We’ve all gotten those emails: ‘Problem with your PayPal account,’ ‘Confirmation for your EBay account,’ ‘Issue with your
The emails look real, often using things like logos and layouts lifted straight from the real site. The link will claim it takes you to the site they’re trying to fake, sometimes even on the bottom of the screen (some programs can be fooled). If you click on the link, the site you’re brought to even looks real, almost impossible to distinguish from the real thing.
However, the latest security tools, especially ones within Web browsers, are constantly improving, in an effort to warn you of trouble before you’ve handed your information over to anybody. Tools that warn you that you have or may have reached a phishing site now come with the latest versions of Microsoft Internet Explorer (7.0) and Mozilla Firefox (2.0), the two most widely used browsers in the world.
Firefox’s system works by keeping a list of bad sites on your computer, and trying to update it every 30 minutes. They also offer the option of checking the site against a list maintained by Google and anti-phishing groups. If the site is a match in either case, Firefox displays a warning box, and asks you if you want to continue or leave the site.
Internet Explorer (IE)’s system works somewhat differently – it keeps a list of legitimate sites on your computer. If the site you’re visiting isn’t on the list, it will check the site against a list of known bad sites, which is held on a Microsoft site.
If the site is listed, IE will redirect you to another page, warning you that you’re trying to access a reported site, and you’ll have the option to go there if you really want to. If it isn’t there, IE will look at the site to see if it is similar to what a phishing site would be. If it is, it will warn you. Microsoft claims they do it this way, instead of with a list of bad sites, because they feel sites erroneously reported as bad cannot be corrected quickly.
There are obvious privacy concerns from both methods, as the URL you’re submitting could potentially contain personal information, due to the way information is submitted to certain sites, like Google. However, both tools send the URL over a secure connection, and IE claims to try to strip out parts of the URL it’s checking that might contain personal information prior to sending it.
If you are concerned about this, there are ways to prevent URLs from being checked. On IE, you can turn off the automatic check against Microsoft’s database. On Firefox, the default is not to check against Google; you must turn that feature on yourself. All the same, though, you’ll have to reveal to both services which sites you’re visiting to find out if they’re legitimate or not.
So which one is better? A report was released on Tuesday by testing company SmartWare, funded by the Mozilla Foundation, which produces Firefox. The report found that Firefox blocked 243 phishing sites when IE didn’t, and 117 where IE blocked, Firefox didn’t. Firefox, at its lower security level, blocked around 79% of the sites compared to IE’s 66% at its higher security level.
Whichever browser you use, it is strongly recommended to keep it up-to-date, to avoid security breaches like these. Firefox seems to offer the best security, as well as the best privacy. It is available for free at www.getfirefox.com, and the latest IE is at www.microsoft.com