Tuesday, August 7, 2007

Free Phishing Software

SpoofStick

What is SpoofStick?

SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".

SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start.


PhishGuard

PhishGuard is a FREE service that detects and rapidly disables Internet "phishing" or "spoofing" attacks designed to steal critical financial data. PhishGuard works with all popular browsers on msoftWindows computers.

Phishing attacks use fraudulent websites and emails that mimic well-known organizations in order to trick unsuspecting Internet users. A simple login or account number entry screen becomes a sophisticated trap. By assuming you are dealing with a trusted party, you can reveal financial information including credit card numbers, bank accounts, passwords, and social security numbers to the "bad guys". This type of attack is very difficult for the typical person to detect, as the scammer’s emails and websites mimic the exact style and graphics of the spoofed company, and appear genuine. Sensitive financial information disclosed to scammers is used to make fraudulent financial transactions and to enable long-term identity theft.

Organizations recently impersonated by phishers have included eBay, Citibank, Federal Deposit Insurance Corporation (FDIC), PayPal, AOL, Visa, Bank One, EarthLink, msoft, AT&T, Yahoo, Chase, and numerous others. You can view examples here.

PhishGuard is a simple, free software service. The first person to discover a suspected phishing scam can report the offending email or URL (website address), literally in seconds. There is no need to divulge any confidential information to the scammers. Within minutes, our monitoring team has verified the scam, and added it to the ScamBase™ database. Updates to the database are rapidly distributed to every participating computer, effectively immunizing them against the newly discovered scam.

The PhishGuard system utilizes the collective observations of Internet users plus a rapid server-based submission and distribution system. This unique architecture dramatically reduces the chance that any phishing scam can “slip through the cracks” and blindside an unsuspecting Internet user.

http://www.phishguard.com/default.htm

No comments: