BlackLists vs WhiteLists

By: Eldad Zamler

Why BlackList Techniques Can't Overcome Online Phishing Scams?

BlackLists And the Flood of New Phishing Websites


According to ZDNet 1.4 million phishing websites are created every month.
They are short-lived websites, which operate until the scams promoted by
them are exposed.

Conventional BlackLists Techniques Are Not Working

It is nearly impossible to automate a fast recognition that a new website
is actually a fraud. Phishing websites and their corresponding legit websites
have similar beavior. The only special characteristics of scam websites are
the identities and intentions of their owners.

Usually phishing scams spread fast, thus to be effective any protective tool
must detect a scam website and blacklist it on the fly (which is nearly
impossible) or alternatively make its decision based on users reports
(which can cause unacceptable false negative detections).

These are the main reasons why blacklists techniques are quite useless
in the endless war against online phishing scams.

Enter Scam-Block-Plus Trust-List Technique

To do its job, Scam-Block-Plus uses a whitelist based technique.
Only when the user clicks on a link while browsing his/her online email-platform
or social network, Scam-Block-Plus interfere to protect the user from frauds.

Almost 1/2 million well-known websites are included in the global trust-list.
These websites (in addition to websites which are privately trusted by the user)
bypass scam-block-plus protection (because they are trusted).

Other websites (which can be legit or not) are not blocked but instead their tab
is displayed in a Strong-Incognito read-only mode (they can't receive information
about the user). The user appears to be logged out everywhere, and prevented
from typing textual input.

This technique is effective against online Gmail, Outlook, Facebook, ... and other
phishing scams.