• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Web Forgery Notice

webfusion

Philosopher
webfusion
Joined
Nov 16, 2004
Messages
9,760
Just noticed that Firefox 2.0 (which I started using a few days ago) has an installed feature that warns me that I have clicked on a webpage that is a "forgery" website designed to collect personal information (in this case, a spoof of PayPal's log in).

This is what the Firefox notice appears like:
374245c0a99565c5d.jpg
 
But how many of those phishing sites are reported to firefox? If I understand that correctly it has to be reported before that warning pops up.

Either way, it is brilliant. Knowing too many people who could easily be fooled into giving away their name and address.
 
I highly recommend a little product called SiteAdvisor. It puts a little monitor button in your browser that tells you, for each site you visit, whether they try to hijack your browser, send you spam, link to other bad sites, have dangerous downloads, etc.

It even adds a little warning within your Google and Yahoo search results pages. For an amazing time, try installing it and then do a Google search for "screen savers". Nine of the first ten results are sites that try to get you to install a dangerous program on your computer!
 
NorwegianSquirrel said:
But how many of those phishing sites are reported to firefox? If I understand that correctly it has to be reported before that warning pops up.
Click to expand...

If you inspect the HTML ("View Code" or whatever Billy's boys use) you can see that he actual url does not match the one displayed. It should not take terribly clever programming to report this.

NorwegianSquirrel said:
Either way, it is brilliant. Knowing too many people who could easily be fooled into giving away their name and address.
Click to expand...

Sad but so true. Us old Usenet users kept on trying to tell people not to use HTML for e-mail.
:boggled:
 
Gord_in_Toronto said:
If you inspect the HTML ("View Code" or whatever Billy's boys use) you can see that he actual url does not match the one displayed. It should not take terribly clever programming to report this.
Click to expand...

The "actual URL" is not included in the HTML - not even in the headers. Viewing source will not help you. Inspecting the HTML will not help you.

Sad but so true. Us old Usenet users kept on trying to tell people not to use HTML for e-mail.
:boggled:
Click to expand...

I remember when I would tell people with complete confidence, "No, silly, you can't get a virus from email. It's not code!"

sigh.

At any rate, all these phishing toolbars work the same way: you send EVERY SITE YOU VISIT to the "controlling authority" -- whoever provides the toolbar, who then checks it all out and tells your browser what to do.

That's right; for any of these tools EVERY SITE YOU VISIT is reported to them.

I don't like that. Not only that, but there's nothing keeping them from taking even more data... you odn't knwo what that program does, do you? No. Plus, if the website is poorly designed, your valuable private data might be exposed in the URL. Plus, the hottest type of scam right now is cross-site-scripting, which uses THE ACTUAL BANK WEBSITE to steal your credentials. There's no way to win when you're putting your login information into the RIGHT SITE and it's being given to scammers.

Anyhow. Think twice about this kind of "protection."
 
scribble said:
The "actual URL" is not included in the HTML - not even in the headers. Viewing source will not help you. Inspecting the HTML will not help you.



I remember when I would tell people with complete confidence, "No, silly, you can't get a virus from email. It's not code!"

sigh.

At any rate, all these phishing toolbars work the same way: you send EVERY SITE YOU VISIT to the "controlling authority" -- whoever provides the toolbar, who then checks it all out and tells your browser what to do.

That's right; for any of these tools EVERY SITE YOU VISIT is reported to them.

I don't like that. Not only that, but there's nothing keeping them from taking even more data... you odn't knwo what that program does, do you? No. Plus, if the website is poorly designed, your valuable private data might be exposed in the URL. Plus, the hottest type of scam right now is cross-site-scripting, which uses THE ACTUAL BANK WEBSITE to steal your credentials. There's no way to win when you're putting your login information into the RIGHT SITE and it's being given to scammers.

Anyhow. Think twice about this kind of "protection."
Click to expand...

I'm by no means a expert on phishing technologies but, if the url is not in the code, how is it generated?

I'm still running OS/2 (actually its current incarnation as eComStation). Although, IBM finally dropped support in December 2006 there is some reasonably active third-party development still going on that manages to keep browsers and such up to date. At some point I suppose it will cease to be a viable option. Until then I really don't worry about viruses, trojans, and other Winevils. :D

I've been in the computer business so long that I'm still waiting for the bugs to ironed out of on-line banking! :covereyes
 
As a side note the Mozilla client Thunderbird also has this capability in regards to email also. It is quite useful and has saved me many a time.
 
Gord_in_Toronto said:
I'm by no means a expert on phishing technologies but, if the url is not in the code, how is it generated?
Click to expand...
The URL is what you send out to get to the site. It will be contained in the source of the link you came from (assuming you clicked on a link). The page you arrive at will not need to have it's own URL in the HTML for that page.
 
RecoveringYuppy said:
The URL is what you send out to get to the site. It will be contained in the source of the link you came from (assuming you clicked on a link).
Click to expand...

Yes. The url I click on contains an Internet address of the form domain.natl_id. This gets "translated" at the closest DNS server and the numeric IP address (of the form 000.000.000.000) is used to route my request to the corresponding site where an attempt is made to connect to the right port number depending on the header information in the packets I send. If the receiving site accepts the request for connection, then I am connected to the web page I clicked on.

The page you arrive at will not need to have it's own URL in the HTML for that page.
Click to expand...

If you mean that the request may be redirected to another page, well sure.

If I do a WHOIS on the original domain name I get the owner and registration of that domain. That's when I see that it is not mybank.ca in Montreal but owned by some one in Alongwayawayastan.

(various simplifications have been made).

Yes? No? I'm not trying to be argumentative. I know I'm not an expert. :D
 
No, I simply mean that "View source" won't necessarily show you the URL for the page you are visiting. And even if it claims to it could be lying.

Back in post 7, where were you proposing to do a "view source" and what would you look for? A "View source" on the referring page might reveal a faked URL if the phisher is sloppy enough to embed it in the HTML rather than the a script, or actually use a name rather than IP address.

Generally "view source" doesn't give any information about phishing that you can't get more reliably from the address bar.
 
Last edited:
RecoveringYuppy said:
No, I simply mean that "View source" won't necessarily show you the URL for the page you are visiting. And even if it claims to it could be lying.

Back in post 7, where were you proposing to do a "view source" and what would you look for? A "View source" on the referring page might reveal a faked URL if the phisher is sloppy enough to embed it in the HTML rather than the a script, or actually use a name rather than IP address.

Generally "view source" doesn't give any information about phishing that you can't get more reliably from the address bar.
Click to expand...

Ah. Light dawneth. Of course I am look at the source on the referring page or e-mail message. What did you think I was talking about? I look for a url that does not match the associated text description.

As far as "get more reliably from the address bar", I suggest you do a Google search on "address bar spoofing".

Don't click on the url. Check the source code in the e-mail first.
 
I thought you were suggesting "view source" on the phishing site, but I asked because I wasn't sure. I also thought you were trying to suggest a way that would avoid submitting all your web requests to a third party for verification.

Rejecting all URLs that don't match the associated text description is still a bit simplistic. All my legitimate e-mails with links from sites I frequent would fail that test. There's never an exact match. Most legitimate sites will "decorate" the link in some way.

I would think that using "view source" to identify phishing isn't going to help many people. Those that would know how to read the source are already going to be clued in by some other oddity about the message. Others aren't going to know where to find the URL and don't have the URLs of their important sites memorized anyway. Those people should bookmark their important sites and only access them that way.
 
Darat said:
Opera has the same type of feature.




(I had to sorry.)
Click to expand...

You are not alone...


Someone has really thought how to make Opera really user friendly.

Oh how I miss the mouse gestures at work on IE... for example.

Jim
 
You must log in or register to reply here.

Back
Top Bottom