SpoofGuard is an Internet Explorer plugin that tries to keep users from spilling their personal information to phish sites:
SpoofGuard uses domain name, url, link, and image checks to evaluate the likelihood that a given page is part of a spoof attack. For example, a page with a suspicious url such as etrade-maintenance.suspicious.org or www.etrade.com@129.170.213.101/ maintainance.asp and an E*Trade logo will have a higher spoof index than a page with neither of these characteristics. SpoofGuard also uses history, such as whether the user has visited this domain before and whether the referring page was from an email site such as Hotmail or Yahoo!Mail. Most importantly, SpoofGuard intercepts and evaluates user posts in light of relevant history and the spoof index of a form page. SpoofGuard examines post data user name and password fields and compares posted data to previously entered passwords from different domains. This mechanism warns a user against sending her E*Trade password to a site with an E*Trade logo but outside the etrade.com domain, for example.
Users who click on links in phishmail will get pop-ups of the "Are you sure? Are you really, really sure?" variety as they try to enter their credit-card numbers or other information.
Hmm. Looks like it's time I added a phish resources page to our Security downloads area.
Back to CompendiumPost a comment
