Just now, while I was on twitter, I received a tweet saying “Now, This is serious.. online banking fraud! http://bit.ly/W8WD4 ‘, So out of curiosity I followed that link to the blog post. It was, as it said, was about a phishing site. The post was Now this is serious!!! by Arnab Mitra on his blog Intelligent Marketing . In the post the author Arnab Mitra described his experience about Online Bank fraud. He first receives a mail (gmail filters failing )
(Image Courtesy- Intelligent Marketing - Now this is serious!!! by Arnab Mitra)
This mailer did look exactly like an alert from his bank, which needed an urgent attention. So he clicks on the link provided in the mail ( link: https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N
This link actually shown is the correct bank link but actually it links to http://www.french-eng.co.uk/tmp/cache/indexx.html )
And if you click this link in FireFox, it allows it and looked exactly like the real banks page-
(Image Courtesy- Intelligent Marketing - Now this is serious!!! by Arnab Mitra)
So curiously I also tried it in Firefox which took me to this and when clicked on Personal Button opened the site as shown above, So Firefox failed to detect this phishing site.
Now I tried in my default Browser- My Internet Explorer 8, Yes IE8 !! And when I clicked on the link it took me to this -
(Click on the image to enlarge)
IE8 blocked the site and it clearly warned ‘This Website has been reported as unsafe’ and recommended not to continue to this web site. This is one example of Security feature in IE8.
Any common person who might have received this kind of fraud mail is most likely to fall in this trap. The author Arnab Mitra was attentive enough to have noticed this, though Firefox allowed it. I have heard and had seen screenshots of such sites earlier also, in that case ICICI only but after reading the blog post by Arnab, I also decided to try it. Thanks to Arnab, I’m also carrying his blog post forward and alerting people of such Phishing sites. I request to make use of IE8 which is one of the Safest browser. I always use IE8 for Online Transactions without fail. So this is why one should use IE8 . You can get IE8 from here , and its Free !
Recently I also had come across a post from IE8 team : Real-World Protection With IE8’s SmartScreen Filter™ which said -
“………However, phishing remains a prevalent and important threat to users as well. We’re continuously making improvements to our data sources and intelligence systems that deliver phishing protection. This continuous investment keeps IE in the market-leading position it established with the release of the Phishing Filter in IE7. Since then, Internet Explorer 7 and 8 have blocked over 125 million phishing attacks.
The newest NSS study included a test pass for phishing blocks. NSS Labs reported the following block rate for major browsers:
You can view the full NSS study at http://nsslabs.com/browser-security.
And this was a real world example where one can be easily cheated if he is not using IE8 or is not attentive enough.This is one of the reasons, why one should use IE8. Thanks IE8 !
3 comments:
Good post. I wish more people knew about IE8's top notch security measures.
It's too bad that most people that use non-IE browsers will always doubt the security of IE.
Yes, I agree and this is real life example.
I initially thought this was a tongue-in-cheek post - but later on saw that you are serious. Of course it is your bank account and your money and all that, but let me tell you one thing:
- Phishing sites are detected by checking them against a master list.
- The master list is maintained by the browser vendor.
- The master list is updated when users report phishing sites.
So, if you found an IE-only phishing site, it only means that an IE user reported that site before a FF user. Had you waited for the 30 minutes it takes to refresh the block list, the site would have been blocked in FF too.
Anyone who recommends any version of IE over Firefox has to have his head examined. A Microsoft-sponsored study does not prove IE's superiority, you know - look at the real-world examples that are around you.
Seriously.
Post a Comment