Phishing: Don’t get caught

OK, a poor title, I admit. Don’t filet me.

As noted, this week I am posting on some of the different ways Microsoft is working on improving your experience with your computer, with bits dedicated so far to OneCare, Windows Defender, spam and yesterday on Windows Live Safety Center.

Late last year I mentioned phishing and screen scraping, so let’s tale a closer look at…

Phishing: Have you ever gone to your email box and seen a message from a reputable, top company — perhaps a bank, popular web site or government office — and come across a message that asked you to confirm your personal identifying information (PII)? They’re actually emails featuring links to phony web sites that look like the real thing. Welcome to the world of phishing scams. (See “What is a phishing scam?” for more details.)

Phishing scams are a ruse to steal your PII, a valuable commodity that can help someone impersonate you and cause all sorts of problems. I get a few of these a month usually posing as messages from eBay or PayPal, or major banks where I don’t have an account. Once a phisher has your PII — which can be your name, account numbers, passwords, and Social Security numbers — you could easily find yourself with debts you never imagined, or your bank account wiped out.

According to Consumer Reports “State of the Net” survey in 2005, phishing scams cost consumers an average of $395 per incident in the United States. In 2004, CNET reported that these online cons cost US consumers a total of $500 million. Phishers use many tactics including creating and sending e-mail messages or links to fraudulent Web sites or that appear to be valid in an attempt to fool you into submitting personal, financial, and password information. MSN has a helpful page with more info on battling phishing.

The Microsoft Phishing filter add-in for the MSN Search Toolbar provides offers access to a new dynamic online service, updated several times an hour, to warn you and help protect your personal information from these fraudulent Web sites. The add-in dynamically checks the web sites you visit and gives you a warning if the sites are suspicious. It blocks you from sharing personal information if a site is a known phishing web site. The online information in the add-in is regularly updated. (Note that the Phishing Filter is a new feature in Internet Explorer 7.0.)

Screen scraping attacks are becoming more common in scammer’s schemes to subvert sophisticated security systems – I’ll tackle this one in my next post.

More information:

  • Microsoft’s page on Antiphishing
  • Read more about the improvements we’ve made in our Trustworthy Computing initiative. Some helpful links are noted on the page, including:
  • MSN Online Safety and Security provides helpful tips, information, interactive quizzes, and downloadable safety brochures. The site has information about privacy and e-mail protection as well as ways to keep kids safe online.
  • GetNetWise ( is a Microsoft-supported site that offers ways to protect families from malicious threats on the Web.

Tags: , , , .

3 replies on “Phishing: Don’t get caught”

Comments are closed.