Phishers begone
Published: June 2, 2006
By Sandi Hardmeier
Back in November 2004, I composed what proved to be one of my more popular Internet Explorer Community articles, entitled "Help Protect Yourself from Online Crime." That article discussed in detail the then emerging threat of "phishing," the act of creating a replica of an existing Web page in an attempt to fool a visitor into providing personal, financial, or password information.
That article also focused on teaching users how to spot the tell-tale signs of potential problems in an e-mail by conducting quick safety checks. These include examining any URL you are asked to click on, watching the Address Bar and Status Bar when visiting a Web site, and watching out for Address Bar overlays.
Since that phishing article was published, the rate of reported incidents has increased, and the growth in the number of reports received per month has accelerated. The bad guys have persisted in their attempts to fool users, expanded their repertoire of tricks, and increased the number and types of businesses impersonated. They no longer target just the "big end of town," but have also started targeting smaller, regional businesses.
If the bad guys can find a trick to fool hapless users, they'll use it, and some of their tricks are awfully hard to spot. At times, recognizing such scams can take a high level of experience, an understanding of what is "normal" in a business e-mail, and an understanding of what constitutes a phishing tactic. Not only that, phishing sites may also try to install malware such as keyloggers or trojans on the computers of those unlucky enough to be fooled into visiting a phisher's lair.
Enter the Phishing Filter
As phishing became more widespread and publicity drew attention to the issue, some attempts to protect users from phishers appeared, such as the Spoofstick toolbar and Earthlink's Anti-Phishing protection (both of which I featured in my original phishing article).
Microsoft has joined ongoing efforts to protect users from fraudulent sites, working with law enforcement agencies to enforce legislation that protects users against phishing and raises awareness in the community as a whole. With the introduction of the Phishing Filter, Microsoft is also directly assisting users as they decide if a site is real or fraudulent.
Microsoft has lodged over 120 civil lawsuits against phishers all over the world
The Phishing Filter is an early warning system included with Internet Explorer 7 and is also available as a plug-in for the MSN Toolbar. The Phishing Filter checks URLs as they are visited against a database of known bad sites, and it will not only warn you if you visit a known phishing site, but also block immediate access. In cases where a site that is not in the database exhibits characteristics common to phishing sites the Phishing Filter will also display an alert, but won't block immediate access. Finally, the Phishing Filter will reassure you when you visit "high trust" sites.
My second article about phishing, "The Phishing Filter: Fight the Modern Day Con Artist" discusses the Phishing Filter in some depth, so we won't go into the technical details of the filter here. I recommend that you read that article and my first phishing article to familiarize yourself with the extremely prevalent and, some say, the fastest growing form of identity theft on the Internet.
Tip: If the Phishing Filter detects a known phishing site, please do not ignore the warning you have been given. Even though you know that the site is fraudulent, and you have locked away your credit card or embedded it into the middle of a block of ice in the freezer (yes, a local Consumers' Association really did recommend such a step for debt ridden Australians), DON'T GO TO THE SITE! There are many examples of phishing sites attempting to install keyloggers, trojans, viruses, adware, and other malware onto the computers used by people unfortunate enough to visit. (As of January 2006, the Anti-Phishing Working Group reported that 1,100 sites have been detected that hosted keyloggers.)
Amazing statistics
In a December 2005 report, the Anti-Phishing Working Group released the following statistics about the prevalence of phishing sites and e-mails. Two numbers stand out:
Number of unique phishing reports received | 15,244 |
Number of unique phishing sites received | 7,197 |
In a January 2006 report, the number of unique phishing reports received by the Anti-Phishing Working Group was 17,877, and the number of unique sites was 9,715.
At the time of writing this article, the Phishing Filter has been in use for only a few months; therefore, comprehensive statistics were not yet available. It is thus not possible to draw a like-to-like comparison between Anti-Phishing Working Group statistics and those available this early in the game for the Phishing Filter, but the statistics that are available are still very impressive.
For example, since January 31, 2006, the Phishing Filter had blocked close to 100,000 instances of people trying to access a known phishing site—that's close to 100,000 people who have been protected from identity theft and infection of their systems with keyloggers or trojans.
I find it frightening that so many people are being fooled by phishers despite all of the publicity and education campaigns that have focused on the problem over the past few years. It will be very interesting to see the statistics once Internet Explorer 7 is released and is offered through Windows Update. The more people that use the service, the greater the detection net, and the safer we will all be.
Microsoft's statistics also reveal that over 6,000 confirmed phishing sites are being added to the Phishing Filter service (called the "URL Reputation Service") every month. Again, this can only improve as the use of the Phishing Filter becomes more widespread.
How Did the Phishing Filter Become So Successful, So Quickly?
User involvement and cooperation between industry groups is the key. It is important to note that the 6,000-plus sites mentioned above are being sourced not only from user reports received through the Phishing Filter, but also from third-party data sources.
Inter-group collaboration and data sharing is a very strong weapon against phishers. We are not going to win this battle by standing alone and keeping information to ourselves. Some of the groups with which Microsoft actively shares information—and from which it receives information—are the Anti-Phishing Working Group, Digital PhishNet (of which Microsoft is a founding member), E-mail Authentication Org, the Global Infrastructure Alliance for Internet Safety, and Truste.
"If I Use the Phishing Filter, Will I Always Be Safe?"
I simply cannot answer yes to this question, and, to be honest, it would be remiss of me to ask you to place your faith in warning mechanisms without encouraging you to "get educated" at the same time.
Just like antivirus programs, the Phishing Filter depends on the discovery, reporting, and confirmation of phishing sites and on the use of machine-learning heuristics to judge whether or not a previously unreported site may be fraudulent. It is an excellent protection, but it is not foolproof. There is only so much that can be done to protect people from themselves.
Education is, and will always be, a key component to staying safe. For example, have you tried out the Phishing IQ Test? Microsoft has also released a downloadable PDF document entitled "Help Protect Against Phishing Fraud."
