Information Security: Phishing and Microsoft Phishing filters


Phishing is one of the fastest growing threats of identity theft and abuse on the internet. It is so prevalent that almost any site of importance will have a warning mentioned somewhere to be careful about phishing attacks.

The very basis of Phishing attacks are phony websites that will give a perfect actual site like feeling to the user. This way the attackers manage to fool the user and get the important personal and financial information ranging from SSNs to credit card details.

Often phishing requests are sent over innocent looking emails that reflect the actual emails sent out by the legitimate organizations, requesting users for information. A not so tech savvy user may not be careful enough and hence loss of important information happens.

To fight against phishing scams, Microsoft has taken a number of steps that include:

1. Including SenderID to all of its email  email products and services

2. The Phishing filter (SmartScreen filter)

Per MSDN:

The Sender ID Framework is an e-mail authentication technology protocol that helps address the problem of spoofing and phishing by verifying the domain name from which e-mail messages are sent. Sender ID validates the origin of e-mail messages by verifying the IP address of the sender against the alleged owner of the sending domain.

The SmartScreen filter is a feature of Windows Internet Explorer 8. It is designed to help protect the user from fraudulent websites trying to steal personal information. SmartScreen filter also helps protect from installing malicious software or malware.

SmartScreen filter helps to protect you in three key ways:

  • It operates in the background as you browse the web, analyzing webpages and determining if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen filter will display the “Are you trying to visit this website?” fly-out, giving you an opportunity to provide feedback and advising you to proceed with caution.
  • SmartScreen filter checks the sites you visit against an up-to-the-hour, dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen filter will show you a red warning notifying you that the site has been blocked for your safety.
  • SmartScreen filter also checks files downloaded from the web against the same dynamic list of reported malicious software sites. If it finds a match, SmartScreen filter will show a red warning notifying you that the download has been blocked for your safety.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s