First-Line Defence
Intro
Although PhishFort does everything it can to protect users by executing takedowns on malicious domains we detect targeting our clients and popular ecosystems, there is a brief window of time where the attackers still have an opportunity which is out of our control.
One of the ways we try and narrow that opportunity is by feeding our blocklist into our 3rd party partners, submitting to SafeBrowsing, and imploring all users to download and use our Protect Browser Extension (opens in a new tab).
While this proactive approach has worked in protecting millions of users sooner, we implore all crypto ecosystems to consume our blocklist in an effort to protect users. We propose:
If your ecosystem (Solana, Ethereum, etc.) has popular browser extensions or tools that have access to the user's address bar (current URL visited), we implore you to add the layer of protection to stop user's from interracting from the site. A good example of this would be Google SafeBrowsing's red warning banner.
Warning banner example
Using the PhishFort Public Blocklist to protect your users
The flow of events is simple to integrate, and there are two main approaches:
1. Download the complete PhishFort blocklist periodically from the browser extension:
- Download a local version of the PhishFort Domain Blocklist here (opens in a new tab) or using the API.
- Check whether the site the user is visiting is present in the blocklist.
- If the site is present in the blocklist, display a visual warning to the user.
- Ensure to update the local version of the list periodically.
2. Or, perform a lookup when a user visits a page (not recommended):
- Call the PhishFort lookup API to check whether a URL, domain or hash is safe.
- If the
dangerous
field from the lookup JSON result istrue
, display a visual warning to the user.
How your team implements the flow is up to you. PhishFort will facilitate either method.
The value of protecting users
The value of warning users with a warning banner in your plugin is obvious, since it:
- Stops the user in their tracks notifying them that they are trying to access a dangerous page.
- Is easy to implement using the PhishFort Blocklist API tools.
- If implemented correctly, does not collect any data about the user's visiting habits. You can read more about our data collection policy here.
Some notes about user privacy
PhishFort collects no data, however it is important for the team responsible for implementation to carefully consider how the data they parse (eg. user site visits) will be handled. We recommend periodically downloading the PhishFort Blocklist to a local cache on your extension (not using lookups) as the best way to prevent any leakage of user information, however we understand that this may not always be the optimal solution.