08-19-2012 11:17 AM
Online Family is good at blocking phishing but once I see the phishing site what can I do about it? You can see from the activity, below, the sites my son is accessing and following that is the phishing site -- it is only part of the activity for that day. At first I was a little freaked but I see, by the number of pings in a short amount of time, that he's not trying to go to the blocked site it's trying to get to him. When I click on the URL it takes me to an invalid page. What can I do? I looked at the 14 day history and this is the only time it has happened with this category, but it does happen other times with other blocked categories.
08-20-2012 02:09 PM
Norton Online Family blocks or allows websites according to the categories of the websites are blocked or allowed, also checking if the websites are on the black or allowed list.
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details. Phishing is not a category of the websites. Norton Online Family was not designed to block these URLs. What security product(s) do you have on the PC, like Norton NIS or Norton 360?
Also, I'm not sure what make you think the websites are phishing sites. From the two screen shots you have here, are you trying to show any relations between them?
08-20-2012 05:26 PM
Let's start over with this link: Phishing Techniques 2008-09.
Perhaps I don't know the correct lingo but I did not just fall off the turnip truck. I'm counting on you to help determine what the right wording is and simplify so I don't have to go all over the internet. I'm trying to determine how to report whatever is happening...to anyone, not necessarily Norton.
I believe this is phishing or tracking (again, maybe the wrong words), because it would be just about impossible to check a site every 1-5 minutes unless there's a script; some of the hits are simultaneous. The activity log shows 48 in just over an hour. That is just under one per minute. There are hits logged at the same time he's on the other site. The screen shots show the sites that were being used when the it started and the number during that time. I realize that part of it is the "search" but it is impossible to print the entire list of activity and hits for the date. Oh yes, and the header on the attached file "implies" that it may be phishing.
Just like he isn't visiting money.service.msn or s3.amazonaws.com, or watson.microsoft.com, or visicom.antiphishingdomain.com, or urlfilter.vmn.net and yet they all show up as "visited" sites. They show up as visited sites because of some relationship they have to the actual site being used. And when I click on those links, provided in the activity report, some take me to valid sites and some do not. The file attached to this post shows what I get when I click on 18.104.22.168. So, I'm at a loss as to how to determine what it is and either report it to the legitimate site, FCC, etc.
I use Norton 360 and Malwarebytes Antiwalware.
08-20-2012 06:40 PM - edited 08-20-2012 06:43 PM
From your account, it is clearly not phishing that you are describing. Phishing is nothing more than a fake website impersonating a legitimate site. It sounds like what you are concerned about are sites that are showing up as "visited," even though they were never actually clicked on (presumably in a Google search). Please confirm if that is the case.
If so, one explanation may be browser prefetching, also known as pre-rendering. Some browsers, notably Firefox and Chrome, will actually load the pages from some of the links on a page you are visiting so that if you do click on one of those links, the new page will load instantaneously. Firefox by default will prefetch the first link returned in a Google search results page, for example. Prefetching a page is no different than actually visiting it by clicking the link, so any prefetched sites will show in your browser history. I am not familiar enough with NOF to know if it would report these, but it might. Does this sound like what might be going on?
08-23-2012 07:36 PM
YES!!! Thank you. That is the problem.
What's frustrating is that I don't want to see 48+ notifications that a prefetched website has been visited/blocked. If NOF doesn't know the difference, shouldn't it? I want to know if it's possible to limit prefetching done by the browser OR have NOF correctly identify the activity OR report the issue to Google, Firefox, etc. If I was not absolutely sure of the sites my son had been on I would have freaked. And, yes, I'm absolutely sure.
Thank you, SendOfJive!
08-23-2012 08:28 PM - edited 08-23-2012 08:44 PM
I think NOF reports the sites as visited because technically, they are. When a site is prefetched everything is downloaded - page content, cookies - everything. But instead of displaying the page, the browser does all of this in the background and stores the information in the browser cache so it is ready if the user decides to click the link. It is always a good idea to disable this "feature" because you really don't want your browser fetching content from a site that you have not authorized.
One of my all-time favorite threads concerned an unnerving consequence of prefetching: