayPal, not even to look into it. Second of all, I don’t think 128 bit SSL is the highest available. Third of all, and this was right before I almost clicked, the link contained inside (I have removed it now) goes to a very non-PayPal page. I mean it goes to some Japanese, even spam-sounding website. By the way, 3 of the five links in the email went to the same page. I just stopped there and then and forgot about it. Upon an even closer inspection though you can see the comma error in the first line, and also the faulty bracket spacing after “Encrypted Link”.

Whenever you receive something that seems like spam, always remember to check these things, they can tell you it is spam, or at least keep you from clicking away wildly. Click on the pic if you want to see the email, it’s in gif format, so no need to worry about links and things.

Update: I have forwarded the email to spoof [at@] paypal [dot.] com, if you receive anything like this, please help them out too.

Related posts

• Truemark Email Identification (5)
• PayPal to Block Unsafe Browsers (6)
• New Phishing Mail Tactics (3)
• How to defeat Phishing (4)
• 20 Minute Guide to Pc Security (0)

Installing a software that protects the computer against most forms of phishing would be one way to deal with the lack of knowledge. Delphish is a free anti-phishing extension for Microsoft Outlook and Mozilla Thunderbird. It adds a new toolbar to the email client with several new options. The most important button in that toolbar is the Check for Phishing button which analyzes the mail in two steps. The first step is a comparison to an online database that contains known phishing emails. If that check is positive the result will be shown and the mail will be moved into the phishing folder.

If the first comparison is negative Delphish will analyze the contents of the mail to determine factors that are normally used in phishing emails. A whitepaper that is available on the Delphish website details that process but should be left for the interested that have a technological and mathematical background. Some of the factors that play a role in determine if the mail is a phishing email are: Geolocation, link analysis, context analysis and reputation analysis.

Even with the extension installed common sense should be used as well. You can use Delphish as a first layer of defense against phishing but should make sure that you are able to analyze the mails by yourself as well.

Related posts

• Use Gmail As Email Backup Space (2)
• Truemark Email Identification (5)
• Realtime Anti-Phishing Add-on for Firefox gone bad (9)
• Importing Calendar From Microsoft Outlook To Mozilla Lightning (5)
• Help the fight against phishing with Phishtank (1)

Anti-Phishing toolbars and implementations in the major browsers are useful but can, as you will see, give the user a false sense of security. This can be attributed to the fact that databases that contain the information are not updated in real time. Someone has to report a phishing website before it will be added to the database, it would be more than difficulty to create a automatic solution for this problem.

A second difficulty are new techniques used by hackers that are not detected by ant-phishing toolbars and implementations.

Flash Phishing

Anti-Phishing toolbars do check the page content for signs of phishing but do not analyze flash objects at all. Hackers know this and tend to use this to their advantage by using flash to emulate the original website. Users tend to believe that the site is “clean” because their anti-phishing toolbar did not react to it.

It is however relatively easy to find out if the current website is fake.

1. You need to take a look at the url in the address bar. If it is not the original address leave it immediately.
2. Check if it is using https instead of http. If it is using http leave the site immediately.
3. If it is using https check the certificate.
4. If the site is only using flash leave it.
5. Never follow links in emails (unless you know the person)
6. Never follow links in chats (unless you know the person)

You should immediately contact the supposed owner of the website and ask for advice.

Social Phishing

Phishers use other means of getting sensitive data from users. We all know that we should contact the company if we have doubts about a website. What if you would receive a mail from your bank asking you to call them back because there was a security breach ? Would you call them back ?

What if the number was redirecting you to someone in China speaking fluent English ? Would you give him the information he would be asking for to verify´that you are the customer ? Sir, we need to make sure that you are indeed our customer. Could you please supply your credit card information so that I can verify your identity ?

This is not a huge market yet but it will grow over time.

Related posts

• NTFS Alternate Data Streams (3)
• Help the fight against phishing with Phishtank (1)
• Web of Trust: collaborative online security (7)
• Weak Passwords (12)
• User Data Stolen from The Pirate Bay (0)