Opera Browser Gets Fraud Protection

Opera Software is adding fraud and phishing protection to the next release of its free Web browser, version 9.1. The technology follows similar features coming in Firefox 2.0 and Internet Explorer 7, but takes a slightly different approach. Phishing scams and other fraudulent Web sites have continued to pose a major threat to Web surfers. […]

Opera Software is adding fraud and phishing protection to the next release of its free Web browser, version 9.1. The technology follows similar features coming in Firefox 2.0 and Internet Explorer 7, but takes a slightly different approach.

Phishing scams and other fraudulent Web sites have continued to pose a major threat to Web surfers. The Anti-Phishing Working Group said last month that phishing sites increased to 14,191, a new record. Scammers often pose as banks, ISPs and even government agencies in order to steal consumers' identity information.

Opera previously introduced warnings related to fraudulent URLs and SSL certificates. Now, the browser will actively check to see whether a Web site is trusted or a known fraud site. Specifically, when visiting a new site for the first time, the browser connects to a database operated by Opera.

If the site is known, a "i" will display at the right side of the address bar. If the site is unknown, a "?" will display. A fraudulent site will cause Opera to display a warning and prevent the user from connecting to it. Users can override the warning and visit the site if they so please.

Firefox 2.0, meanwhile, uses a blacklist that is stored locally. Users can opt to enable real-time fraud checking, which utilizes a database provided by Google and other security firms. Opera says it chose to turn on real-time protection by default, as most phishing attacks only last a short period of time and would be missed by an outdated blacklist.

Although some users may be concerned about privacy implications, Opera explains that its browser will only send the minimum information needed to check to see whether a site is fraudulent, and will then store the response for future use.

"We don't store information on our servers that let us track individual users. IP addresses are discarded and we don't use cookies or other session information. No information goes directly to third parties, all communication goes through our own servers," the company said in a blog posting. "The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine."

Opera is utilizing a database of Web sites provided by GeoTrust, which was recently acquired by VeriSign. GeoTrust currently offers a browser toolbar that enables similar fraud checking. Still, the feature can be disabled if users are concerned, Opera notes.