Is that a phish?

Phishing schemes are a form of social engineering that attempts to trick people into revealing confidential information (username/passwords, credit card numbers, etc.) by using fake emails and websites. These schemes have been getting a lot more sophisticated over the last couple of years. The criminals, phishers, are doing a better job of making the emails or websites look more like their legitimate counterpart. People are usually fooled by phishing because they don’t take the time to really look at the site/email.

McAfee has set up a quiz on their SiteAdvisor site to see if you can spot a phishing webpage or email. The quiz is only 10 questions long. Eight of the questions are visual and you must choose which screenshot is the legitimate site. Clicking on the images will give you a larger image. The last two questions are “choose one answer” type questions.

McAfee SiteAdvisor - Phishing Quiz

Some good tips on how not to be fooled by a phishing scheme can be found here. The latest release of the a few browsers have a mechanism built in to alert users if the site is suspicious.

Mozilla Firefox 2 Phishing Protection
Opera Fraud Protection
Microsoft IE7 Phishing Filter

It was announced at the OS X Leopard preview in August 2006 that the Apple Safari web browser would have anti-phishing built in when Leopard shipped. As of now, with the release of Safari 3 Public Beta, it is not available but neither is Leopard.

There are also a few free anti-phishing browser add-ons available. For Firefox, PhishTank SiteChecker and McAfee SiteAdvisor reside in the status bar, not another toolbar, and work very well. PhishTank is a community driven site that collects reports about phishing sites. The service operated by OpenDNS and can be queried by other sources through their free API. It has been used as a verification source for the Opera browser (Fraud Protection) since version 9.1.

Common sense, however it tries, cannot avoid being surprised from time to time. - Bertrand Russell

26.Jul.07 Internet, Security