[addin] SpoofStick (anti-spoof browser toolbar for IE and Firefox)

Chris Sells recent post about URL spoofing quoted his wife asking "How is anyone supposed to know that?"

There were some good comments on how to detect, filter, alert, or educate around the problem of URL spoofing, in which an e-mail or site shows a link that pretends to take you to one domain but takes you to another:
<a href=www.evilhackerz.com/steelPasswurdz.php>www.ebay.com/update/passwords</a>

I commented that someone could make a browser addin that detected URL text that looked like an HREF but didn't match domains and show a warning.

I just saw a toolbar for both IE and Firefox that doesn't quite do that, but takes a step. It shows you what domain you're on, so you'd at least know (after you'd followed the link, but before you'd submitted any information) that you'd been had:
 

I don't plan to use this - I get so many spoofing / phishing e-mails that I'm used to the precautions. I think I might set it up on my wife's computer and recommend it to family. At least it answers the question of "How is anyone supposed to know that" and takes a step to doing something about the problem. Hopefully, Phish Detection will be as standard as Pop-Up Blockers some day.

Download Spoofstick here:
http://www.corestreet.com/spoofstick/index.html

1 Comment

  • I loved this.. but its not compatible with any 2.0 version of Firefox.. looking forward to seeing a version come out.. thanks for your hard work

Comments have been disabled for this content.