Securing Your Digital World: Anti-Phishing Tools & Techniques

Posted on October 3, 2007 by Michael Koby

We spent the last few weeks going over password security. I showed you how to create secure passwords and how to keep track of them. Now that you have a secure password, it is incredibly difficult for someone to hack that password. That is true unless, of course, you give them your password willingly. This kind of thing can easily happen with a technique called “Phishing” which according to wikipedia is “a process by which a phisher attempts to fraudulently acquire sensitive information such as usernames and passwords.”

How Does Phishing Happen

A phishing attempt is most commonly started using email. You might have seen an email at one point or another that tells you that if you do not log into your PayPal account, it will be closed and you will lose any information or money in the account. Well there is usually a link or a log in “button” inside this email that is made to look like an official email that will take you to a site that looks like the originating site with a log in form. You log into this form and the phisher is either smart enough to then forward the login information to the actual website to log you in, or it shows you a log in error message. By this point, the damage is already done, the phisher has your information and can now log in as you.

How Can Your Protect Yourself Against Phishing

Remember in the previous articles about password security I advise that you change your passwords frequently? This is one of the reasons to do so. If someone gets your password and does not change it, when you change your password, you lock them out of the account again. However, most likely, the phisher is going to change the password and email address that is associated with the account. Locking you out of the account completely. If this was your PayPal account, then they now have access to your bank account and other personal information like home and work addresses. Possibly even phone numbers.

How can you avoid falling prey to this social engineering technique? There are a couple of ways.

  • If you get an email that uses a “scare tactic” or you just want to be sure, you can always go and open the website on your own. Open a new web browser or tab and goto the website in question by hand typing the URL. So in the case of PayPal, you would enter “www.paypal.com” ensuring that you goto PayPal’s actual site and not some link someone sent you to that is trying to trick you into a false sense of security.
  • Another Option is to use any anti-phishing tools included in your browser (we will get to this in a second)
  • Finally, if your browser does not have anti-phishing tools built in, you can use an add on tool bar (more on this later as well).

Built-In Anti-Phishing Tools

Mozilla Firefox 2.0 or later

The good news is that with later browsers, there is anti-phishing tools built right in. No need to install extra software because they are already there. With Mozilla Firefox 2.0 or later, there is an option under the security settings in the Options dialog.

Firefox Anti-Phishing Options (Click to See Full Size)

With Firefox, you get two options when it comes to using the Anti-Phishing tools. You can use a pre-defined “black list” of websites that is updated when the browser is updated, or you can use Google to check each website you go to. There are some privacy concerns when using Google to check the web site you visit, so be sure to read the user agreement.

Internet Explorer 7

Internet Explorer 7 comes with its own anti-phishing tools as well. Though you do not get to many options with it. You can turn it on and off, and it will only check against Microsoft’s database of sites. There is no option to use an internal predefined list, but it might do this by default if no internet connection is available. You can see where to turn the “Phishing Filter” tools on/off in the image below (Click to enlarge).

IE7 Anti-Phishing Tools (Click to Enlarge)

Other Browsers

On older browsers, like Firefox 1.5 or Internet Explorer 6, you do not have built in anti-phishing tools. Instead you need to rely on a third party toolbar to do this job for you. There are several toolbars out there on the internet that will not only help protect you against phishing attacks, but will also allow you to perform other tasks like searching the web, bookmarking, and so forth. Two of the more popular toolbars come from Google and Yahoo. The links will take you to the respective toolbars for each company. Both of these have built in security features that will help you against phishing attacks.

This entry was posted in Security, Technology and tagged . Bookmark the permalink.