In Phishing Filters We Trust!

Lately the common place Internet browsers have all implemented some form of anti-phishing technology, including IE7, Firefox, Opera, etc. However, should the average user trust this security function to prevent them being a victim of a phishing attack?

We thought it would be an interesting exercise to see how effective phishing filters are after The Register published an article which highlighted a new phishing website (this is the actual website so click on it at your own risk). This website has been set-up by Nigerian scammers looking to fool people into believing it to be the real website of the Metropolitan Police.

So off we went and checked the website in IE7. WOW! It wasn’t a reported phishing website. Screen capture is shown below.

We have of course reported the website for inclusion with the IE7 Phishing Filter system. We’ll check later if the website is flagged as being a reported phishing website.

We did the same test with Firefox and Opera with the exact same result: the website wasn’t detected as being a phishing website with any of the common browsers.

Bottom-line: You can’t trust the antiphishing technologies implicitly. Sure they may warn you about the vast majority of phishing websites out there but they won’t provide 100% coverage. The users still needs to be educated on spotting these types of attacks and websites and shown what to do if they detect one.

Follow-up: It has been a few days and still IE7 doesn’t detect this webpage / doman as a phishing website. Thankfully, the website has been taken down.

Technorati Tags: antiphishing, con, Firefox, IE7, Internet Explorer, Opera, phishing, phishing filter, scam, security