Microsoft Picks Partners to Fight Phishing

March 8, 2008 – 6:07 PM

Microsoft has signed up three companies to add phishing monitoring and detection technology to its antiphishing filter in the MSN Search Toolbar and the upcoming release of Internet Explorer 7, and its SmartScreen e-mail filter, the company says.

The software vendor has also released the final version of its phishing filter add-on technology for the MSN Search Toolbar. The technology is available as a free download.

Partners in Security

Microsoft is teaming with Cyota, MarkMonitor, and Internet Identity to beef up customer protections in its antiphishing filters, said Samantha McManus, business strategy manager for the technology, care and safety group at Microsoft.

“These companies are providing us with data on reported phishing attacks so we can use that data to protect our customers through our filters,” she said.

Phishing is online fraud that uses fake Web sites, which look like those of legitimate businesses, to trick online users into disclosing personal and financial information that can be used for criminal activity.

Microsoft offers antiphishing technology in IE 7, which will be available in full release for Windows Vista and Windows XP Service Pack 2 (SP2). Windows Vista is in beta now and is scheduled to ship in the last quarter of 2006. Windows XP SP2 is available now, but the IE 7 technology for the OS is still in beta.

Microsoft’s SmartScreen e-mail filter protects Microsoft Hotmail and the Windows Live Mail beta as well as Microsoft Outlook and Exchange e-mail software. SmartScreen also provides antiphishing protection.

Cyota, based in New York, offers online authentication and antiphishing services to provide real-time information about phishing attacks. MarkMonitor monitors and detects online fraud for financial institutions and other corporations, and will deliver information about confirmed phishing attacks against its customers directly to Microsoft, according to the San Francisco company. Internet Identity, based in Tacoma, Washington, automatically detects and takes reports for phishing Web sites for a wide range of clients, such as banks and credit unions. The company will forward this information to Microsoft’s antiphishing filter whenever those reports find a URL that leads to a phishing site.

Antiphishing Tactics

The services provided by the three companies will work slightly differently with the IE 7 antiphishing filter and the SmartScreen e-mail filter, McManus said. For the IE 7 filter, the services will report to the technology’s reputation service, which uses the information to scan a Web page to see if it has been reported by online users as a known phishing site, she said.

For SmartScreen, the filter can learn when phishing attacks are happening and include that information in the filtering process for messages that are sent through Hotmail and Windows Live Mail, as well as clients using Outlook or Exchange, McManus said.

Microsoft previously worked only with WholeSecurity, which was recently acquired by Symantec, to provide information about phishing activity and known phishing sites to its filters, McManus said. The company plans to partner with more companies to provide information in the future.

“This isn’t the final list of people who will provide the service,” she said. “This is a step along the way.”

http://www.pcworld.com/news/article/0,aid,123606,tk,dn111805X,00.asp

You must be logged in to post a comment.