The Anti-Phishing Toolbars That Didn’t

Here are the results of the toolbars that didn’t work out for me. Remember, the attack is clever enough to appear as a legitimate website in the URL box. The question is: Will the toolbar realise that’s not the only source of data appearing on the webpage?


Earthlink’s Scamblocker toolbar came out neutral: The text reads While we can’t guarantee that this Web page is safe, ScamBlocker found no evidence that indicates fraud or Internet scam. Of course, neutral really isn’t good enough.


Corestreet’s Spoofstick took a pretty straightforward punt on the site, and in doing so got it wrong too:


Other toolbars that threw up green lights were SpoofGuard and InspectorBrown:


As mentioned in the previous post, Netcraft’s Antiphishing Toolbar spotted there was a problem. The text reads The page you are trying to visit has been blocked by the Netcraft Toolbar because it is believed to be part of a fraudulent phishing attack…. Are you sure you want to visit the page?


So, congratulations Netcraft. For the others, when I did this research I asked for some comment but so far have received invititations to chat but no detailed replies to my questions, except from InspectorBrown, which I’ve posted here. (Neither has the bank in question replied to my emailed questions.) If I do hear more I’ll pass it on.

I should point out that all of the toolbars are free, and could be regarded as altruistic efforts to halt the phishing plague. But I still believe that unless such tools offer really good protection against the inventiveness of phishers, they merely lull users into a false sense of security. If you want to fight the phishers, you’ve got to be smarter than this.

03. April 2005 by jeremy
Categories: Phishing, Security | Tags: , , , , , , , , , | Comments Off on The Anti-Phishing Toolbars That Didn’t