RealTime IT News

Netcraft Toolbar Targets Phishing Sites

Web firm Netcraft's new anti-phishing toolbar has attracted about 20,000 downloads since it went live last week, company officials said.

The tool, which is available for Internet Explorer (IE) users, is essentially an Internet community "Neighborhood Watch" that warns users off from URLs believed to host phishing sites, in order to prevent them from handing over sensitive information there.

A company official said a version of the toolbar for the Firefox browser is a top priority for developers, though no time frame was given on a release date.

The toolbar also displays other information relative to the Web page user's visit, including the site's owner (since it's unlikely your local bank is hosted in another country), their ranking among other Web sites indexed in Netcraft's database of known Web sites and how long the page has been indexed.

Drop-down boxes in the tool bar redirect users to Netcraft pages, and offer information about how to report a phishing site, the most prevalent phishing countries and other services offered at the Web site. The toolbar also forces navigational displays on all IE Web pages, which is hidden by many popup browsers, as well as trapping suspicious URLs with deceptive characters.

Rich Miller, an analyst at the Bath, England-based Internet services company, said the company decided to develop a toolbar because of the increasingly sophisticated scams perpetrated by phishing artists looking to trick users into providing sensitive information like login and password information, account numbers and the like.

"We thought it would make sense to go a step beyond the standard procedures and come up with a tool that really provides some protection for folks when they're surfing the Web and aren't current on what the latest scams are," he said.

The list of phishing sites is maintained within Netcraft's own database of known phishing sites, as well as sites reported to the company by Internet users. When a user attempts to visit a Web site or page in the Netcraft database, a popup warns users they are on a suspected phishing site.

When the user clicks on "Report a Phishing Site," it asks for the user's name and e-mail address and the reason for reporting the URL. The URL in question is automatically appended to the report, which is then sent to Netcraft officials.

There is also a menu option to report an incorrectly-blocked URL.

NetCraft Toolbar
Miller said each link is vetted by a company official to ensure sites aren't inadvertently added to the database of phishing sites. There's even an incentive program, not publicized by the company, for reporting phishing sites.

If a person is the first to submit a link to a new phishing site, the user receives a free prize, such as a coffee mug. Miller said other offerings are in the works as well. An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.

Netcraft developers -- there are a handful dedicated to the toolbar project -- are working on improvements and fixing glitches in the IE toolbar. For example, one version of the toolbar wouldn't let the reporter click on hyperlinks to the site report, ranking or host information in the Netcraft toolbar.

Netcraft's release joins a group of ISPs and other online concerns that offer phishing warning systems. For example, Earthlink offers a free version called ScamBlocker.

Browser support for Firefox is also taking top priority, Miller said. According to Netcraft, development of the Firefox version began just before Christmas.

The company is also selling a license for the toolbar technology to corporate entities, which will allow companies to re-brand it with their own company's images and information.

Users can download the Netcraft Toolbar here.