sites often sport numerical addresses, such as http://94.116.102.156, to make them more difficult to trace. Follow the yellow brick road, er, Location Bar. Legitimate Web sites that ask you for highly sensitive information, such as banks, always use a security technology such as SSL (Secure Sockets Layer). Firefox makes it easy to tell whether you are at a secure Web site: The entire Location Bar turns yellow and is punctuated by a lock icon, as shown in Figure 15-5. Note that if you aren't using the default theme, the Location Bar might be shaded with another color, such as green. Although the other developers and I don't encourage it, some themes change the color to better match their design. (See Chapter 17 for more information about the themes feature.) Figure 15-5: The Location Bar turns yellow, and a lock appears at the end of it, when you view a secure Web site. Warning If you ever find yourself entering critical information into a Web site whose address is not enshrouded in yellow, something is wrong. If you attempt to submit information at a non-secure Web site, Firefox displays the warning shown in Figure 15-6.   Figure 15-6: If you attempt to submit information at a non-secure Web site, Firefox displays this warning. If you aren't entering sensitive information, you don't need to concern yourself with this warning. It isn't unusual for Web sites to transmit nonsensitive data in an unencrypted (non-secure) fashion. In fact, it's so common that by default, Firefox doesn't show this confirmation again unless you specifically request it by selecting the Alert Me check box. If you leave the confirmation off, you can continue to detect suspicious activity by observing the Location Bar, as I describe earlier in this section. Likewise, when you leave a secure Web site through a link on its page, Firefox warns you that you're venturing back out into non-secure territory (see Figure 15-7). Again, this should be a concern only if you expected to remain in secure territory - that is to say, if you intended to enter sensitive information into the newly loaded Web site. Figure 15-7: Firefox warns you when you leave secure territory. Warning Firefox always displays the actual address of any secure Web site you view in the bottom-right corner of the window, regardless of whatever tricks a phisher uses to try to disguise it. Note that a secure Web site is simply one that transfers your information securely over the Internet; whether it's transferring that information to a reputable source is another matter. See the following section, "Phending off pharming," for more information. Know where you're typing Get in the habit of asking yourself "Where am I typing this?" each and every time you enter your password. Some phishers try to deceive you by opening browser windows that replicate not other Web sites, but other programs on your computer. For instance, a phisher might design a Web site that looks like an AOL Instant Messenger (AIM) window and asks you to verify your password. If you're an AIM user and are currently logged on to AIM, you might be fooled into thinking this is an AIM window. Remember this simple rule: If the title bar of the window begins with "Mozilla Firefox," it is a Web site masquerading as a program, not another program, because another program on your computer would have its own name in its title bar or something even more descriptive. The AIM Buddy List window, for example, contains your instant messaging screen name (such as Johnny 123's Buddy List Window). A phisher can't replicate that part of the window in his spoof Web site