20 March, 2024
by Mark Teisman
I created a browser extension that I'm liking so far, and I want to share it with you.
I'm embarrassed to say that some years ago, I essentially got phished. I received an email, followed the link, went to a website that looked like my bank's, and multiple times attempted to login. After the third attempt or so, I noticed the URL was off. Of course, I then immediately took certain remediating actions, including changing my login details.
Why I should have caught this phishing attempt earlier.
"Company that I'm a customer of <[email protected]>"
(though my email client unfortunately did not show the shady email address part).It's worthwhile adopting some structural improvements to your set-up, that increase the likelihood of detection. Configure your browser to always show the address bar. Adopt email client (settings) that always show the sender address, and that make sure that the href is shown in emails.
You could also adopt good habits. For instance, always check the href before clicking on a link (on mobile devices, this probably requires a long press). Another good habbit would be to, after landing on a page, checking the host's SSL/TLS certificate. In practice, I'm sure it will prove difficult to develop or maintain these habits consistently.
About the extension I built. The extensionallows you to build a database of trusted domains, and allows you to create visual distinctions between trusted and untrusted domains. By default, the extension does this by applying a pattern to the password input in forms, but you can provide your own CSS for trusted and untrusted domains as well. The idea is that upon observing a pattern that you associate with untrusted domains, it is a caution.
The trusted and untrusted password input patterns are randomly generated on first use, so that each user of the extension will have their unique patterns that they'll learn to recognise. We generate a random pattern, as opposed to an alternative such as having all users see a green background for trusted, and a red background for untrusted websites, to prevent phishing websites from just applying the "trusted style" themselves.
I've been using this extension for a few weeks now, and I'm quite happy with the results. The CSS rule that applies the background pattern seems to work well on most password inputs, and I've gotten used to expecting a pattern (i.e., if there's no pattern at all, say just a white background, it feels off). Also, I am diligent in, each time when I see the untrusted pattern, double-checking if the hostname of the website is as expected, and in updating my database by marking the domain as trusted.
You can download the signed extension here.