Your

ScamBlockPlus Home Page

Path: Home
Click to install our Chrome extension

The Scam-Block-Plus browser extension provides a layer of protection from online phishing scams.

Privacy


Scam-Block-Plus will never collect your private data.

On the contrary - our main purpose is to protect your privacy, by preventing untrusted websites from stealing your personal data (using phishing technics).

Why & How


How Scam-Block-Plus works?


Online scams spread by abusing the share mechanisms of popular social networks and/or by sending e-mails.

Malicious scam posts and comments try to tempt you to click on a link that brings you to a scam website.

ScamBlockPlus is an anti phishing extension that protects you when this happens.

When ScamBlockPlus is enabled in your browser and you click on a link
while visiting one of the following websites:
     Facebook, Twitter, Instagram, Linkedin, Pinterest, Google+, Meetup (popular social platform)
     Gmail, Microsoft-Mail, Yahoo-Mail, AOL-Mail,
     Rackspace-Mail, mail.com, Zoho, iCloud-Mail (email services)
a tab is opened in which the destination website is displayed.

If the opened website is not listed in the global trust-list as an authenticated website,
and thus is an "untrusted website" then the tab is actively protected by ScamBlockPlus.

Notice that the black scam-block-plus incognito-icon replaces the red scam-block-plus shield-icon.
This informs you that ScamBlockPlus prevents the website from doing things that could compromise your security.

Trusted tab:
Untrusted tab (incognito):

Features

Hiding cookies:

While visiting an untrusted website, your ordinary cookies are hidden from the website.
You appear to be logged-out everywhere, including: Facebook, Twitter, Gmail, ...
Thus the untrusted website can't share, like, or tweet on your behalf.

Blocking text input:

Untrusted websites are prevented from receiving textual input from you.
This blocks scams that trick you into logging-in or into typing and exposing your personal data.

Blocking downloads:

File downloads are blocked when initiated by untrusted websites,
to prevent scams from injecting viruses into your computer.

Protecting you from scam-links that are opened by external applications:

When clicking on a scam-link in an email that is displayed by the Outlook
application in Windows, and the linked web-page is opened with Chrome
(this happens when Chrome is the default browser), you are protected
by Scam-Block-Plus from the scam-website. The same is true when links
are opened by other applications such as Word or Acrobat.

You can trust a website:

By a simple click on a button you can trust a website that is not listed on the global trust-list.
Scam-Block-Plus protection will be turned off for this website.
At any time you can untrust a website previously trusted by you.

Please be sure not to trust a website unless you are absolutely sure
that the website is legit and not a scam !!!

Business Email Compromise (BEC) phishing scams


According to FBI Since January 2015, there has been a 1,300% increase in identified exposed losses, now totaling over $3 billion.

BEC phishing scams usually begins with the fraudsters either phishing the CEO and gaining access to his/her inbox, or with emailing
the company's accountant from a look-alike domain name (that is one or two letters off from the target company's domain name)
and convincing the accountant that the email is arriving from the CEO. The accountant is instructed to urgently wire a large amount
of money to a specified bank-account.

Look-alike domains can be formed by ommiting a single character or
by replacing a single character with a similar one, for example: 'i' is replaced by '1'.

ScamBlockPlus marks emails arriving from the CEO or CFO with green color.
Thus, the accountant can't be fooled to think that a fraud mail has arrived from the CEO or CFO.

marking-trusted-email-source


You can manage the list of trusted emails in the form opened when clicking on the ScamBlockPlus icon:
defining-trusted-emails-list

Can Two-Factor Authentication Protect You From Phishing Scams?


Implementing two-factor authentication via text-messages sent to your cell phone
can't provide you good enough protection against phishing scams.

phishing-and-two-factor-authentication
In the effort to improve security, Facebook recommends using two factor authentication:
If you set up two-factor authentication, you'll be asked to enter a special security
code or confirm your login attempt each time someone tries to access Facebook
from a computer or mobile device we don't recognize.

Google supports 2-factor authentication by entering a six-digits-code sent to your
phone after you enter your username and password.
However, for adding a significantly better layer of protection Google recommends using
a Security-Key for 2-Step Verification, which is a USB device attached to the desktop.

Why sending SMS to your cellular phone is not good enough?
Fraudsters can easily overcome this obstacle. Read more....

EL-AL 70th Anniversary Facebook Scam


El-Al air-plane
EL AL Israel Airlines is the largest airline in Israel.
The name EL-AL means "To the Skies" or "Skywards" in Hebrew.

EL-AL posted a warning on its Facebook page (June 5 at 10:07), that the advertised ad
guaranteeing 2 free airline tickets for participating in a survey is a false announcement.

This large-scale phishing scam has hit thousands of Israelis Read more....

How Scammers Harvest Their Phishing Scams Email-Lists?


phishing-credit-card
Some phishing scams are targeting the general public. For example the Google Docs Phishing Scam targeted all Gmail users. The fraud was viral, thus only a small number of starting Gmail addresses were needed to launch the attack.

Other phishing scams like BEC CEO phishing scams attack specific employees working for victim companies. The scammers must find the email address of a small number of employees plus the email address of their CEO. This is not too difficult.

However, in medium-size phishing scams the attacked population is large, yet specific. As an example lets examine the DMV phishing attack on 1 June, 2017. To be effective the fraudsters needed to harvest email addresses of New-York drivers.

Read more
....

Be Protected from Phishing Frauds Like the Massive Google Docs Phishing Scam


According to Cnet the Google Docs phishing scam relied on OAuth exploitation. With OAuth exploits, as in the case of the Google Docs scam, accounts can be hijacked without the user typing in anything. In the Google Docs scheme, the attacker created a fake version of Google Docs and asked for permission to read, write and access the victim's emails. Google quickly shut down the attack, which affected about 0.1 percent of Gmail's users (at least 1 million people being compromised).

Scam-Block-Plus blocks these kind of phishing scams. While browsing the fake website you are signed-out from Gmail and you can't sign-in. Thus the fake website can't get your permission to access your Gmail. If sign-in dialog will be displayed you will not be able to fill in your details.

blocked-google-docs-phishing-scam

Chrome Incognito-Windows Versus ScamBlockPlus Incognito-Tabs


Incognito windows enable Chrome users to browse the internet anonymously.
However a user must sign into his/her Gmail account to read mails and
must sign into his/her Facebook/Twitter account to read posts/tweets.
Thus when a user clicks on a link in an email or on a post or on a comment
following a post he/she is no longer incognito and is exposed to phishing scams.
ScamBlockPlus protects Chrome users in this common scenario.

More: Chrome Incognito and ScamBlockPlus Incognito Compared.

Businesses using ScamBlockPlus


Law office:
Accounting firm:
Startup: