Anti-Phishing Technologies Overview
Published: July 27, 2005
Microsoft is committed to helping to protect Internet users worldwide from becoming victims of phishing scams by promoting valuable consumer education, industry collaboration, legislation, enforcement, and technology innovation to address the phishing problem.
Friend or Phish?
Phishing is the practice of distributing and publishing e-mail messages and Web sites that are designed to look like those of legitimate businesses, financial institutions, and government agencies in order to deceive Internet users, usually for criminal purposes.
Almost all phishing attacks are propagated through unsolicited e-mail messages. In fact, phishing is the fastest growing segment of spam being sent worldwide. It is also one of the most invasive, deceiving victims into disclosing sensitive information such as name, address, phone number, password, Social Security number, and financial information. In many phishing scams, a deceptive e-mail message directs victims to a deceptive Web site that has been established only to collect a user's personally identifiable information (PII). This type of information can then be used for criminal activity such as identity theft.
Microsoft is committed to helping our customers protect themselves against phishing threats, and we are taking a holistic approach to combating phishing through technology innovation, targeted enforcement, legislation, industry collaboration, and consumer education. We are actively engaged with other industry leaders to help reduce the threat of phishing attacks and to provide customers with the tools, resources, and guidance they need to protect themselves from these threats.
Using Technology to Catch Phish
Microsoft is focusing its anti-phishing technology efforts on two fronts: helping to prevent phishing e-mail messages from reaching our customers in the first place, and helping to eliminate the possibility of customers being deceived by spoofed Web sites.
Many e-mail–based solutions are used today in Microsoft technology and solutions. MSN and MSN Hotmail users are already protected from phishing messages through SmartScreen spam filtering. The same technology enhances Microsoft Outlook 2003 junk mail filters and the Intelligent Message Filter in Microsoft Exchange Server 2003. We are also working to enhance SmartScreen with phish-fighting functionality.
In cooperation with others in the industry, Microsoft is promoting e-mail authentication technologies such as the Sender ID Framework, which helps confirm whether a message is indeed coming from the sender it claims to. MSN and Hotmail currently use Sender ID, and Exchange Server 2003 Service Pack 2 (SP2), releasing this year, will provide support for publishing and checking Sender ID records.
In addition to these e-mail efforts, Microsoft is helping to protect the Web browsing experience. We are working to improve MSN and Microsoft Internet Explorer browser technology to help protect consumers from phishing attacks, and we have added several innovations to Microsoft Windows XP SP2 to thwart common phishing ploys. We will be releasing additional anti-phishing technology this year to help further protect our customers' browsing experience.
