Phishing Nets

Phishing is one of the most common forms of cyber-attack at the current time.  Effectively attackers try and fool you to providing sensitive data such as user names and password into fake web sites.

While we all like to think they will never get us, the quality of the phishing emails and the fake web sites is increasing all the time. I was nearly taken in by an “Apple” one (Apple are one of the most targeted domains). It was then that I realised I had a reasonably effective Phishing Net.

Phishing net blog post image

Like many people I use a Password manager (I’ve previously written on Password Managers, following the need to change 40+ passwords after Heartbleed).

When I visit a web site logon page, the password manager scans the URL. If the URL is in its database, it looks up the associated username and password, and automatically fills the details in.

On the other hand, if it is a Phishing site, while to the user it may look legitimate, to the password manager, the URL will not match, so it will not supply the credentials. As such, the password manager has in effect blocked the phishing attempt – a phishing net.