MakeUseOf » phishing

45,000 Facebook Logins Stolen, Could Spread Malware [News]

Matt Smith — Sun, 08 Jan 2012 18:31:36 +0000

What do you do with a worm used for financial fraud when that gig starts to feel a little stale? You use it to steal Facebook logins and spam malware.

That’s what has happened in the case of Ramnit, a malicious worm that has been spreading via executable and HTML files since April of 2010 (yes, almost two years ago). Security firm Seculert recently noticed that it has begun to target Facebook users, stealing their login credentials. Most of the users targeted so far live in the United Kingdom and France.

While it’s impossible to know exactly why these logins were stolen, it’s fairly easy to guess. Compromised Facebook logins are an excellent way to spread malware or conduct phishing attacks. A simple wall post with a shortened URL can easily direct the friends of a compromised account to malicious websites. This can allow malware to spread or trick users into giving up personal information.

It’s also possible that victims with compromised accounts could have them used to grant access to other services. Many people use the same password for Facebook as they do for other sites including email and even online banking. In addition, most people list their employers on their profile, which opens up the possibility of attacks against governments and corporations.

Consider this a reminder that you shouldn’t use the same password for all your accounts. Also, it’s wise not to click through links on social networking sites without using a website or browser plugin that can reveal the link’s full URL, making it possible to verify that it goes where it claims.

Source: Ars Technica

Surprisingly Accurate Phishing Scam Targets Apple Customers [News]

Matt Smith — Wed, 28 Dec 2011 21:01:25 +0000

One of the most difficult threats to avoid is the phishing scam, which attempts to scam users by mimicking a trusted website, service or company. Fortunately, such attacks usually give themselves away with poorly written emails or badly executed fake sites, but a recent scam targeting Apple’s customers has gained attention for the opposite reason.

Victims are hooked by an official-looking fake email informing them they need to update their billing information with Apple. A link that appears to point to the Apple Store is included, but when clicked it re-directs users to a fake website that is apparently hosted on its own server.

To make matters worse, the fake site looks like a legitimate Apple login page. Only a support number that begins with a 0 instead of a 1 might alert users that something strange is going on. The site otherwise appears professional and is free of the grammar issues and improper or missing images that often give away such facades like this.

So what can you do to protect yourself? You could just avoid clicking email links, though that may not always be practical. Another idea is to pay attention to your URL bar to make sure that the proper URL appears when you visit a site. In the case of the fake site, the URL shows the IP address of the scammer’s server rather than the real Apple Store address. You could also use a security suite with built-in anti-phishing features.

For more tips on how to avoid these sorts of attacks, check out Danny’s article on common tactics that can help you avoid being phished.

Source: CNET

4 General Methods You Can Use To Detect Phishing Attacks

Danny Stieben — Sat, 17 Dec 2011 09:30:35 +0000

The internet is one of the best tools known to mankind to do basically whatever you want. But Facebook, Twitter, Gmail, Dropbox, Paypal, eBay, bank portals, and so many more sites have twins that are actually phish.

A “phish” is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account information is called phishing. While it’s very easy to spot some sites as a phish, others aren’t nearly as easy.

Here are four different anti-phishing methods you can use so that you don’t fall victim to phishing.

1. Use a Custom DNS Service

You need a DNS resolution service so that you can access all the sites that you go to. Your computer doesn’t automatically know where Facebook is (as far as its Internet address, or IP address, goes), so it needs to ask a DNS resolution service for that IP address. The good thing is, all Internet users have this service, thanks to their internet service provider. The bad news is that’s all they do.

Aside from name resolution, the DNS servers at ISPs do nothing else. However, there are some custom and independent DNS companies that do more than just name resolution. They can also filter sites based on content and malware/phishing concerns. There are many out there that can do this, but the most popular one (last time I checked) is OpenDNS.

2. Use Your Browser’s Phishing List

Did you know that modern browsers offer a phishing list? The browsers check the site you’re visiting against the list to see if it’s possibly a phishing site. If it is, your browser will start freaking out about it in your face like a good boy. For possible phishing attacks, why not throw out a big red page to warn you?

3. Use Sites To Check Links

In case you’re presented a link but you’re not sure about clicking it, you can copy and check it on a number of different sites. These can tell you whether there’s something bad about these sites, including malware and phishing. Where can you find all these wonderful sites that do this for you? Try checking out one of our articles on the subject.

4. Use Your Own Ninja Skills

This may sound like useless advice, but using your own skills to detect phishing sites can go a very long way as well, and may even protect you from phishing sites that haven’t made it onto any lists that would throw an immediate flag. There are a few things that you should look for to see if you’re being faked:

Look for a secure connection. This is usually identified by a green area in the address bar, along with https in the URL.
Look at the domain of the URL. If you don’t know what the domain of a URL is, here is an example: The domain of MakeUseOf is makeuseof.com, while the domain of PayPal is paypal.com, and so on. Look to see that the domain is as it should be, and not something bizarre.
Look at the site itself. If it doesn’t look exactly like the site you’re always used to, it may be a scam site. You can double check by opening a new tab and visiting the main page of the site you think you’re on (if possible). If they’re quite different, then you’re more than likely dealing with a phishing site.

Now that you’re equipped with these tips, you can take this handy little Phishing Quiz provided by OpenDNS where you are presented with screenshots of some websites. Some are real, while others are phish. You can take the quiz and see how well you do. Afterwards, you can see why a certain site is a phish and not real.

Conclusion

With these anti-phishing tools and tips, you are well equipped to spot phishing attempts and avoid them. Therefore, you’re much safer and your account information will remain private. If you feel enough like a pro, go and spread the word! The more people know how to spot phishing attacks, the better off they will be while surfing the internet.

How do you detect phishing sites? Do you think it is getting easier or harder to identify them? Let us know in the comments!

Image Credit: Shutterstock

What Exactly Is Phishing & What Techniques Are Scammers Using?

Matt Smith — Tue, 25 Oct 2011 15:31:07 +0000

I’ve never been a fan of fishing, myself. This is mostly because of an early expedition to a pond where my cousin managed to catch two fish with a bamboo pole, while the fancy fiberglass-reinforced rod I had caught me zip, zero, nada.

Similar to real-life fishing, phishing scams aren’t always best when they rely on advanced tactics, but there are many new techniques motivated by social networks. So what is phishing, and what should you be wary of?

The Basics of Phishing

According to Microsoft’s Safety & Security Center, phishing can be summed up as:

“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information”.

In other words, phishers are the Loki of the Internet. They’re tricksters. Often, the techniques used by phishers have absolutely nothing to do with exploiting zero-day threats. Instead, they exploit human psychology.

There is one point on which I disagree with Microsoft, however, and that’s their description of phishing as “a type of online identity theft”. This isn’t always the case. As I’ll explain in some examples of recent scams, phishing tactics are often used to simply harvest data or to trick people into purchasing a product.

Traditional Phishing

In many cases, Microsoft is correct. Many phishing attacks are attempts to steal personal information. Often, they do so using link manipulation and website forgery. The traditional example is an email that seems to come from a legitimate source, like your bank. It claims that there’s been some problem, or perhaps offers you a lower interest rate on a credit card. All you need to do is log in via the link in the email, which appears legitimate.

But it’s not. The link has been manipulated to look correct, but it actually redirects you to a forged website. Once you enter your login information, the phisher has it, and can use it to log in and use your account. Sometimes, the attack will go further and request you to fill in personal information like your social security number, credit card number, address, and so on. Identity theft is just a hop, skip and a jump away from there.

Traditional phishing can be combated by refusing to follow links in such emails. If you receive something from your bank that claims you need to log into your account, simply go to your bank’s website by entering the URL manually and then log in. In fact, some banks and other organizations no longer even send links to users precisely because doing so makes phishing attacks more effective, as users become confused about what is and is not legitimate.

You can also combat phishing using an Internet Security suite with anti-phishing features. These monitor your browser and look for signs that a website is a forgery. Extensions like Web of Trust can also be effective.

Phone Phishing

Within the last few years, phone phishing has become a popular tactic. I myself received a phone call last month claiming to be from the Federal Credit Union Administration, which said my debit card had been locked due to potential identity theft. All I had to do to rectify the situation was give them my debit card information so my account could be verified. Of course, it’s a total scam, and one that’s been going on for years. If you enter your information, it can easily be used for fraudulent purchases.

There’s no software solution to this particular threat, so you simply have to be skeptical. If you receive a call from an organization that wants personal information, call them back at a publicly listed number, rather than the one provided for you in the voicemail. Phone phishing also tends to give itself away by being vague – usually, it won’t claim to actually be from your credit card company or bank specifically, but something more general, such as the “Federal Credit Union Administration” call I received.

Social Network Phishing

The rise of social networks has given phishing new life. After all, social networks are all about sharing. It’s not at all unusual for a friend to post a link to a nifty article, so users are less likely to be skeptical, and more likely to click on a phishing link.

That’s the bad news. The good news is that phishing on social networks usually isn’t as severe. Usually, the deception will be something like the recent Steve Jobs’ death scams, which are simply looking to harvest email addresses or send people to affiliate links. You might be annoyed by additional spam, but that’s it.

Still, some of these attacks can be fairly harmful. Banks have Twitter feeds and Facebook pages too, and fake ones can be used to try and lure users to forged websites, just like a bogus email. These accounts can be hacked, too. The Bank of Melbourne experienced this, although as is often the case with phishers, the messages sent by the compromised account weren’t of high enough quality to fool many people.

Phishing on social networks can be combated the same way as phishing through email. Security software and extensions can help. You can also use a link preview extension to see if an abbreviated link is sending you where it claims.

Conclusion

Phishing will always exist, because there will always be ways to trick people. It’s easy to look down upon the victims as being stupid, but often the people who fall for the tricks simply lack proper education about computers, or are in a situation that compromises their judgment (don’t check your email while drunk, or excessively tired).

In this case, knowledge is power. With skepticism and a few security tools, you can avoid phishing threats and shut down one of the most common methods of identity theft. Have you been a victim of phishing?

Image Credit: Pro Team Sport Fishing

Stay On Top Of The Latest Online Fraud Alerts With These 6 Websites

Tim Brookes — Wed, 19 Oct 2011 23:30:58 +0000

Online fraud, scams and phishing emails are bound to instill a sense of dread in all of us, so when it comes to protecting yourself online it’s important not to simply rely on software to keep everything in check.

As a general rule of thumb: if it looks too good to be true, it probably is – and this advice is well worth remembering.For extra peace of mind you can also do your own research and investigate the current threats yourself.

The more prepared you are, the easier you’ll be able to spot a scam and steer clear – so without further ado here are some resources to keep you, your friends and family wise to online fraud.

USA.gov – Consumer Frauds and Scams

Probably the best governmental resource for US citizens concerned about fraud, this section of the country’s main online political portal contains a bounty of information about scams in the wild. There is plenty of in-depth, easy-to-understand information on a huge variety of schemes designed to trick and steal.

News is provided courtesy of other sources at the foot the page, and while more regular updates would be nice, the service is a fantastic resource for anyone concerned that they have been hit with fraud. Detailed descriptions of known scams will also help you identify potential dishonesty.

LooksToGoodToBeTrue.com

The aptly named LooksToGoodToBeTrue.com tracks known scams and reports the findings in their Action Centre. The website comes recommended by several government portals (including USA.gov above) and contains more advice for those concerned about fraud.

On a very human level is the Victim Stories section which invites victims of fraud to share their experiences in the hope of raising awareness. The website also has a File A Complaint section which provides the links to several US government department including the FBI-run Internet Crime Complaint Centre.

419 Legal

Named after the 419 scams that once ran rampant online, 419 Legal is in fact a message board where the active community reports on scams, phishing and general fraudulent schemes. Due to the fact that it’s a community and not a news agency or government body, reports are a lot more frequent than on comparable sites.

As well as the Scam Alerts forum where users submit their own reports, there is a General News section, 419 News and archives of past scam email templates to help identify potential scam emails. 419 Legal is a fantastic site with a supportive community and years of archived scam identification techniques.

ActionFraud

ActionFraud is the UK’s national fraud reporting centre, and contains plenty of information that resonates not just in the UK but all over the world. If it’s alerts you’re after then the News & Alerts section contains a run-down of the latest known threats.

As well as news, the rest of the site serves as a useful portal for anyone who has been hit by or is concerned about the dangers of online scams. As well as being able to report the fraud, victims can find out information about what to do next, who to contact and future prevention.

MillerSmiles.co.uk

Despite being a UK-based site, MillerSmiles is a definitive resource for phishing and email scams wherever you are in the world. As well as the latest reports of known scams the website conducts a weekly analysis of all reports submitted.

It is possible to subscribe to alerts via RSS, submit your own scams and search the database of past incidents. The website also organizes threats by company, so if you have received a dodgy looking email from your bank, PayPal or email provider it’s easy to check it against the list.

ScamWatch.gov.au

The final resource on this list comes all the way from Australasia and is a joint effort between the governments of Australia and New Zealand. The ScamWatch Radar keeps track of known threats down-under and it is even possible to subscribe via email for alerts in your inbox.

The rest of the site is packed with helpful advice regarding every kind of scam you can think of, and there is an area to report local scams.

Conclusion

Even if the sites on this list aren’t specific to your locale they can still help identify known scams, phishing attempts and other fraudulent correspondence. If you do receive a suspicious email requesting personal or financial information then alarm bells should always ring. Your bank won’t ask for that information in an email, and if they do then you should always contact a local branch first. Bargains at unbelievable prices usually aren’t bargains and if you use online dating sites then never hand over money to someone you hardly know, no matter how nice they seem to be.

Good luck out there, it’s a big bad Internet!

Have you been scammed, defrauded or had information stolen? Do you know any other good websites that cover the latest frauds and scams? Share your links and experiences in the comments section!

Image Credit: Shutterstock

7 Common Sense Tips to Help You Avoid Catching Malware

Tina Sieber — Thu, 14 Jul 2011 23:31:06 +0000

The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys that may not seem dark at all. In fact, the biggest security risk always is the user!

Catching malware is easy, but generally it can also be avoided easily. All it takes is a little common sense.

1. Open Only Links & Downloads You Trust

This should be obvious, but it cannot be stressed enough. You should not visit dubious websites or download questionable or illegal files. This is almost a sure way to catch malware. If you are not able to avoid these websites, make sure your system is thoroughly protected. If you need help evaluating links for their safety, you can use a browser plugin called Web of Trust (WOT).

Also check out this article: 3 Best Resources To Find Sites That Are Known To Have Spyware & Viruses

2. Turn Off HTML In Emails

A common way how malware is distributed is through email. In fact, malicious emails can contract malware by automatically running scripts when you open an email in HTML view. That’s why most email clients and webmail clients per default do not display HTML content (such as pictures). Leave it that way and only allow trusted sources to automatically display HTML content.

3. Do Not Open Unsolicited Email Attachments

Do not open attachments unless you trust the source or without scanning them. Most webmail clients will scan attachments before allowing you to open them. Also most desktop email clients provide malware scanning to protect you from malicious attachments. Never skip this step!

For more details about the danger of malware spreaded through email, check out this article: 3 Top Ways People Get Infected by An Email Virus [In Case You Were Wondering].

4. Understand How Scams & Phishing Attacks Work

Scams and phishing attacks can hide behind Facebook notifications or an email from your bank. Only that Facebook or your bank never actually sent these emails, they are fake. When you follow the link and enter requested details, the scammers successfully ‘phished’ your password or personal information.

Of course Facebook does sent out legitimate notifications and your bank may contact your through email, too. So when in doubt, always double-check where those links really take you to. Hover over the link in your email and check the underlying URL or (if need be) check for the URL in your browser URL bar.

Also check out this article: Top 5 Internet Fraud & Scams Of All Time.

5. Do Not Be Intimidated Or Fooled By Scare Tactics

They come in all forms and shapes. I will give you some examples below, but generally let me say that you should never install anti-virus or anti-spyware or anti-malware software from untrusted sources! If you are unsure what to get, you can consult the MakeUseOf Best Of Windows or Linux Software pages.

My personal recommendation for Windows users is this malware protection software combination:

AntiVir Free Version (anti-virus)
Microsoft Security Essentials (anti-virus)
Malwarebytes Anti-Malware (anti-malware)

So how do scammers scare people? Usually, when you visit a website, a pop up warns you that your computer virus definitions are outdated or that your computer is infected and that you should install a tool to scan your computer and remove the malware. Don’t let such warnings scare you, they are fake! Lately, scammers also started calling people at their home to tell them that their computer is infected, asking them to turn on their computer, visit a website, and install a software to fix the issue. If this happens to you, simply hang up, it’s fake, too.

6. Scan External Drives You Connect To Your Computer

If you connect an external drive, for example a USB stick from a friend to your computer, be sure to let your anti-virus software scan it. Your friend may not know that they are contracting malware. If you have anti-malware or anti-virus software installed on your computer, you can typically scan the drive by going to > (My) Computer, then right-click on the external drive and select the respective option from the right-click menu, for example > Scan selected files with AntiVir.

7. Pay Attention When Installing Software

Often, a software installer includes optional installs, such as a toolbar or additional programs. Be very careful what you agree to install. Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

Do you feel like you do need some additional malware protection after all? Check out the following posts:

Other than not going online, what tips and tricks did I forget? How do you protect your computer and your data from infections?

Image credits: Eliro, kveselyte

Online Pharmacies Phish For Google Plus Fans With Fake Invites [News]

Matt Smith — Wed, 06 Jul 2011 15:07:13 +0000

Have you received a Google Plus invite lately? If so, you may want to make sure it’s legit before you click, as some of the Internet’s least respectable online pharmacies have been using the hype as a way to hook new customers.

The scam works through the typical phishing formula. Those targeted receive an official-looking Google+ invite in their inbox, inviting them join the service. Unlike some fake emails, this particular phony invite is a reasonably accurate reproduction of the real thing; although the recent introduction of Google’s new social networking service makes it unlikely that most recipients have a clue as to what a real invite should look like.

Once clicked, however, the invite instead open an online pharmacy offering a wide variety of drugs that people may be embarrassed to buy or unable to afford, such as Viagra. There haven’t yet been any indication that the site is attempting to steal user information or that the site itself contains any browser exploits. Thankfully, this simple scam is annoying at its worst.

Still, this round of false invites points once again to the vulnerabilities inherent in social networks and tools. It’s easy to imagine that an email such of this could contain a more damaging payload, and it would no doubt be effective at capturing the attention of some users. Google’s decision to turn off invitations due to the incredible demand makes invites a valuable commodity that’s sure to attract curious eyes.

Source: Daily Mail Online

Tumblr Users Warned About Large-Scale Phishing Attack [News]

Tim Brookes — Fri, 01 Jul 2011 02:31:23 +0000

Microblogging site Tumblr and its users have been targeted recently with a phishing attack that lures unsuspecting users into entering their login details only to have them stolen. The scam operates by offering users access to additional content after inputting login details, in this instance “adult content”.

What makes this phishing scam slightly more sophisticated than usual is the way in which many were affected via Tumblr pages which contained code designed to imitate the Tumblr login. Not all users fell foul via this method, with some being directed to new URLs containing the faked login form.

Many of the Tumblr blogs that hosted this phishing code had been compromised in previous attacks. A small number of sites appear to be at the centre of the phishing effort, including tumblriq[dot]com, tumblrlogin[dot]com and tumblrsecurity[dot]com.

The scam has prompted a few Tumblr users to set up their own anti-phishing sites in order to warn other users, including phishing-alert.tumblr.com and antiphishingontumblr.tumblr.com. These community-led efforts contain information pertaining to phishing (and what it means) as well as recovering your Tumblr account if it has been compromised.

Tumblr themselves have been answering a lot of emails related to this incident recently, so many that they’ve prepared an automatic reply (above) for new support requests. The pre-defined response includes information about undoing the damage done by a compromised account.

Do you use Tumblr? Has this affected you at all? Let us know in the comments.

Source: GFI LABS Blog

BitDefender’s Traffic Light Helps Secure Your Browser Traffic

Justin Pot — Thu, 12 May 2011 19:31:39 +0000

An ounce of prevention is worth a pound of cure. That’s the idea behind BitDefender’s beta TrafficLight service, which lets you know when a given website is a security risk before you open it. It also blocks the dangerous elements of a particular website, leaving you with access to the safe pages.

Some of the more expensive and bloated software suites on the market include browser plugins that let you know if a given website is safe or not. If you’ve completely removed Norton or McAfee from your computer you might miss the safe browsing feature. None of the best free antivirus programs include such a feature to secure your browser traffic.

It’s possible to use AdBlock Plus to protect yourself from malware, but some may prefer to get their protection from a company that specializes in security. TrafficLight is for just such people. Coming from BitDefender, the company that offers the best virus removal live CD, TrafficLight is built by a trusted team.

Even better, there are TrafficLight plugins for every major browser on the market (and at least one minor one) – Internet Explorer, Mozilla Firefox, Google Chrome and Safari are all covered, and even Opera gets protection. Yes, I’m still making fun of Opera users. They post the funniest comments after being slighted.

Installation

Installing TrafficLight couldn’t be easier. Just head over to the TrafficLight download page. If you’re using Windows, the choice is easy – use the Windows installer. If you’re using Mac or Linux, just install the browser plugin that’s relevant for you.

The installation process is pretty simple, if you’re installing a browser plugin. If you’re installing the system-wide Windows software you’ve got another choice to make – whether you want to enable TrafficLight’s SSL protection.

SSL is a secure mode of communicating with the web. Several sites, including Gmail, make use of this encryption protocol to protect information. Lately some malware and phishing schemes have been taking advantage of SSL to avoid detection, which is why TrafficLight offers protection. Some may have apprehensions about letting a piece of software access their SSL communications, so this feature is completely optional. Consider this option carefully.

You can also decide whether or not you want anonymous usage statistics sent to BitDefender. Again, this is up to you, but know that leaving this enabled will help increase the quality of protection TrafficLight offers for everyone.

Once you’re done installing everything should be in place. You are now protected.

Using TrafficLight

Honestly, there’s not a heck of a lot you need to do after installing TrafficLight; it’s pretty much up and running. At the top of every page you’ll notice a small button; click it to configure TrafficLight:

You’ll be filled in that the page is safe, and then you can click a few buttons to bring up options. The configuration screen, for example, allows you to enable and disable certain parts of the program:

You’ll most notice TrafficLight when you conduct a search. You’ll see familar orbs, like this:

Green means safe; red means danger. Yellow is, of course, somewhere between the two. This search feature works with Google. If you’re some kind of freak, it also works with Bing. If you’re from 1999, it works with Yahoo.

Finally, when you attempt to enter a phishing site, you’ll be warned not to.

Superfluous features

There are a couple of features here you’ll probably never use. For example: there is a built-in URL shortener that examines all links for malware. Joy.

There’s also a “share TrafficLight with friends” button, which takes up space and is kind of annoying. An upcoming adblocker has potential, but we’ll see how it compares to AdBlock when its ready.

Conclusion

Overall, TrafficLight is a pretty good supplement to any antivirus program. It can’t scan your computer, but it can help prevent you from visiting harmful sites. Best of all, it seems pretty lightweight. Give it a shot and see for yourself.

When you do, be sure to leave us some comments below. We love hearing how you like a piece of software. Be sure to recommend a better program, if you know of one!

3 Best Resources To Find Sites That Are Known To Have Spyware & Viruses

Tina Sieber — Thu, 03 Mar 2011 23:31:33 +0000

The Internet is a breeding place for malware. New sites containing viruses, worms, keyloggers, and other malicious software are popping up every day. Once picked up and opened by an unsuspecting user, they hatch, infect the computer, and potentially wreck havoc on the system.

Malware causes worldwide economic damage in the multi-billion dollar range and even though users are ever more aware of good security practices, it continues to be a head-to-head race between malicious software and the defense against it. Many users catch malware through browsing online. Thus not visiting known sites with spyware and viruses in the first place is an effective way to keep the computer safe.

This articles shows you 3 resources that will lower your risk of visiting malicious sites by accident. Although you can search online domain lists for unsafe websites, a browser plugin is by far the most convenient way to automatically identify and avoid malicious websites.

Web Of Trust (WOT)

Type: Browser plugin, website

Service: website ratings based on user experience and domain listings

Supports: Firefox, Google Chrome, Internet Explorer, Safari, Opera, Bookmarklet

WOT does more than alert users about potential spyware and viruses. It’s an all-around service that rates sites based on general trustworthiness, vendor reliability, privacy, and child safety. The ratings are conducted by its huge international community. Users can leave comments to further support their rating and point out specific problems with the respective page. Apart from user input, the site also relies on external resources, such as listings of phishing sites published on PhishTank.

The rating symbol appears both in search results and directly in the browser. The complete rating, including user comments, is available on the ‘scorecard’.

If a user attempts to open a website with a bad rating, WOT issues a warning, which has to be discarded, before the site can be accessed.

WOT also offers a small online tool where you can manually ‘check the reputation of your favorite website’ based on its URL.

Alternatives: To my knowledge there are no comparable alternatives to WOT. Similar plugins either lack their own community or a broad support, some of the main features, e.g. no ratings next to search results, or only support one or two browsers. Other tools I tested include Trustpilot Guard (Firefox), TrendProtect (Internet Explorer) and McAfee SiteAdvisor (Firefox and Internet Explorer).

LinkExtend

Type: browser toolbar

Service: provides “meta-site-ratings for computer safety, child safety, company ethics, and popularity”

Supports: Firefox

LinkExtend is a Firefox toolbar, which includes a host of services compiled in the following categories: Safety, KidSafe, Ethical, Site Traffic, and Thumbnails. For its ratings it relies on a range of tools, such as WOT itself, Google Safe Browsing, Alexa, Scryve, and many more. If you do not trust any of the resources, you can turn off single ones via the LinkExtend options (button in the far right of the toolbar).

After installing the toolbar, a setup wizard guides you through the various options.

The ratings and thumbnails presented next to search results are some of the most comprehensive I have found. Moreover, you can highlight your keywords in search results by clicking the yellow marker symbol in the LinkExtend toolbar. If you find the information that is added too much, you can turn off select features via the toolbar options.

URLVoid & URLVoid VScan

Type: website

Service: website reputation based on multiple rating services and scan URLs for viruses

URLVoid is an online service that compiles ratings for websites and scans them for malicious content. It is important to note that these are two separate services!

To detect websites with a bad reputation, URLVoid relies on several resources, including Google Diagnostic, MalwareDomainList, PcTools Browser Defender, PhishTank, Norton SafeWeb, MyWOT, and many others. Results are compiled within a few seconds and the tool displays the rating status for each service below an overall summary. The permalink for a specific page (example: permalink for MakeUseOf) can be bookmarked and shared.

The scanning of URLs for viruses is facilitated by several antivirus engines, including Avast, AVG, AVira, Kaspersky, and many more. Unfortunately, this tool is not very quick and my query was promptly placed in slot number 16,946 of the queue. And instead of moving up the queue, it moved down the queue.

Let me say something about McAfee SiteAdvisor and TrendProtect which are not one of the best resources recommended in this article. Both McAfee and TrendSecure are well known brands within the computer security business. However, I found several problems with these browser plugins. First of all, a conspicious amount of websites rated unsatisfactory or poorly on WOT, received a safe rating from McAfee and TrendProtect. Moreover, some sites that were clearly found to be unsafe and malicious by WOT users, carry a McAfee SECURE stamp, meaning they were ‘verified safe for e-commerce’ and are ‘tested daily for hacker vulnerabilities’. Disagreements far and wide! I cannot verify which rating system is right however. When in doubt I would rather go with the bad rating than trust the good one. Thus I recommend to stay away from McAfee SiteAdvisor.

Are you browsing with Firefox? Check out this post for the 10+ Best Firefox Security and Privacy Addons. For online resources, have a look at the article 4 Quick Sites That Let You Check if Links Are Safe.

How do you make sure your browsing is safe?

Image credits: Vaju Ariel