Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I prevent phishing attacks by using a bookmark?

Let’s say I know the correct address of my bank and I log in the
first time I use my account. Once logged in, I click on a random link
within the bank’s web site, and make sure that the next page is an
https page and the security lock is present. If I bookmark this page,
and use only the bookmark as my means of accessing the web site, is
there any possibility I can be phished?

“Any possibility” is kind of a strong statement, but in general the
approach you describe is sound and something I’d feel safe doing
myself. In fact, by virtue of using a password safe such as Roboform, it’s
pretty much exactly what I am doing.

There are still ways you can be compromised, though, so we need to
look at just what a phishing attack is, and how you can prevent
phishing, and more.

]]>

In the broad sense, phishing is just an attempt to get you to click on a link in email that claims to be one place, but is in fact something else. If you do click through a phishing link, the destination site may well look like what you expected, but if you look closely at the domain in the address bar you’ll typically see that it’s not what you intended at all. Enter, say, your user name and password, and you’ve just given it to a phisher.

“The conventional advice is to never click on links in email for sensitive sites, but rather always type them in by hand.”

The conventional advice is to never click on links in email for sensitive sites, but rather always type them in by hand.

Using a bookmark of some sort is an acceptable approach as well, because you’re going to a site/page/URL that you know is correct, because you saved it earlier from a known safe visit to that site. Use that, and it’s pretty much the same as having typed in by hand.

In either case, you’ll have sidestepped the phishing attempt simply by not clicking on a link in email or on some other site that was questionable, but somehow entering it yourself.

However, in theory, things could still be compromised in other ways.

As one example: a virus infecting your machine could alter your bookmarks. Use the bookmark you thought was for your bank, and you might get taken to a phishing site. For the record, I’ve not heard of any virus that actually does this, probably because once you’ve been infected there are simpler approaches to redirecting you to a phishing site.

That simpler approach is to modify your “hosts” file. This is actually a fairly common approach some viruses take. The hosts file can contain “overrides”, if you will, that allow the attacker to redirect the actual domains of banks, anti-virus vendors, and more to servers of their own choosing. When this happens, “paypal.com” may not actually take you to Paypal, but to a malicious web site posing as Paypal.

Using a bookmark in this case doesn’t save you, but then neither does typing in a URL by hand. If the malware has hijacked the very meaning of “paypal.com” on your machine, then there’s little you can do about it.

The good news is that because this is a common attack by malware most all good anti-malware software will protect you from it.

And it also illustrates once again why prevention, not just through anti-malware software, but by learning good internet safety habits is so important.

So absolutely, use the bookmark – I do. But remember that you must also continue to rely on the rest of your internet safety strategies as well.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

7 comments on “Can I prevent phishing attacks by using a bookmark?”

  1. The described procedure has a major weak point: for security reasom most banks log you out from your account when you leave their site; so, when you connect again to a page in which you previously entered after login, you would (at best) get bumped to a generic (non secure) page or – usually – you get an error.
    The safest way is to type the site’s URL yourself, ideally in a Live-CD OS – no chance of infection so no chance of hyjacking. Otherwise bookmark the site before login.

    Reply
  2. I don’t understand the basis of the queestion for this tip. Any bank that allows you to bookmark ANYthing other than their ‘front page’ or login screen is NO bank I’d want to do business with. What gigi said is true. TRY to bookmark anything ‘inside’ the bank site. If you CAN bookmark that page…change your bank.

    Yikes, that seems kinda harsh. For the record, I disagree. Being able to bookmark a page is benign. One way or another, it’s going to happen. Rather than disallowing it, banks should simply be handling the security implications of people using them. Depending on the implementation that could mean, as another commentor has stated, bouncing to a secure login page. But disallowing bookmarks completely is not only overkill, but ineffective.

    – Leo
    13-May-2009
    Reply
  3. I’m with all of you. Any bank that keeps you logged in to a secure site is NOT a bank I want to deal with. My bank has a 10 minute interval until you must sign in again. I like it.

    For the record, this has nothing to do with bookmarking. It’s very reasonable to have a bookmark deep in the bank’s site, and have it boucne you to a login page if that’s required. (The best will then return you to the page you bookmarked, after you’ve logged in).

    – Leo
    13-May-2009
    Reply
  4. Back to the phishing problem… Another circumventing possibility? You can right-click on any link within an email, copy the shortcut and paste it to your browser address bar, see whether it is, indeed, the correct address before actually going to the site.

    Reply
  5. I should have mentioned in my initial question that when one finishes a banking session, one should always log out and then close the browser window/tab. But this is not always possible (if the browser crashes, for example, in which case I restart the browser, log in and log out again. I also use Sandboxie and have separate sandboxes dedicated to each bank I use, plus No-Script and various web analysis tools to alert me to bad web sites.

    One of the reasons for using an https bookmark is that as I understand it, a request to visit a web site goes through a Domain Name Server (DNS). Some are secure and some are not. By using the https bookmark, the request to visit a web site goes to a secure DNS and is redirected to the log-in page. Typing in an IP number will go to a non-secure DNS, and if it has been compromised (called DNS poisoning) it will make no difference if you use the normal URL or the IP number. But when using a bookmarked https address, the site visit request will go through a secure DNS, and I have not heard of any of those being compromised to date. Leo, correct me if I am wrong on this.

    Using bookmarks do not have any effect of the banking session length, and because using https bookmarks is more secure, why in the world would a bank want to prevent bookmarking them?

    I am curious as to how typing the correct IP number makes any difference in security. The request still has to go to an unsecure DNS. If you type the name of the site correctly, the DNS translates it to an IP number anyway, so while there might be a tiny increase in speed, it is no more secure than typing in the CORREC name. And one can make a typo on an IP number just as one can mistype a word. Using a password manager is always a good idea, though, as long as you are sure you are on the genuine web site.

    Reply
  6. After opening my cable computer account I noticed in my address book , there was a Q=14454451545541445………………….., Bookmark My Account was also shown as the contact. I have asked a couple of IP guys that I know and they do not seem to know what this is? Leo please help!

    Sorry. No idea.

    Leo
    15-Nov-2010

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.