How does Anti-Phishing work in ESET Smart Security and ESET NOD32 Antivirus?

KB Solution ID: SOLN3100|Last Revised: November 11, 2013

Issue

  • What is "phishing"?
     
  • You receive the notification "Warning: Potential phishing threat" from ESET Smart Security or ESET NOD32 Antivirus when attempting to visit a specific website or domain

  • How to report or remove a phishing site from scanning

  • Enabling/disabling Anti-Phishing in ESET Smart Security or ESET NOD32 Antivirus

 

Details

Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites masquerading as legitimate ones. When user’s computer attempts to access an URL, ESET systems compare it against our database of known phishing sites. If a match is found, connection to the URL is aborted and a warning message is displayed. At this point, user has as well the option to proceed to the URL at his/her own risk or report the URL to us as a potentially false positive warning.

The anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes) and this database includes information from our partners as well.

Along this straightforward approach, ESET Anti-Phishing implements specific proactive algorithms. These inspect the visual design of websites in an effort to eliminate those parasitizing on their genuine counterparts. This approach is used to detect for example fake internet banking forms.

 

Solution

ESET Smart Security and ESET NOD32 Antivirus provide Anti-Phishing protection that allows you to block web pages known to distribute phishing content. We strongly recommend that you leave Anti-Phishing enabled (Anti-Phishing is enabled in ESET Smart Security and ESET NOD32 Antivirus by default).

Accessing a phishing website

When you access a phishing website, you will receive the following notification in your web browser. By clicking on Proceed to the site (not recommended), you can access the website without receiving a warning message.

Figure 1-1

Phishing site reporting

The Report a phishing site to ESET and report a false positive phishing site to ESET links provided here allow you to report phishing/malicious websites to ESET for analysis, or report safe websites to ESET for removal from the ESET Blacklist.

Reporting potentially malicious websites contributes to the online security of other ESET users by directing ESET security professionals to content that may be harmful. Content that you submit may be added to the ESET Blacklist if analysis shows that malicious content is being distributed from the web address you reported. Content reported as a false positive will be re-visited by ESET security professionals and removed from the ESET Blacklist if it is shown to be safe.

You will need to provide your ESET Username and Password to submit websites for analysis. Before submitting a website to ESET, make sure it meets one or more of the following criteria:

  • A website that you know or suspect to be a phishing website is not detected by your ESET product
  • A website that you know to be safe is detected as a threat. In this case, use the following link to report a false positive phishing site to ESET

Alternatively, you can report a phishing website or false positive by email. Send reports of phishing websites to samples@eset.com. Please remember to use a descriptive subject and enclose as much information about the website as possible (for example the website that referred you there, how you heard about it, etc.).


Anti-Phishing is not enabled

You can check to see whether Anti-Phishing is enabled by clicking Setup in the main product window. You should see a green circle and the word "Enabled" next to Anti-Phishing protection.

Figure 1-2
Click the image to view larger in new window

 

If Anti-Phishing is not enabled, follow the steps below to enable it:

  1. Open ESET Smart Security or ESET NOD32 Antivirus. How do I open my ESET product?
     
  2. Press F5 on to access Advanced setup.
     
  3. Expand Web and email, click Anti-Phishing protection, make sure that the check box next to Enable Anti-Phishing protection is selected and then click OK.

Figure 1-3
Click the image to view larger in new window

 

Adding Websites to the Whitelist

The Whitelist is a list of websites that would normally be blocked by ESET, but are accessible because you have either clicked Proceed to the site after receiving a security notification from your ESET product, or you have added the website manually in Advanced setup under URL address management. Potential phishing websites that have been whitelisted will expire after several hours by default.

To permanently allow access to a website without interruption from your ESET product, follow the steps below:

  1. Press F5 on your keyboard to access the Advanced setup window.
     
  2. Expand Web and email Web access protection URL address management and from the URL address management drop-down menu select List of allowed addresses.
     
  3. Click Add and enter the URL of the site you want to permanently allow access to in the dialog box, and then click OK. You will no longer receive threat notifications from your ESET product when this URL is accessed.
Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All