Opera Fraud Protection

Note: whether or not you choose to enable Fraud Protection, you should always look for the closed padlock in the address field before submitting credit card numbers or other highly personal information.

Note: this document describes Fraud Protection for Opera 9.5. Fraud Protection functioned somewhat differently in previous versions of Opera.

What is phishing?

The explosive growth of Internet commerce has attracted the attention of everyone, including a new breed of online criminals who will attempt to steal your passwords, your credit card numbers, and other personal information by impersonating authority figures from a bank or other institution with whom you have a financial relationship. The best defense against this growing threat is to be aware of the problem, and to be alert when conducting your online business.

Fraud of this kind is sometimes called phishing, and in analogy to fishing, your private information is the catch. There is more than one kind of bait, but the most common type is e-mail, apparently from your bank, coupled to a Web site resembling your bank's, so precisely copied that you may not discern the difference. You will be encouraged to log in and "verify" your customer information: in other words, to reveal your password, credit card number, or other private data.

Because problems of this type are so widespread, many people think it is a good idea to incorporate some degree of fraud protection in the browser. The strategy pursued by Opera is to consult a database, to find out whether your surfing trajectory has been redirected. Although it is not possible to completely eliminate the risk of encountering a phishing Web site, the risk may be minimized.

What is malware?

For the same reason that you have anti-virus software installed, you may want protection from Web sites that distribute viruses or other malicious software, collectively known as malware. The concept of malware encompasses not just viruses, but also scripts that exploit security problems in the browser or in browser plug-ins, scripts that may run automatically when you load a Web page.

Protection against malware Web sites is also part of Opera Fraud Protection.

Opera's approach: the fraud protection server

When Opera Fraud Protection is enabled, you contact a server at Opera every time you request a Web page. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked. Opera sends the domain name of the requested page to the server, which checks it against phishing blacklists compiled by Netcraft and PhishTank, and malware blacklists compiled by TRUSTe.

If the domain name matches a name on the blacklists, the fraud protection server returns an XML document to the browser, describing the type of problem (phishing or malware) and listing the affected addresses within that domain. The XML document names the partner that provided the information, and includes links to pages that describe the problems more exactly, when these are available.

If the requested page matches a page listed in the XML document, the browser presents the user with a warning.

The privacy implications of Opera's Fraud Protection can be summarized as follows:

  1. By default, Opera Fraud protection is enabled.
  2. With Opera Fraud Protection enabled, the domain name of Web sites you visit is sent to Opera's fraud protection server together with a hash of the domain name. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.
  3. Opera's fraud protection server does not save your IP address or any other information related to your identity. There are no cookies or other session information, and the server does no logging.
  4. You can at any time disable Opera Fraud Protection in preferences, by choosing Tools > Preferences > Advanced > Security , and unchecking the box marked "Enable Fraud Protection.". The browser never makes contact with the fraud protection server when Opera Fraud Protection is disabled.

The user interface

With Opera Fraud Protection enabled, every Web page you request is subjected to phishing and malware filters. The security status of the page is displayed on the right side of the address field, as indicated in the table below:

Address Field Protocol Status
Secure Site HTTPS Maximally secure site, with Extended Validation (EV)
Secure Site HTTPS Secure site
? HTTPS HTTPS site with problems
HTTP Normal site
Fraud Site Any Fraud site

A secure page with valid security certificate and no mis-configuration of the server will display a lock on the right side of the address field, and clicking on this lock will cause the security information for the page to be displayed, including information about the Web site's certificate.

If a Web site is found on the blacklists, you will be presented with a warning page, and you must decide whether to visit the questionable Web site, to return to the browser home page, or to read additional information about the status of the page. If you open a phishing or malware page, it will be marked with a red "Fraud Site" indicator.

The security dialog is available at any time via the menu item Tools > Advanced > Page Info or the keyboard shortcut Alt + Enter. It provides the possibility of reporting a site as suspicious, and of enabling/disabling Fraud Protection.

Opera's fraud protection server does not cause any delay in the opening of Web pages.

Enabling/Disabling Fraud Protection

Opera Fraud Protection can be enabled/disabled from Tools > Preferences > Advanced > Security by checking/unchecking the box marked "Enable Fraud Protection."