More Anti-Phishing Tools

Here are a couple more tools designed to thwart phishers:

  • EarthLink, a U.S. Internet provider, has today added something called ScamBlocker to its Toolbar, and made it available to all users, not just subscribers. ScamBlocker will “alert you before you enter a Web page that’s on our list of fraudulent sites”.
  • SpoofGuard, from a team at Stanford University, works the same way, via “a traffic light in your browser toolbar that turns from green to yellow to red as you navigate to a spoof site. If you try to enter sensitive information into a form from a spoof site, SpoofGuard will save your data and warn you. SpoofGuard warnings occur when alarm indicators reach a level that depends on parameters that are set by the user.”

Both only work with Internet Explorer. ScamBlocker relies on EarthLink updating its list of fraudulent sites, quite an undertaking given the number and variety of scams now in operation. SpoofGuard does more sophisticated checks, against previous sites you may have visited, as inspecting the link visited for signs of tricks used by known phishing attacks.

SpoofGuard makes more sense in a way. But my worries about both are that a) they create a false sense of security among users, who may be tempted not to run their own checks on links if the toolbars don’t throw up any warning flags, and b) phishers will quickly render them obsolete by figuring out ways around them.

That shouldn’t stop you trying out these tools. Anything is better than nothing. Of course, if you’ve already read about phishing chances are you’re not going to click on a link in an email you don’t trust anyway.

18. April 2004 by jeremy
Categories: Scams, Security | Tags: , , , , , , , , | 1 comment

One Comment

  1. Phishing Inspector is a browser plug-in that identifies a physical location of the Web site with a click of a button. By verifying a site registration, a user will avoid submitting financial information to questionable and fraudulent Web sites.