A Better Anti-Phishing Toolbar? 33
Saqib Ali asks: "There have been recent discussions on Security Focus mailing lists about several Anti Phishing Toolbars available for Firefox. Do Slashdot readers have any recommendations on which Anti Phishing toolbar to use, or on how to improve upon the existing ones?"
Obligatory (Score:1, Interesting)
Seriously, it is a pretty good bar. I just wish its appearance/position was a little more customizable.
Re:Obligatory (Score:1)
Don't know about others.
how about... (Score:1, Informative)
Re:how about... (Score:1)
Never tried them. (Score:5, Informative)
> use, or on how to improve upon the existing ones?"
If you're smart enough to install this kind of solution then you're not going to fall for the phishing attempts in the first place. Email from paypal/ebay/your bank that doesn't start with your name? Delete it. Get a plausible looking email asking you to click on a link and log in? Type the URL manually anyway (I use a local homepage which just contains a bunch of links to those accounts, Slashdot etc). Have an account somewhere that doesn't address you by your full name in emails? Close the account and use another bank.
By the same token, this stuff is obvious to everyone reading Slashdot. Right?
Re:Never tried them. (Score:2)
Re:Never tried them. (Score:1)
> people actually have to.
I use Cahoot's online bank in the UK (5+% savings account, ~4% current account) - seems safe to me. Should I be scared? Why? Where's the risk? Not phishing, so is SSL insecure?
I don't know... (Score:2)
Re:I don't know... (Score:1)
Or use GMail (Score:2)
It doesn't catch 100% of my spam, but it does well over 99% I would say. And none of the ones that get through are anything resembling phishing.
Re:Or use GMail (Score:1)
I do both (using HTTPS to access gmail, not the lame http it offers you - you have to edit that yourself - or use a plugin).
Re:Or use GMail (Score:2)
Just mouse over (Score:2)
There are going to be a VERY small number of sites that this isn't true, but these kinds of sites are unlikely to be anything that most people are going to be ever needing to use.
Re:Just mouse over (Score:1)
Re:Just mouse over (Score:1)
Re:Just mouse over (Score:2)
I humor these idiots once in awhile, if I'm sitting at the computer and watch a message come in (and I'm really bored). I'll hit their site, give false info and submit it.
One of the funniest things I've seen is one site that used an java popup image to put it over the default location of the IE toolbar. So when I cliked the link, part of my Firefox tabs where covered up (I'm in webdev, so I can't disable javascript). Laughed my b
Re:Never tried them. (Score:3, Interesting)
Re:Never tried them. (Score:2)
Or, if possible, use the phone. If you get an unexpected e-mail from your financial institution, call them. Don't use any link or phone # in the e-mail. You should have a couple of customer service numbers with you for any bank or credi
Re:Never tried them. (Score:1)
anti phishing already installed in IE7 (Score:2, Interesting)
Re:anti phishing already installed in IE7 (Score:2)
Re:anti phishing already installed in IE7 (Score:1)
Besides, I don't think a lot of people feel comfortable to send every url they visit to a company that just bought the backend technology from Claria/Gator (or any company, for that matter), but that's something most phishing toolbars do, if I unde
Phishing? whazzat? (Score:4, Interesting)
In the unusual case (once per week) that I actually _want_ to look at a website mentioned in email, I cut'n'paste.
HTML email is abomination. Autoload images is evil.
Google solution. (Score:3, Informative)
Re:Google solution. (Score:2)
Re:Google solution. (Score:1)
I got to admit that I didnt look around that much there so I havent found an answer yet.
Sticker (Score:1)
"No one will ever ask for personal information via email. If anyone does, do not give it."
Re:Sticker (Score:2)
Written by someone who has never worked in a large corporation or bureaucracy.
Re:Sticker (Score:2, Insightful)
I think, generally speaking, much time is spent trying to prevent social engineering attacks with technological methods. Phishing is not an attack against a technological resource; it's an attack against a person using technology. The weakness being exploited is in the person, not in the computer system. Trying to protect a computer system from phishing i
Re:Sticker (Score:2)
Re:Sticker (Score:1)
No one will ever ask for personal information via email unless you have solicited the request yourself. If anyone asks unsolicited, do not give it.
I know, I know. This means we're going to have to make another sticker with the definitions of "solicited" and "unsolicited" on it. And with LCD monitors all the rage, there's hardly room around the edge of the screen for two stickers and a Post-It with your username and password.
I agree that email is a great form
Call Me a TROLL: Who needs a tool bar? (Score:1)
1. If you don't know them you don't owe them. HIT DELETE
2. Your financial Institutes will never ask you via e-mail for any info. Call the institution and tell them what you have received.
3. If in doubt,
Celebrity Greeter at the Tool Bar? (Score:1)