The Netcraft Toolbar uses Netcraft’s databases of web site information to show you all the attributes of each site you visit on the Web, including the site’s hosting location, country, longevity and popularity. The Toolbar is compatible with Microsoft Internet Explorer, and a FireFox version is underway.

Installing the Netcraft Toolbar

Downloading and installing the Netcraft Toolbar is quick and simple:

1. Follow this link to download the toolbar.
2. When you see a prompt asking if you want to open the file or save it to your computer, press the “Open” button.
3. The Netcraft Toolbar Setup Wizard will now appear. Follow the on-screen prompts to install the toolbar.
4. Open Internet Explorer and click the right-hand mouse button over the toolbar area.
5. In the menu that appears, ensure that there is a tick next to the ‘Netcraft Toolbar’ item. If there is not, click the left-hand mouse button over the item and the toolbar should appear.

   

Using the Toolbar Effectively

The Netcraft Toolbar provides you with constantly updated information about the sites you visit as well as blocking dangerous sites

• Once the toolbar is installed, Internet Explorer should look similar to this:

  

• As you can see, the site used in this example is http://toolbar.netcraft.com.
• When you visit a site, the following information will be displayed in the toolbar (unless the page has been blocked, like this one):
• The “rank” (popularity amongst toolbar users) of the site, linking to the top site listings.
• A link to the site report for the current site.
• The flag (if available) and the two-letter ISO code for the country in which the site is hosted; in this case it is hosted in  [UK] (United Kingdom).
• The name of the netblock on which the site is hosted (in this case, the Rackspace.com Netblock). This also links to a listing of sites on the same netblock.
• If you attempt to visit a page that has been blocked, you will see a warning dialog which looks similar to this:

  

Getting the Most from the Netcraft Toolbar

• The toolbar provides you with a wealth of information about the sites you visit. This information will help you make an informed choice about the integrity of those sites. Here is a brief list of points you should be aware of when visiting a site which requires you to enter personal information of any kind:
  • Look at the toolbar to see whether the site’s netblock is registered to the company you expect.
  • Look at the country code and flag on the Toolbar to check that the site is hosted in the country that you expect. There is a list of countries which are often used to host fraud sites here.
  • Request a site report on the site:

  

  • Who is the site’s domain registered to? Be suspicious if this is not the organisation you expect.
  • Who is running the DNS and reverse DNS for the site? Be suspicious if these are not run by a host in a domain controlled by the organisation.
  • How new is the site? All other things being equal, the longer a site has been around, the more you can trust it. “New Site” means the site you are currently visiting has not been seen before by the Netcraft Web Server Survey. This indicates that the site is probably less than one month old. Phishing sites spring up overnight and disappear just as quickly, and you should be extremely suspicious if you see this when visiting what you believe to be a trustworthy site.
  • Does it have an SSL Certificate? Bank sites that take authentication details will do this over SSL. Details of the SSL Certificate (if any) will appear in the site report.
  • Is the site in the DNS? If the site has no hostname or domain name and is a raw IP address be very suspicious.
  • If you are convinced that the site is a phishing site, please report it. If you are unable to report the URL via the toolbar site, please send us the entire mail message intact as an attachment. If you use Outlook you can do this by composing a new mail to toolbar@netcraft.com and dragging the fraud mail on to it as an attachment.
  • Netcraft will send a reward to the first person to report each new phishing site.

Let’s take a look at an example. Below is a phishing attack aimed at customers of SunTrust Banks which we received.

Note that the Toolbar shows that the site is hosted in the USA, at “Inktomi Corporation”, and that the site is new. The real SunTrust web site is hosted in the USA at SunTrust Service Corporation.

Comparing the site reports is also telling; the fraudulent site’s report contains many ‘unknowns’ whereas the site report for the real SunTrust web site shows plausible domain registration and DNS details.

You can find out more about reporting URLs in the tutorial on reporting a suspicious URL.

Reporting a Suspicious URL

When you visit a page that you believe to be a phishing site, or contains fraudulent or deceptive content, we ask that you report it so that other toolbar users will benefit from your vigilance. The more sites that are reported, the more useful the toolbar will become for everyone.

• You can report a URL by clicking on “Report a Phishing Site” in the toolbar menu, accessed by clicking on the Netcraft logo:

  

  After you report a URL, Netcraft analysts will examine the report and block the page if they find it has inappropriate content.

• You can practice blocking an attack by:
  1. Requesting a sample of a fictional phishing attack mail.
  2. Visiting the URL contained in the mail that you receive.
  3. Click on the Netcraft logo in the toolbar.
  4. Select “Report a Phishing Site” in the menu that appears.
  5. URLs from fictional phishing attack mails will be blocked automatically.
  6. You can test that the URL has been blocked by re-visiting it after reporting.