Browser Wars: Handling a Phishing Site

The other day, I got an email from US Bank saying I need to login to their site and change my password, funny though, I don’t bank at US Bank. What’s the deal? A “phishing” attempt was made!

Phishing, according to Wikipedia, is: In computing, phishing is a criminal activity using social engineering techniques.[1] Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out by email or instant messaging,[2] and often directs users to give details at a website, although phone contact has been used as well.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

Woah, ok, long definition. What it means is someone tries to pass themselves off as someone else to jack your passwords.

Anyway’s, since I rarely get phishing emails, I decided to test out how Firefox 2.0 and Internet Explorer 7 (On Vista) compare as far as their phishing filters.

firefox_phish ie_phish

As you can see from the screenshots, Firefox on the left, Internet Explorer on the right.

Firefox puts a gray shade over the webpage, and pops a balloon up saying :”Suspected Web Forgery”. You can ignore, or get the hell out, which brings you to your homepage. You can clearly see in the address bar that the URL Address is not US bank at all, clearly a hoax. You can also report the site as not a phishing site if by some chance it isn’t.

Internet Explorer makes the address bar “red”, I am assuming meaning “stop!” It actually then displays an error message saying that it is a phishing site and gives a brief overview of the meaning of a phishing site. Two options. “Click here to close” (with a green shield, meaning, go, good) and “Continue to this website (not recommended)” with a red shield, stop, bad. Also they display the URL again in the page contents, and allow you to report it as not a phishing site as well.

Which one is the winner here? Hard to say. I think I like Microsoft’s implementation better, for a few reasons. First, they don’t show the actual image of the site like Firefox. Unsuspecting or unfamiliar users might see that US Bank site the way Firefox displays it and say, hey! that looks like it, so it must be OK. Where on IE, they get the error message, say WTF and close out. I like the red address bar on IE as well, and when you are on some sites (ex: Paypal) it is green, which is good as well. One place where Firefox might be better is in the terminology. They call it a “web forgery” where Microsoft calls it a “phishing website”, but to be true to what it really is, Microsoft is correct.

In any event both browsers are doing good in handling fake websites and making sure the users know they are about to get hoodwinked. A year or two ago, people would just blindly hit these sites and put in their username/password, and be taken to the cleaners.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s