Today I received an Alert from Google that my name had appeared online. (Being in information security breeds paranoia, so I’d set up a Google Alert for occurrences of my name online–and for the rest of my family as well!)
The Phishing Attempt
Here’s the Google Alert I received:
Ben Woelk (bwoelk) on Twitter
Infosec Communicator, Trainer and Policy Analyst at RIT. STC Rochester VP. Educause A&T co-chair. Community builder applying Web 2.0 to security awareness.
Curious to find out where my name had appeared and thinking that Google had alerted me about Twitter, I clicked on the link. (And yes, I really should know better!) Clicking on that link brought me to a site that looked exactly like my Twitter page, a potential phishing site. Or I should say, “almost brought me” to the site?
How did I know it was a phishing site and why didn’t I arrive there?
One indication that it’s a possible phishing site is the URL, which clearly is not Twitter.
The other indication was that my Netcraft Toolbar plugin on Firefox blocked access to the site and asked me to confirm that I wanted to go there. Here’s what the Netcraft Toolbar showed me when I tried to go to the site:
After I chose “No,” my browser window showed:
Netcraft Toolbar Features
The toolbar also provided some information about the site itself. The diagram below (captured and edited with TechSmith Snagit 9.x), shows the information the toolbar provides:
Netcraft and Me
I’ve been using the Netcraft Toolbar for several years and have been pleased with its performance. It blocks known phishing sites and also provides you the opportunity to submit suspect sites to them for verification. If Netcraft decides that it is indeed a phishing site, it serves as a neighborhood watch group and blocks all Netcraft Toolbar users from reaching the site. Netcraft provides versions for both Internet Explorer and Firefox.
NOTE: There seems to be a good deal of discussion about whether retwite.appspot.com is really a phishing site or a proxy. Either way, the toolbar works in the same manner to protect from other reported phishing sites.
You may also want to visit the RIT Information Security Safe Practices webpage for more information about protecting yourself and others.