Microsoft's Approach to Anti-Phishing
Published: July 27, 2005
Described as the cybercrime of choice among amateurs and professionals alike, phishing has become the fastest growing threat on the Internet. Indeed, more than 57 million people have reported receiving at least one fraudulent e-mail message purporting to be from a known and trusted source. Phishing e-mail messages come from criminals seeking to deceive recipients into divulging personal data that is then used to perpetrate identity theft. Phishing impacts every aspect of the Internet, so Microsoft is attacking the problem holistically. Employing a three-pronged strategy of technology, collaboration, and education, Microsoft seeks to help stop phishers in their tracks. Below are some key points about the investments Microsoft is making in each of these areas.
Technology
| • | Microsoft is focusing its anti-phishing technologies on two areas: helping to prevent phishing e-mail messages from reaching customers in the first place, and helping to prevent users from accidentally providing key personal data to a fraudulent Web site. |
| • | MSN and MSN Hotmail users already have protection from phishing e-mail messages through Microsoft's patented SmartScreen spam filtering. |
| • | SmartScreen is also enhancing spam and junk-mail filtering in the latest versions of Microsoft Outlook and Microsoft Exchange Server. |
| • | Microsoft is helping to protect the browsing experience with its Phishing Filter, available in Internet Explorer 7. This advanced phish-fighting capability will give consumers greater clarity about known and suspected phishing attacks, and it will provide Web-site owners with a mechanism to offer more consistent and transparent content for legitimate e-commerce. |
Industry and Government Collaboration
Below are some of the organizations and groups with which Microsoft shares information and coordinates efforts toward the common goal of stopping spam and phishing.
| • | Anti-Phishing Working Group, a global industry and law enforcement association. |
| • | Digital PhishNet, a joint enforcement initiative between industry and law enforcement that is dedicated to sharing investigative information and holding phishers responsible for their criminal acts. |
| • | Email Authentication.org, an organization committed to increasing the trustworthiness of e-mail and the preservation of the Internet as a vital communication tool. |
| • | Global Infrastructure Alliance for Internet Safety, a working group of worldwide Internet Service Providers (ISPs). |
| • | Open Group Messaging Forum, an international technology consortium focused on improving e-business and messaging industries. |
| • | TRUSTe, a nonprofit organization focused on enabling trust based on privacy for personal data online. |
In addition, Microsoft has filed nearly 120 civil lawsuits against phishers worldwide.
Customer Awareness and Education
The number of online risks continues to grow everyday. By raising awareness of phishing and similar issues, Microsoft and others can help reduce the number of successful phishing attacks. Microsoft provides an array of resources, tools, materials, and other information to consumers, businesses, and technology professionals. These include the Microsoft Small Business Center, Microsoft TechNet Security, and Microsoft Security Developer Center.
Other resources:
| • | Microsoft Security at Home, a comprehensive safety- and security-focused Web site for the home-PC user. |
| • | Microsoft Safety, a series of Web pages that detail Microsoft's multifaceted approach to safety technologies in general and phishing in particular for various audiences. |
| • | MSN Online Safety and Security, a collection of safety tips, information, and interactive tools designed to help consumers learn about phishing in a fun way. |
