10 Anti-Phishing Firefox Extensions

Thursday, 31 May 2007 - 18:33 EST | Hacks, Web Security

For most Internet users, defending against phishing attacks is a top priority. Typically, phishing attacks involve phony emails and fraudulent web sites that try to lure users into disclosing user names, passwords and other personal information, such as credit card numbers and social security numbers.

The damage caused by phishing attacks ranges from loss of access to your web account to identity theft. Once the personal information is obtained, the phishers may use one’s details to steal money, create fake accounts etc.

One popular way to combat phishing attacks is to maintain a list of known phishing sites and to check web sites against the list. This hack highlights 10 anti-phishing Firefox extensions that can be used to mitigate the risk of being a victim of a phishing attack.

PhishTank SiteChecker - SiteChecker blocks phishing web sites based on data from the PhishTack community. When you visit a web site known to PhishTank as a phishing web site, SiteChecker will display a block page instead of the phishing web page. Download PhishTank SiteChecker.

Google Safe Browsing - Google Safe Browsing alerts you if a web page that you visit appears to be asking for your personal or financial information under false pretences (phishing web sites). By combining advanced algorithms with reports about misleading pages from a number of sources, Google Safe Browsing is often able to automatically warn you when you encounter a page that’s trying to trick you into disclosing personal information. Download Google Safe Browsing.

WOT -WOT helps you steer clear of online fraud and phishing web sites, by allowing you to see web sites reputations on your browser. By knowing the reputation of a web site, it becomes easier to avoid accessing phishing web sites. The reputations are taken from testimonies contributed by the WOT community. Download WOT.

Verisign EV Green Bar - This extension adds extended validation certificate support to your browser. When you access a secure web site, the address bar turns green and displays certificate owner and certification authority. This extension is extremely useful to determine whether a web site is phony. Download Verisign EV Green Bar.

iTrustPage - iTrustPage prevents Internet users from filling out untrustworthy web forms. When visiting a web site that has a web form, iTrustPage computes the TrustScore for the form page. When the score is high, iTrustPage deems the web page as trustworthy; otherwise it is untrustworthy. Download iTrustPage.

Finjan SecureBrowsing - Finjan SecureBrowsing checks links in search results and websites and warns you of potentially malicious links. It performs real-time code analysis of the current content on each web page. It detects potentially malicious code and undesirable behavior. Each link is marked as safe (green) or potentially dangerous (red). Download Finjan SecureBrowsing.

FirePhish - FirePhish warns you whenever you surf to a site which is known as a phishing site or has suspicious characteristics. Download FirePhish.

CallingID Link Advisor - CallingID Link Advisor verifies that links you see are safe before you follow them. When the mouse is placed over any link, a risk assessment and the full details of the site owner are displayed, helping you decide whether the site is trustworthy. CallingID Link Advisor also warns you of links to sites that are known as phishing sites. Download CallingID Link Advisor.

SpoofStick - SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. Download SpoofStick.

TrustBar - TrustBar allows users to assign a favorite name or logo for each web site. This makes it easy to detect fake, cloned sites, from phishing, spoofing, pharming and other attacks. Download TrustBar.

Comments

Nice list, but could any of these tools help with the kind of phishing outlined in this /. comment?

http://it.slashdot.org/comments.pl?sid=236921&cid=19348619

Best regards
–
http://noscript.net

By Giorgio Maone on Jun 1st, 2007 at 3:39 am

Recognizing phishing should also be happening a step earlier– at the mail client, where the user is first presented with a false identity. I’ve written a Sender Verification Extension to do that (where possible):

https://addons.mozilla.org/en-US/thunderbird/addon/345

By Josh Tauberer on Jun 1st, 2007 at 7:08 am

You left out McAfee SiteAdvisor, which works in both Firefox and IE for Windows. http://www.siteadvisor.com/

By rojo on Jun 1st, 2007 at 7:28 am

Another suggestion is the Compete Toolbar:
http://toolbar.compete.com/

They use Geotrust and Castlecops to tell you whether a site is safe or not.

By John Thomas on Jun 1st, 2007 at 9:01 am

Combining the Enigform firefox extension, with an HTTP+OpenPGP aware web server (like Apache with mod_auth_openpgp), you can fully avoid username and passwords to login to sites, thus making phishing go away.

http://freshmeat.net/articles/view/2599

By Arturo ‘Buanzo’ Busleiman on Jun 1st, 2007 at 10:15 am

How about http://siteadvisor.com?

By Herbert on Jun 1st, 2007 at 10:19 am

Um… You might not be aware of it, but Google SafeBrowsing in one of its incarnations is *already* part of Firefox itself. Go to Preferences > Security > “Tell me if the site I’m visiting is a suspected forgery”

By phritz on Jun 1st, 2007 at 10:30 am

How about the netcraft one http://toolbar.netcraft.com/ ?

By Netcraft on Jun 1st, 2007 at 2:40 pm

How many of these extensions send your browsing history to their servers? Do any of these work with a local database?

By Panther on Jun 1st, 2007 at 8:17 pm

very good

By emil on Jun 1st, 2007 at 10:25 pm

Avoid iTrustPage.

I tried a number of the suggestions here and the rest seemed very friendly.

iTrustPage won’t let you enter text into a webpage if iTrustPage isn’t familiar with it. In these cases, iTrust requires you to enter 3 tags for it to search, then gives you alternative pages. There doesn’t seem to be any escape route, you have to enter 3 tags. It seemed all the blogs I follow are unfamiliar to iTrustPage, so I was forced to fight through the ‘provide 3 tags’ hassle whenever I wanted to leave a comment.

When I looked up iTrustPage, they bragged about making the user’s life miserable. It was good for people to think more about the forms they filled out.

http://www.cs.toronto.edu/~stefan/publications/tr/ut/2006/ut-csrg-545.pdf
“When we designed iTrustPage, we deliberately made the tool “irritating” if the form cannot be found in an external repository of information such as Google. We believed that by making the clearance process inconvenient, users would pay more attention to their actions. While our findings show that we succeeded in making it less convenient for users to proceed, we could not determine or quantify the amount of “extra security” gained in exchange. In the future, we might revisit this tradeoff based on the feedback that certain users would have uninstalled iTrustPage.”

When I uninstalled iTrustPage, all the other phishing software stopped working. It took a hour or two, to get back to where I wanted thing. Avoid iTrustPage!

By joe on Jun 2nd, 2007 at 12:18 pm

What about the NetCraft anti-phishing.
How good is that?

By Hi on Jun 3rd, 2007 at 1:57 pm

The Netcraft Toolbar has fared pretty well in third-party testing of anti-phishing toolbars:

http://news.netcraft.com/archives/2007/02/07/netcraft_toolbar_ranks_best_in_thirdparty_testing.html

By Rich Miller on Jun 6th, 2007 at 9:46 am

Nice text! I describe few other extension here:
http://grzglo.jogger.pl/2007/07/19/bezpieczenstwo-komputera-w-swietle-odwiedzanych-stron/

Text is in polish language, but every one can visit links from it and get some more information in english form each product site.

By GrzegorzJZD on Sep 17th, 2007 at 8:24 am

Contact

Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com

10 Anti-Phishing Firefox Extensions

Comments

Post a Comment

Contact

subscribe

Search

Latest Entries

Archives

Related Entries