July 2, 2008 12:26 PM PDT

Fight Phishing with Flagfox for Firefox

Posted by Michael Horowitz

A big part of phishing scams and identity theft is fooling people into thinking they are on one website when they are actually somewhere else. The technical tricks to accomplish this include lookalike and phony domain names, zapping the hosts file, tricks with URLs and assorted attacks on DNS servers. What's a normal person to do?

Flagfox is an unobtrusive extension for the Firefox web browser that offers some assistance by placing a flag in the bottom right corner of the Firefox window. The flag (shown below) indicates the country where the website physically resides.


If you don't recognize the flag, hover the mouse over it and a yellow pop-up window (below) displays the IP address of the website and the country where it resides. If you normally deal with a bank, brokerage or credit union in, for example, the United States, and one day you notice the flag is from another country, you are not at the website you thought you were.


Of course this only goes so far. If a legitimate website is in New Jersey and a phony, phishing copy of it resides in New Mexico, the flag will still be American. Before doing anything sensitive, such as banking, click on the flag to open a new tab showing a map and more precise location information such as the city and state.


This is the physical location of the website, not of the organization or person represented by the website. Although in the case of CNET and CNET.com they are the same, this is not normally the case. The New York Times, for example, runs their website out of Colorado. The website of another New York City newspaper, the Daily News is in Texas. Our third local newspaper, the New York Post, hosts their site in Massachusetts.

In all but two cases that I tried, Flagfox was able to pinpoint a location based on the IP address. However, it didn't know where CNN.com or TomsHardware.com were located.

The point is to be aware of where the important websites that you deal with are located. Customers of Citibank, for example, would be safer if they verified that the website was in New York City before signing in.

But where are the bank websites? Only the banks know for sure. For example, my computer showed Citibank.com as being in New York City, but if my machine was compromised, I could be looking at a scam site imitating Citibank while the real site is elsewhere.

For Flagfox to be most effective, banks, brokerages and credit unions would have to publicize the physical location of their websites. I'll contact a few and see what they say...

Update July 2, 2008: If Flagfox can't locate a website based on the IP address, there are other options. Two websites that I've used often for this are www.ip-adress.com/ipaddresstolocation and www.ip2location.com/demo.aspx.

For more on this same subject, see my next posting Verifying legitimate bank websites

I recently wrote about another Firefox tweak Firefox 3: Expand the Site Identification button on HTTPS pages which also helps with verifying the true identity of a website.

See a summary of all my Defensive Computing postings.

Topics:

Phishing

Tags:

Firefox,

Flagfox

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
The main problem with Windows Vista
Foxit PDF reader v2.3 updated with bug fixes
Cringely's iPhone Gripes
A warning about IE8 and Windows XP SP3
Be safer than NASA: Disable autorun
Add a Comment (Log in or register) 9 comments
by brian_pellegrini July 3, 2008 4:14 AM PDT
Flagfox does not work with FF3.
Reply to this comment View reply
by ferno1188 July 3, 2008 6:21 AM PDT
Yes, it does
Reply to this comment
by JCPayne July 3, 2008 8:36 AM PDT
An easy trick to protect the HOSTS file....

Open it.... in a text based editor. Delete everything in it..... Save it... Then--- change the shares on it to "READ ONLY" then no files can change it.
Reply to this comment
by sjwilson42 July 3, 2008 8:48 AM PDT
Version 3.2.6 from Mozilla works with Firefox 3.
Reply to this comment
by dizzygill July 3, 2008 10:20 AM PDT
Doesn't work from behind a proxy. Should include pulling proxy info from the browser settings in a future release.
Reply to this comment
by newe1344 July 6, 2008 9:51 AM PDT
I'm not going to even notice that little flag after a while and it will do me no good. Nice thought though...
Mike,
www.personalsidekick.com
Reply to this comment View reply
by masigman July 10, 2008 7:29 PM PDT
I enjoy using Netcraft toolbar. Shazou is also very good, issuing a popup map when invoked.

Netcraft Toolbar 1.2
by Netcraft Ltd

Blocks phishing sites, helping to protect users from online fraud...
https://addons.mozilla.org/en-US/firefox/addon/1326



Shazou
by Chuck Durham

Finally mapping is integrated with the Firefox browser. The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing. Shazou was developed...

https://addons.mozilla.org/en-US/firefox/addon/2993
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
What you need in business class email.
Mailtrust

Click Here!
Never worry about email again. From mobility and shared calendaring to virus and spam protection starting at only $3 per mailbox. more>

Rackspace Mailtrust
Total Email Relief

We'll take care of your email so you can take care of your business.

14 Day Free Trial

With expert support 24x7x365 we guarentee 100% uptime. Try us for free for 14 days. Never worry about your email again.

Just $3 per mailbox

Choose the plan that is right for your company and only pay for what you need.

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    Google-focused satellite enters orbit

    The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Crossfade

    The Standard, 'A Different Skin': Free MP3 of the Day

    Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET