My Secuire UI post will have to be postponed until Monday.  Meanwhile, I got a name for the idea: Phishmark.  I am also planning to write a small downloadable client that implements a simplified version of the idea.  Since I am in the naming mood, I named it PhishGuard.  I'll probably throw other related ideas into … Continue reading Phishmark and PhishGuard →

Two must-have features I am planning to add to PhishGuard are: Require the user to approve hyperlink activation from within e-mail clients using a security dialog that clearly displays destination URL. Disable all hyperlinks in e-mail clients Implementing these two features for just Outlook and Outlook Express should stop most phishing attacks on Windows platforms.  It's a brutal solution, … Continue reading Cleaning Phish with a Hammer →

This morning, I got a phishing e-mail pointing to: http://www.securecitibank.us It won't be long before domain name registars are forced to treat phishing target names specially to prevent this sort of things from happening. PhishGuard TODO: If a link's textual content appears to be a URL yet differs from the link's URL, flag it as … Continue reading Phishy Domain Names →

In Payments News, Scott Loftesness points to a Stanford research project that does what I intended to with my PhishGuard project.  Similar in both name and form, SpoofGuard is an IE-only browser plugin that helps the user against phishing attacks.  They have also made open sourced SpoofGuard so many similar plugins are likely to appear soon. Update … Continue reading SpoofGuard →