Phishing is a criminal technique used to acquire confidential information, such as passwords and credit card information, typically done through fake websites that look or feel like the legitimate ones and fool the users into entering their details. Typically, the best way to avoid phishing scams is to always be careful about which site you’re on and to bookmark the ones you frequently visit so that you never enter the incorrect URL. The problem with phishing scams is that unlike your typical Nigerian Prince who emails you personally asking a favor, it is often hard to tell if a site that otherwise looks completely legitimate is stealing your information. Nophish a Firefox add-on that blocks phishing by interrupting HTTP requests to send a password to an unknown server, and the user is warned before entering such information, enabling them to detect phishing websites. It basically uses a whitelist of known URLs and stored passwords to identify phishing attempts, and blocks them. The add-on works much like the famous Web Of Trust extension that can identify a site of poor repute based on feedback from its user base. The difference is that Nophish does not have a user base, rather, a database of good or bad websites.
The add-on remains in the background until you come across a login field and enter your credentials. If the credentials you’ve entered are transferred to an unknown web page, the add-on treats it as a phishing attempt. A popup with a warning is displayed each time a user gives a password to an unknown website. The user can then decide if they want to send data to the said webpage. This decision, made by the user, is stored for future checks.
Since the add-on is still under development, there is a chance a very intelligent scam could pass under the radar. It’s likely to occur if you’re visiting a new site for the first time. Chances of it occurring on sites that you frequently visit can be minimized by the bookmark technique mentioned above.
The add-on is in its experimental stage so you should still practice caution when visiting a website and not rely completely on it. Nophish doesn’t just detect where your information is sent, it also learns which sites are safe based on the ones you allow information to be exchanged with. It is a fast, efficient and handy add-on that enhances web security, and provides you with a safer browsing experience.