Today we turn to phishing and how to fight it.

Since we're going to talk a lot about phishing here, I wanted to make sure we were all on the same page. Here's just what phishing is when it comes to Web sites, according to the Federal Trade Commission:

Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:

Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.

Ron of Thousand Oaks was seeking out a handy tool to help tell which sites aren't what they appear to be. Here's his situation:

A few months ago, I downloaded an address that enabled me to see the site's true address on a line under my toolbar. Story was, if the website was legit, the web address would show legit. If bogus, the address would show as a mess of letters and numbers. This was on my old computer that died. I can't remember the address, or find it anywhere.

This was the closest example I could find to what Ron was seeking:

http://www.spoofstick.com/

It's called SpoofStick and lets the user see if a site is being "spoofed" and the actual URL. There are versions that work with the Internet Explorer or Firefox browsers.

This is how the folks at SpoofStick describe it:

SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well-known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as "phishing".

SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start.

Right up in the toolbar, SpoofStick will tell you if you're on the site where you actually want to be, such as eBay, or if you've been routed somewhere else. It does it through a toolbar note that reads, "You're on ebay.com" or perhaps "You're on 10.19.32.4"

Ron tells me that this isn't exactly what he had on his computer, but it does something similar. Before we get too excited about it, though, there's some bad news.

SpoofStick launched in 2004.

Unfortunately, SpoofStick is no longer being supported by the company that created it. CoreStreet, which created the software, considers it "discontinued."

It can still be downloaded, but hasn't been updated for the latest browsers.

But a number of other tools provide some protection against Web sites trying to trick you into thinking they're legitimate.

In trying to look for a good jumping-off point, I found a 2006 paper comparing different anti-phishing toolbars. Though a bit dated, it offers a good summary of what was available then, and many are still available in updated versions today

http://www.cylab.cmu.edu/files/cmucylab06018.pdf

For those using Internet Explorer and Firefox here are several options when it comes to free toolbar downloads, in no particular order:

Netcraft's toolbar works with Internet Explorer and Firefox

http://toolbar.netcraft.com/

The CallingID toolbar works with IE and Firefox

http://www.callingid.com

McAfee provides Site Advisor for Firefox

http://www.siteadvisor.com/

TrustWatch provides a toolbar for IE

http://www.trustwatch.com/

Granted, these are all just anti-phishing toolbars, and I know it's not a complete list. There are other programs out there that help block and steer users away from phishing sites as well.

Finally, the browsers include their own phishing fighters, particularly in their latest versions.

Here are sites to learn more about those and make sure they're active:

Firefox 2.0

http://en.www.mozilla.com/en/firefox/phishing-protection/

Internet Explorer 7

http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

Know of more sites and tools? Please share them in the comments section below. As always, I appreciate feedback and await your questions at abruce@VenturaCountyStar.com