Microsoft Taps Partners for Anti-Phishing Efforts

Microsoft said it had formed alliances with three partners to beef up the anti-phishing technology in several of its products, including the soon-to-be-released Internet Explorer 7 and its MSN Search toolbar.

The Micrososft Phishing Filter, which will be available in updates of Windows and in the Windows Live hosted software, will use lists of trusted sites maintained by the partners to warn users when they are visiting a non-trustworthy site.

Searching for Scams

The filter will rely in part on a “URL reputation service” that will be constantly updated with information about what sites are legitimate and which are spoofed pages being used in efforts to steal personal information from users. The filter also scans a Web page being visited for traits associated with phishing scams.

That information from third-party partners that already monitor for fraud for corporations, will be fed to browser windows using the Microsoft .NET platform, which can warn users not to divulge information to certain sites before learning more about them.

Phishing attacks have risen dramatically in the past 18 months, with attackers often choosing to pose as high-profile Internet companies when they send fake e-mails seeking to trick users into visiting Web sites to fill out forms asking for their bank account or credit card data. PayPal users, for instance, are among those most often targeted by phishing attacks.

“There is of course no silver bullet that can stop phishing,” said John L. Scarrow, general manager of the Anti-Spam and Anti-Phishing Team in the Microsoft Technology Care and Safety Group. But he said the filter “can help make a significant difference.”

Partners in Time

The service is similar to the whitelist approach that has been made popular to discern legitimate marketing e-mailers from spammers and which is also being adopted in a service announced this week by TRUSTe and several Internet partners to help consumers know what they are getting when they download free software from the Web.

Microsoft, meanwhile, has made investments aimed at improving its own technology when it comes to stopping phishing and other types of online attacks. But the new filter relies heavily on third parties to provide the real-time data that makes the service work.

The partners include Cyota, which makes anti-fraud and authentication technology used by online banks and others and maintains a database of fraudulent activity.

Also involved are Internet Identity, whose technology aims to protect businesses from fraudulent purchases driven by phishing or other types of identity theft; and MarkMonitor, an Internet monitoring service that seeks out online fraud on behalf of financial institutions and is responsible for shutting down hundreds of phishing sites in the past.

Technology companies are eager to find ways to reduce the prevalence of phishing, particularly since it is seen having the potential to stem the growth of the types of sensitive online transactions consumers are willing to conduct. A study by the Ponemon Institute released in July found that 59 percent of consumers said they would reduce online buying activity as a result of being targeted by phishing.

Making Headway

Microsoft’s filter option comes as some data points to a slight slowdown in the rise of phishing attacks being reported. The Anti-Phishing Working Group reported last month that the number of unique reported phishing attacks was down for the third straight month after peaking at 15,000 in June.

But Gartner analyst Avivah Litan said there appeared to be a correlation between the rise of phishing over the course of late 2004 and into 2005 and a drop in online consumer confidence.

Litan noted that the number of individual e-mail addresses being targeted with phishing e-mails was up 28 percent. “Such breaches are exacting a toll on online consumer confidence and on e-commerce growth,” she added.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels