Malware

How do I prevent phishing attacks in Firefox 3?

Jack Wallen shows you how to prevent phishing attacks with extra preventative measures that you can add to Firefox.

The term phishing should evoke either fear or caution in your heart. Phishing is using a false Web site (masquerading as another, friendly site) to acquire sensitive data from users. Most often this occurs on sites that require users to enter information such as credit card numbers or bank account information. Usually the users have no idea that their information is being fed to a malicious site.

Phishing evolved from the older phreaking, which refers to a subculture of people who exploit the telecommunications systems. It has evolved to such a state, however, that it is much more than a subculture. Phishing now occurs on a daily basis, resulting in millions of dollars of stolen wealth.

Fortunately newer browsers have become much smarter than what they used to be. Firefox 3 contains an anti-phishing system that is fairly good at catching phishing attempts. But just because Firefox has built-in anti-phishing technology, doesn't mean you (and your users) should become complacent. In this How do I, I show you how you can add extra preventative measures to Firefox to combat phishing attacks, as well as test your browser to make sure it is actually catching attempts.

This blog post is also available in PDF format in a free TechRepublic download.

Built-in feature

Before we get into adding anything extra, let's take a look at what Firefox offers by default. The built-in feature works by checking the site you are visiting against a known list of malicious sites. This is all based on the Google Safe Browsing Protocol (Protocolv2Spec).

By default this feature is turned on; however, if you want to make sure it is turned on, open the Preferences window and click on the Security tab (Figure A). From within this tab you should see that both Block Reported Attack Sites and Block Reported Web Forgeries are checked. If either check box is unchecked, make sure you check it and close the Preferences window.

Figure A

You can also make sure the check box for malware (Warn Me When Sites Try to Install Add-Ons) is checked.

There are no configurations to take care of for the built-in anti-phishing measures. But what if the default isn't enough? No matter how good the defenses are, those who want to get around them eventually will. So in this case the adage "less is more" doesn't necessarily apply. So what can you do?

The first thing you should do is install the Petname Tool add-on, which allows you to give all the protected sites you visit pet names that are added to the cryptographic identifiers. Once you have done that, when you visit that site again you will see the pet name you gave the site in the small Pet Name window on your tool bar. To install Petname Tool, follow these steps:

  • Open your Add-Ons window.
  • Search for "petname" (no quotes).
  • Select the Petname Tool add-on and click the Install button.
  • Restart Firefox.
Now that it is installed, you will see the Petname Tool bar. Most likely this bar will be to the right of your Search bar, as shown in Figure B.

Figure B

By default all sites will be titled "unknown site" until they are given a pet name.
Let's walk through adding a pet name for Paypal. With the Petname add-on in place, visit www.paypal.com and then enter "Paypal" (no quotes) in the Petname Tool bar and hit Enter. Once you have entered that pet name, you will notice when you click the Petname folder (located on the Bookmarks toolbar) the Paypal pet name will appear (Figure C).

Figure C

You can give your sites pet names that do not have anything to do with the actual site; just make sure you remember what name you have given them.

After you have given the site its pet name, go back to the site and check the Petname Tool bar. You should see the pet name appear. If the site was a phishing site masquerading as your site, the pet name you have given the site will not appear.

Testing Firefox

You can also test Firefox to make sure the phishing prevention is working. What you need to do is go to the It's A Trap Web site. If you see the warning shown in Figure D, Firefox is protecting you.

Figure D

If you click Ignore This Warning, you will see the regular "It's a trap" Web site.

Netcraft Tool bar

Another such tool is the Netcraft Toolbar add-on, which takes a very different approach to the problem. The Netcraft Toolbar (Figure E) installs a tool bar that shows risk ratings and site rankings and provides a report link (which gives you the Netcraft information about the site -- not the ability to report a malicious site). Also on this tool bar is a drop-down menu where you can select to report a site. Editor's note: The installation process for the Netcraft Toolbar add-on is essentially the same as it is for the Petname Tool bar.

Figure E

You can report both a site or a site that has been incorrectly labeled as a blocked site.

The most important feature of this tool bar for users is the Risk Rating. This bar will be either Green (if the site is a low risk) or Red (if the site is a high risk). There are a number of factors that go into calculating the site's risk. The primary factor is age of site. So you can be visiting a site you KNOW is safe (it could even be your own site) but is getting a high risk because it is a relatively new site. Regardless of why, it's always best to play it safe on high-risk sites.

Final thoughts

Phishing is a practice that will most likely not go away, so it is always best to have as much protection in place as possible. With two outstanding add-ons and built-in protection, Firefox takes on phishing attacks with strength and reliability.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

11 comments
zage
zage

Check the free service that is included in both version (free and paid) of the Comodo Internet Security. It got some feature as it helps in the address resolutions by using their fully redundant DNS servers, also it reduces your exposition to DNS Cache Poisoning attacks, and problems with domains are auto detected and forwarded. I'm using the free version of this software for long time and it does the job the same or maybe better than any paid solution. Also check this site for free info of Firewalls and Security: http://www.matousec.com/

NickNielsen
NickNielsen

Petname appears to have installed correctly. The Petname box is present, but I am unable to do anything with it. The Options button in the Add-Ons window is also grayed-out. I've disabled it for now and will check help files and FAQs when I get the chance. It's possible there's a conflict with another add-on. FF 3.5.7 on Windows XP SP3 (yes, I know, but it's the corporate box, okay?)

d1david
d1david

The sad part is that "Reported Web Forgery" isn't always true. They need to add a button that reports erroneous Flags or pop-ups such as that. I've come to completely mistrust those warnings because I've gone to some sites for years, and all of a sudden I was prevented to. What makes it even worse is that some Firewall programs pick that up and prevent you from reaching the site. I even had to shut down my Firewall to reach one site. One was a member only site that has been around for years. Nothing has ever been uploaded to my computer or taken us to a different site, which makes me believe that such report is either in revenge or a joke. Such warning only have to happen a few times (crying wolf) and then it becomes a matter of mistrust in the validity of such warning pop-up.

Ron K.
Ron K.

We use the free McAfee Site Advisor, available under the download link on this page: http://www.siteadvisor.com/ It flashes an obvious red warning when you browse to a page known for malicious links, software and scams. It also highlights known bad links when using popular search engines. If you click SA's icon next to red highlighted search link you'll be taken to an SA page telling you why the link is 'bad' so you can decide if you want to risk it visiting it or not. I've found that you don't have to Stumble very long before seeing the warning. Site Advisor is also available as an add-on for Internet Explorer and I wouldn't use IE without it. I keep my cursor on my IE home page icon when browsing to a new link and if SA flashes red I click to go home immediately. I have my home page set to a blank page so there's no time lost.

yoramnis
yoramnis

Google approach to block known phishing and malware sites is good but it is a partial solution. The complete solution includes more components. I found the best available solution from CallingID (www.callingid.com). It includes the following: 1. Before visiting a site you can get instant information about a link (for browser searches, email messages and instant messaging) 2. Shows the owner of the site that will receive your data, where it is located and risk assesment (whether it is safe to send personal information there) 3. Automatically detects phishing sites in real-time 4. Protects from sending sensitive data to suspected sites - detects automatically the destination of the data and when credit card number, password and confidential data is about to be sent to a suspected site provides a warning

Mark W. Kaelin
Mark W. Kaelin

What preemptive applications and add-ons do you recommend and/or deploy for preventing phishing attacks?

TobyG
TobyG

Excellent educational article! I think awareness is your best defense. Checking the sites certification, thru extended validation SSL is your best source of authentication. Remember not to jump from an email to a site. Here at Thawte we practice what we preach. Use good judgment and stay on guard.

tech_solutions
tech_solutions

Internet Explorer 7 and Firefox 3 have built in software for the detection and warning against phishing links. You can enable the browsers options with proper configuration. You can also consider the anti phishing tool bar in the browser. Some of them can check online lists of web-sites with known problems. You can also find the anti phishing software in some security software packages. This anti phishing software will be more useful with the regular updates.

Old Dodger
Old Dodger

Firefox 3.5.7 Windows XP SP3 I'm having the same problem even after rebooting - any other thoughts please?

NickNielsen
NickNielsen

I find that I still can't get to the options, but now, at least, I can enter the pet names for my secure sites. I have a sneaking suspicion that Petname doesn't like the FF update to 3.5.7. etu

Editor's Picks