Spam Slayer: New Tools Fight Fraud and Phishing
At a Glance
Tip of the MonthDouble-check those check boxes when you sign up for Web stuff or register software. The boxes are often pre-checked, giving the company consent to spam you or allowing it to share your e-mail address with third parties. Look closely because sometimes the check boxes are not in plain view; you may have to scroll up or down to make sure you don't get more than what you bargained for.
Spam volumes have been holding steady so far in 2005--accounting for 87 percent of all e-mail, according to anti-spam firm Postini--but the number of phishing scams delivered to our inboxes is on the rise. Financially motivated phishing scams now account for 10 percent of spam worldwide, up from 4 percent last year, according to anti-spam firm Commtouch.
Phishing attacks come in the form of e-mails designed to look as if they are from a legitimate bank or retailer. They trick consumers into entering credit card numbers, banking information, or other sensitive data at counterfeit Web sites. Because phishing e-mails can look so convincing, many get past spam filters.
I took a look at three anti-phishing security tools designed to keep you one step ahead of scammers: Cloudmark's Anti-Fraud Toolbar, Comodo's TrustToolbar, and Phishing.net's Clear Search Anti-Phishing.
Each of these programs works differently. Cloudmark's Anti-Fraud Toolbar relies on a blacklist of sites it warns you not to visit, while Comodo uses a whitelist approach, notifying you that the site you are visiting is safe. Clear Search uses 35 characteristics to analyze sites and e-mail messages to determine if they are legitimate or bogus.
None of these companies guarantee their programs are 100-percent foolproof. However, just as with antivirus software, using an anti-phishing program significantly reduces the chances of falling victim to an online scam.
Cloudmark Bets on a Blacklist
Cloudmark is offering a free beta version of its Anti-Fraud Toolbar, a simple 2.6MB download that works with Microsoft Internet Explorer. The Anti-Fraud Toolbar blocks you from visiting both known phishing sites and questionable sites operated by spammers. (Cloudmark says the official release of its toolbar is slated for late June; pricing has not been released.)
In my tests the Anti-Fraud Toolbar did an adequate job of keeping me away from phishing sites; it did an even better job of blocking me from visiting links sent inside spam e-mail messages. For example, I received an e-mail advertising a get-rich-quick scheme. When I clicked on a link inside the message, instead of finding out how to earn $20,000 in one day, I received a warning: "Cloudmark has blocked this page from viewing because the Cloudmark Community has rated it as containing content that is dangerous and harmful to your system and could put you at risk for identity theft or phishing attacks."
This get rich-quick-site was not a phishing site, but it's not one that Web surfers should visit. By visiting links advertised in spam messages, you often earn money for spammers. Spammers make money by displaying ads or delivering traffic to a specific Web site. I like the fact that Cloudmark protects not only against phishers, but also against spammers.
If I really wanted to visit that site, I could override Cloudmark's warning and click a link that would take me to the Web page.
The Anti-Fraud Toolbar draws on the community of 1.3 million Cloudmark SafetyBar users. SafetyBar, a $40-per-year service for Microsoft Outlook and Outlook Express users, adds Block and Unblock buttons to the e-mail clients. It records which messages users block and sends that data to Cloudmark, which adds the information to a blacklist database it shares with the Anti-Fraud Toolbar.
Unfortunately Cloudmark's reliance on a community of people doesn't always work to keep you from visiting a phishing site. For example, the Anti-Fraud Toolbar did not stop me from going to a phishing Web site sent via a fake EBay e-mail that requested I update my credit-card information. I suspect the Cloudmark community had not yet identified the site as bogus. I tried the same link later in the day and the phishing site was no longer operational.
Despite Cloudmark's failure to identify the fake EBay site as bogus, the toolbar does have an additional feature for protection: It rates sites as either Good, Unknown, or Unsafe. When visiting a known legitimate site you see a green Good smiley face on the toolbar. While I was not blocked from visiting the fake EBay phishing site, the toolbar did identify the site with a yellow Unknown icon, which should be enough to warn me to be skeptical.
Certified Safe: Comodo's Whitelist Approach
Comodo's TrustToolbar, a free plug-in for Internet Explorer, takes a different approach to protecting users from phishing: It verifies a site as authentic when you visit it. TrustToolbar looks up the Web address of the site you're visiting and cross-references it against a list of approved sites.
The master list of approved sites comes from what Comodo calls its IdAuthority. The IdAuthority is a Comodo affiliate company that maintains a database of 20 million whitelisted sites. It says that 250 third-party entities regularly update the database with Web site information.
If Comodo recognizes a site, the TrustToolbar displays the name of the company that owns the domain. You can click on the toolbar to research further and check the name, address, and sometimes even the phone number of the company that is behind the site.
If the TrustToolbar doesn't recognize the site you're visiting, it displays a simple warning: Unregistered, a label that can lump legitimate, but unknown sites together with fraudulent sites. For example, TrustToolbar placed both a friend's personal Web site and a phisher site in the same Unregistered category. Both sites were assumed guilty until proven innocent--a reasonable assumption considering the number of scammers on the Web.
However, TrustToolbar did properly identify EBay, my bank's Web site, and my credit card company's site as Registered. This reassures me that I'm dealing with the right site.
Clear Search: No Clear Answers
Clear Search Anti-Phishing takes a third approach: Instead of using blacklists or whitelists to gauge a site's credibility, this $40-per-year subscription service (with a free trial) analyzes the sites you visit and the e-mail you receive. Clear Search examines 35 characteristics of e-mail and Web pages, looking for phishing related activities such as:
- A site that delivers a pop-up completely unrelated to the Web page it's on.
<br /><br />
- A site that requests account information but is not protected by Secure Socket Layer encryption technology. SSL is a common protocol for managing the security of data transmission on the Internet.
<br /><br />
- An e-mail message containing a link that doesn't match the URL associated with it.
<br /><br />
- A Web address that is spoofed, via techniques that include placement of an "@" sign in the URL or the use of hidden characters, also known as punycode.
<br /><br />
If the e-mail message or Web page contains one or more of the Clear Search problem characteristics you are warned with a color-coded pop-up Phishing Alert. A yellow message means you should proceed with caution, while a red message warns you to stop.
During my tests, Clear Search delivered a red Phishing Alert when I viewed some problematic e-mails. One warning told me that the e-mail message I was looking at contained a viewable link that didn't match the actual URL associated with it. When I opened another message, a yellow alert warned me that the e-mail I was viewing had a spoofed link.
Unfortunately, Clear Search failed to identify many known phishing e-mails in my tests using the Outlook Express e-mail client. And when I viewed some Web pages with Internet Explorer, Clear Search failed to accurately identify a bogus EBay site and other phishing sites that ask for personal financial information. I tested the application on two different computers, and got the same results, leaving me dissatisfied with the program.
Clear Search representatives insist my problems were unique and that for unknown reasons the program wasn't functioning properly when I was testing it.
Because Clear Search Anti-Phishing doesn't offer a whitelist or a blacklist to tip users off to suspect sites, the program must be 100 accurate in evaluating a Web page. The technical problems I encountered keep me from recommending this product.
The Bottom Line
Internet crooks are evil geniuses: They always seem to be one step ahead of the good guys. That's why it's wise to scrutinize any Web page that asks for personal information. The good news is that Cloudmark and Comodo offer free tools that do a great job of flagging sites before you make a costly mistake. Personally, I like Cloudmark's Anti-Fraud Toolbar the best. Not only does it alert you to phishing sites, but it also blocks you from visiting sites that spammers link to, a move that takes a small bite out of the economic incentive for sending spam.
Q: How does this sound? It seems to me one of the best tools for us mortals and our ordinary e-mail requirements would be a program that would look at incoming mail addresses, compare the address with your address book, and return it as undeliverable if there is no match.
In other words, just keep addresses of people you want to communicate with in your address book. When all that returned spam junk builds up at the senders' end, they will soon tire of it.
A: This is a perfectly acceptable way many people block spam. Here is how you do it--minus returning the spam to the sender.
You can create a "Safe Mail" folder in Outlook Express as an effective spam filter. Right-click on Local Folders and select New Folder. Next select Tools, Create Rules From Message, and pair your address book and any other trusted e-mail addresses with your Safe Mail folder. In theory, spam will never make it into your Safe Mail folder--only messages from senders in your address book. This also works with Outlook, Netscape, and various other e-mail programs.
Personally, I don't like this solution. My address book is a constant work in progress, and it seldom reflects the diverse group of new and old acquaintances I communicate with in any given month. For me it wouldn't work, but for others it may be a perfect way to stop spam.