Think you can spot a phishing site? Don't be too sure. A recent study determined that a well-constructed fake Bank of the West page fooled 90 percent of the study's participants, including some very technically sophisticated people. Fortunately, several tools can help ensure that you don't fall for such a con.A number of companies make free browser plug-ins that can detect phishing sites. Most give you a visual warning when you're on a site that's trying to pass itself off as something it's not. Some assemble a list of fake sites based on reports from users who've stumbled upon them. Others analyze the site's address to see if it's misleading: For instance, the URL might have "ebay" in it when it's not actually a part of ebay.com. Several toolbars use a combination of approaches.
The Netcraft toolbar is my favorite. It shows you who the site is registered to, and provides a "risk rating" that can help you quickly decide whether you want to enter your password. A close second comes from TrustWatch, which makes a toolbar for Internet Explorer that validates legitimate Web sites and, like Netcraft, can provide a detailed site report. TrustWatch's reports let you know whether the site is included on any blacklists of suspect sites and whether it uses SSL technology for secure transfers. TrustWatch also makes an extension for Firefox that embeds site-report links in Google search-result pages.
Other good options abound. The EarthLink Toolbar with ScamBlocker alerts you with a pop-up message when you visit a site that has hosted phishing attacks. (You don't need to be an EarthLink subscriber to use the tool.) Corestreet's SpoofStick helps clue you in to a phishing site by putting the domain name of the site that you're visiting in huge, bold letters in IE's toolbar. Cloudmark's IE Toolbar automatically blocks sites known to host phishing scams. And eBay offers a toolbar equipped with an Account Guard feature that warns you if you're about to enter your eBay or PayPal password in a fake Web site's log-in page.
The phishing study cited above, however, found that a quarter of participants didn't look at phishing clues already present in browsers, like the padlock icon and address bar. These days it doesn't pay to be asleep at the wheel as you cruise the Net.