Anti-Phishing Toolbars: Lulling Us into False Sense of Security?
If you’re a smart user, you would know better than to blindly click on links and open attachments in emails or websites. No matter how attractive an offer, or how funny a joke is supposed to be, or how many millions of dollars you were supposed to have just won in a lottery somewhere, smart users should know better. Thing is, not everyone is a smart user–far from it! I’m not saying people are stupid. I do know a lot of very intelligent guys who are not really into technology, and who tend to take all things IT for granted. These are the people supposedly targeted by companies making phishing-blockers, which are usually installed on (or built-into) the web browser.
However, there’s really no better protection against phishing and other social engineering attacks than being an educated user. Phishing blockers might actually make things worse, as they could mostly just lull users into a false sense of security, as we tend to relax and be more trusting if we have “protective” software installed.
Actually what amazes me from the report … is how many toolbars there are out there. They counted 84 on one website alone. Why so much effort? Well, the losses are big from phishing — billions of dollars, according to the researchers. But I can’t help feeling that a lot of the effort here is less altruistic and more about branding, or simply just a way to get a bit of the user’s screen real estate. Nearly every toolbar pictured in the report carries a big logo of the provider of the toolbar — who wouldn’t want their brand plastered over a browser?
But unless the toolbar actually saves the user in 95% or more of cases, these things are useless, and actually counterproductive. I strongly disagree … with the notion that “some protection is better than nothing at all”, as argued by the 3Sharp guys. This assumes the user is an idiot, and can’t learn to be suspicious and follow certain basic rules …
Some things the user just has to wise up to. We don’t provide security officers to accompany each shopper around a pickpocket-prone mall, so just like at the mall, online we have to just get smarter and look out for ourselves.
I have another analogy to contribute. It’s like saying you’re safe driving a car simply because of the fact that it has airbags, crumple zones, and side impact protection systems. But if you’re a crappy driver, then you’re even worse off. Even with all the safety amenities, you sure wouldn’t want to hit your car into a tree or onto an oncoming eighteen-wheeler.
The best way to stay safe on the road is to drive safe. The best way to defend oneself against phishing attacks is to know what to do and what not to do when dealing with material online.