I just thought of a decent anti-phishing scheme, which would probably make a good plugin for Firefox. Particularly useful for those sites that use unicode for evil.
The plugin would give you a button you can push that tells you if you're on one of a whitelist of sites. If you're not, and you thought you were, you're being phished. It would be tedious to whitelist every single site out there, of course. Mainly your important accounts (bank, paypal, email). Listing as many as 20 things sounds like it's worth my time for safety.
Another variation: a small popup (not a dialog you have to click on), or maybe a change of color of a widget on your browser, that comes when you are on a whitelisted site. Sounds a bit backwards at first, but really, you can't get warned when you're on a phishing site unless you have a perfect blacklist (and if there were one, there would be no use for my plugin). My thought is, eventually you'll get used to seeing the popup every time you're at on of your important sites. Then, one day you go to a phishing site. Because of habit, you'll hopefully think that something is a little off when the popup doesn't show, and take notice. Unlike the first variation, I think this variation could work for general carelessness, not just the unicode trick. You would probably combine the two, really.
No comments:
Post a Comment