Microsoft Enhances Anti-Phishing in IE
Microsoft said on Thursday that it had signed three new providers to supply information on confirmed phishing Web sites for the company's Phishing Filter and SmartScreen technology products. A final version of Microsoft's anti-phishing IE plug-in was also released.
The Phishing Filter is offered as an add-in for the MSN Toolbar, which will be built into the next version of Internet Explorer. Microsoft's SmartScreen technology is used to detect phishing e-mails for the company's Hotmail and Windows Live Mail services.
Phishing is one of the Internet's fastest growing online threats. The number of confirmed phishing sites has skyrocketed over the past year. Whereas only 806 phishing sites were reported in August 2004, that number jumped to 5,259 just a year later, according to the Anti-Phishing Working Group.
"There is of course no silver bullet that can stop phishing, but we believe that the Microsoft Phishing Filter and SmartScreen Technology, when armed with continuously updated data from both great partners and our own users, can help make a significant difference," Microsoft's Anti-Spam and Anti-Phishing Team manager John Scarrow said in a statement.
Microsoft will work will three companies: Cyota, Internet Identity, and MarkMonitor. Data from these firms will be merged together to bolster the effectiveness of Microsoft's URL repudiation service, a list of confirmed phishing Web sites.
Furthermore, Microsoft's Phishing Filter in the MSN Toolbar also investigates Web sites not on the list as the user surfs to them. Using heuristic techniques, the filter looks for a set of characteristics to determine if the site is suspicious.
"Microsoft is right to improve its anti-phishing technologies, and leveraging partners is the right approach," Jupiter Research senior analyst Joe Wilcox told BetaNews.
"I have seen increasingly more sophisticated phishing attacks, such as one e-mail claiming to have detected attempted intrusions from specific IPs and could I please update my account. The message appears so real, even I am tempted to respond, and I know the message is a fake. Microsoft deserves praise for taking aggressive effort."