Thanks to everyone who has reported sites so far.
A new version of the toolbar is now available, with extensions including easy to see site risk ratings, faster browsing, and support for enterprise desktop rollouts.
In addition to blocking known phishing sites, the Netcraft Toolbar now displays a Risk Rating for all new sites it encounters. The Risk Rating - a user-friendly visual summary of the information displayed by the toolbar - evaluates new sites against characteristics of the phishing sites reported to date. Sites which are deemed safe will show a low Risk Rating, while riskier sites will show higher ratings based on a number of factors.
The above example shows a web site used to recruit people to withdraw money from compromised bank accounts. Although the site contains plausible content, the Netcraft Toolbar assigns a high Risk Rating because it is hosted under a newly registered domain, the site has never been seen in the Netcraft Web Server Survey, and the Chinanet Hebei Province network has hosted other fraud sites in the past.
The ratings will evolve and adjust automatically as phishers change their behavior, and along with pre-emptive blocking of cross site scripting, are particularly helpful to people who receive a phishing mail early on, before it has been reported by someone else in the community and blocked.
Protecting Enterprise Networks
The new version of the toolbar can now be run by ordinary Windows users without administrator or power user privileges. This new feature makes it simpler for administrators to deploy the toolbar across enterprise networks, offering real-time protection against phishing threats through automatic updates of the blocklist and Risk Ratings.
The list of sites blocked by the community and validated by Netcraft is also available as a feed suitable for proxy servers mail servers. Please contact us email@example.com for details.
Customized Branding and Navigation
Customized versions of the toolbar are available, providing banks, brokerages, credit card companies and ISPs a powerful tool to protect their customers and networks from Internet phishing scams while simultaneously building customer loyalty.
The toolbar can be branded with your logo and customized navigation links, served dynamically from the central server, giving clients the ability to update the toolbar to highlight new services, and other timely customer communication. Over and above the fraud fighting attributes of the toolbar, it is an extremely attractive branding and customer loyalty mechanism, as it keeps the clients' logo and services on screen throughout the time the customer spends using the Web.
The cost per user is very favorable when compared with traditional web advertising, while the branded toolbar maintains contact with the user throughout the time they spend using the Web. If you would like to have a version of the Netcraft Toolbar branded for your organization, please contact us firstname.lastname@example.org for details.
Installing the Netcraft Toolbar
Downloading and installing the Netcraft Toolbar is quick and simple:
- Follow this link to download the toolbar.
- When you see a prompt asking if you want to open the file or save it to your computer, press the "Open" button.
- The Netcraft Toolbar Setup Wizard will now appear. Follow the on-screen prompts to install the toolbar.
- Open Internet Explorer and click the right-hand mouse button over the toolbar area.
In the menu that appears, ensure that there is a tick next to the
'Netcraft Toolbar' item. If there is not, click the left-hand mouse button
over the item and the toolbar should appear.
Using the Toolbar Effectively
The Netcraft Toolbar provides you with constantly updated information about the sites you visit as well as blocking dangerous sites
Once the toolbar is installed, Internet Explorer should look similar to this:
- As you can see, the site used in this example is http://toolbar.netcraft.com.
When you visit a site, the following information will be displayed in the toolbar (unless the page has been blocked, like this one):
- The "rank" (popularity amongst toolbar users) of the site, linking to the top site listings.
- A link to the site report for the current site.
- The flag (if available) and the two-letter ISO code for the country in which the site is hosted; in this case it is hosted in [UK] (United Kingdom).
- The name of the netblock on which the site is hosted (in this case, the Rackspace.com Netblock). This also links to a listing of sites on the same netblock.
If you attempt to visit a page that has been blocked, you will see a warning dialog which looks similar to this:
Getting the Most from the Netcraft Toolbar
The toolbar provides you with a wealth of information about the sites you
visit. This information will help you make an informed choice about the
integrity of those sites. Here is a brief list of points you should be aware of
when visiting a site which requires you to enter personal information of any
- Look at the toolbar to see whether the site's netblock is registered to the company you expect.
- Look at the country code and flag on the Toolbar to check that the site is hosted in the country that you expect. There is a list of countries which are often used to host fraud sites here.
Request a site report on the site:
- Who is the site's domain registered to? Be suspicious if this is not the organisation you expect.
- Who is running the DNS and reverse DNS for the site? Be suspicious if these are not run by a host in a domain controlled by the organisation.
- How new is the site? All other things being equal, the longer a site has been around, the more you can trust it. "New Site" means the site you are currently visiting has not been seen before by the Netcraft Web Server Survey. This indicates that the site is probably less than one month old. Phishing sites spring up overnight and disappear just as quickly, and you should be extremely suspicious if you see this when visiting what you believe to be a trustworthy site.
- Does it have an SSL Certificate? Bank sites that take authentication details will do this over SSL. Details of the SSL Certificate (if any) will appear in the site report.
- Is the site in the DNS? If the site has no hostname or domain name and is a raw IP address be very suspicious.
- If you are convinced that the site is a phishing site, please report it. If you are unable to report the URL via the toolbar site, please send us the entire mail message intact as an attachment. If you use Outlook you can do this by composing a new mail to email@example.com and dragging the fraud mail on to it as an attachment.
- Netcraft will send a reward to the first person to report each new phishing site.
Note that the Toolbar shows that the site is hosted in the USA, at "Inktomi Corporation", and that the site is new. The real SunTrust web site is hosted in the USA at SunTrust Service Corporation.
Comparing the site reports is also telling; the fraudulent site's report contains many 'unknowns' whereas the site report for the real SunTrust web site shows plausible domain registration and DNS details.
You can find out more about reporting URLs in the tutorial on reporting a suspicious URL.
Reporting a Suspicious URL
When you visit a page that you believe to be a phishing site, or contains fraudulent or deceptive content, we ask that you report it so that other toolbar users will benefit from your vigilance. The more sites that are reported, the more useful the toolbar will become for everyone.
You can report a URL by clicking on "Report a Phishing Site" in the toolbar menu, accessed by clicking on the Netcraft logo:
After you report a URL, Netcraft analysts will examine the report and block the page if they find it has inappropriate content.
You can practice blocking an attack by:
- Requesting a sample of a fictional phishing attack mail.
- Visiting the URL contained in the mail that you receive.
- Click on the Netcraft logo in the toolbar.
- Select "Report a Phishing Site" in the menu that appears.
- URLs from fictional phishing attack mails will be blocked automatically.
- You can test that the URL has been blocked by re-visiting it after reporting.
It also mobilizes the Netcraft community into a giant neighbourhood watch scheme to empower the most alert and experienced members to protect the vulnerable against fraud and phishing attacks.
Toolbar features include:
- Clear display of sites' hosting location at all times helps you validate fraudulent urls (e.g. the main online banking site of a large US bank is unlikely to be hosted in the former Soviet Union).
- Once you report a phishing URL, it is blocked for other community members subsequently accessing it. The leverage of widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) is utilized to expedite blocking of the fraud site.
- Natively traps cross site scripting and other suspicious urls containing characters which have no common purpose other than to deceive.
- Netcraft supervisor validation is used to contain the impact of any false reporting of urls.
- Display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls to disguise location.
- Happily coexists with Google and other Toolbars.
If you would like to have a version of the Netcraft Toolbar branded for your organisation, please get in touch. The toolbar can be used to keep your site navigation within view of your customers throughout the time they spend using the web. Dynamically updating navigation provides the facility to change urls or menu structure and bring & new and temporal information to customers' attention at any time.
- fewer outages – no one wants to be on a network that suffers frequent loss of connectivity.
- Shorter outages - customers will be more tolerant of short outages which may be operationally difficult to avoid;
- faster response times - the shorter the response times, the better.
Netcraft is now publishing articles via an RSS feed which is available at http://news.netcraft.com/index.rdf.
Postings to the mailing list will also become more frequent, with articles continuing to cover technology adoption, security, hosting, and Netcraft services.
Posted by Mike Prettejohn in Netcraft Services
Your link here? Advertising on the Netcraft Blog