Anti-Phishing Technologies Overview
Microsoft is committed to helping to protect Internet users worldwide from becoming victims of phishing scams by promoting valuable consumer education, industry collaboration, legislation, enforcement, and technology innovation to address the phishing problem.
Friend or Phish?
Phishing is the practice of distributing and publishing e-mail messages and Web sites that are designed to look like those of legitimate businesses, financial institutions, and government agencies in order to deceive Internet users, usually for criminal purposes.
Almost all phishing attacks are propagated through unsolicited e-mail messages. In fact, phishing is the fastest growing segment of spam being sent worldwide. It is also one of the most invasive, deceiving victims into disclosing sensitive information such as name, address, phone number, password, Social Security number, and financial information. In many phishing scams, a deceptive e-mail message directs victims to a deceptive Web site that has been established only to collect a user's personally identifiable information (PII). This type of information can then be used for criminal activity such as identity theft. Microsoft is committed to helping our customers protect themselves against phishing threats, and we are taking a holistic approach to combating phishing through technology innovation, targeted enforcement, legislation, industry collaboration, and consumer education. We are actively engaged with other industry leaders to help reduce the threat of phishing attacks and to provide customers with the tools, resources, and guidance they need to protect themselves from these threats.
Using Technology to Catch Phish
Phishing has been one of the fastest growing online threats, providing the added challenge that sites and attacks can many times only last a few hours or days. To help detect and prevent personal data theft Microsoft has developed a multi-layered defense of dynamic technologies against phishing both in e-mail and with our browser technology to combat this challenge.
The first layer is at the source in e-mail with SmartScreen filtering and new warning features in Windows Live Mail, MSN Hotmail, Microsoft Office Outlook 2003/2007 and Microsoft Exchange server 2003 SP2 and 2007.
In cooperation with others in the industry, Microsoft is promoting e-mail authentication technologies such as the Sender ID Framework, which helps confirm whether a message is indeed coming from the sender it claims to. MSN and Windows Live Hotmail currently use Sender ID, and Exchange Server 2003 Service Pack 2 (SP2) and 2007 provide support for publishing and checking Sender ID records.
Phishing Filter Now Offering One of the Most Accurate Anti-Phishing Technology in Internet Explorer 7
The second layer of protection against Phishing is the new innovative Microsoft Phishing Filter now in use by over 100 million users who have downloaded Internet Explorer 7 and the new Windows Live Toolbar. It acts as an early warning system as you browse the web to warn and even block you from potential Phishing sites suspected of engaging in identity and data theft. Phishing Filter combines client side filtering with an online service that offers up-to-the-hour information on the latest reporting phishing websites from both end users and 3rd party data sources to help dynamically protect consumers.
This is now available and built-in into the browser experience for consumers in new Microsoft Internet Explorer 7 for Windows XP and as part of the just released new versions of the Windows Vista operating system. It is also available in Windows Live OneCare and the new Windows Live toolbar’s new protection feature OneCare Advisor.
In the first large-scale, comprehensive study comparing leading anti-phishing technologies, 3Sharp LLC tested eight browser-based products to evaluate their overall accuracy in catching 100 live confirmed phishing websites over a six week period (May – July 2006). The toolbar and browser solutions tested included EarthLink, eBay, GeoTrust, Google Safe Browsing using Firefox, McAfee SiteAdvisor, Microsoft Internet Explorer 7, Netcraft, and Netscape.
Results from the study place Microsoft Internet Explorer 7’s anti-phishing technology at the top of the list as most accurate, based on its ability to warn users about actual phishing sites while minimizing warning or block errors on legitimate websites.
For additional information on the 3Sharp study, their methodology and results, please view their press release and detailed report at http://www.3sharp.com/projects/antiphishing.