Microsoft adds antiphishing to IE toolbar

Microsoft will release on Tuesday an add-in for its MSN Search Toolbar designed to detect if users are landing on phishing sites.

Microsoft plans to release a pair of add-ins to its MSN Search Toolbar with Windows Desktop Search, including one that detects Web sites possibly being used to carry out phishing scams, according to an official from the Redmond, Washington software vendor.

Microsoft said last week it planned to release an antiphishing add-in for this free Internet Explorer toolbar but it didn't say when it would make it available.

Now the plan is to make the Microsoft Phishing Filter Add-in available on Tuesday, along with another one for gaming enthusiasts, Justin Osmer, an MSN product manager, said in an interview.

At press time, the add-ins weren't yet available at http://addins.msn.com.

The antiphishing add-in is in beta test form. It is based on the same technology that the upcoming Internet Explorer (IE) 7 browser will feature for antiphishing. Releasing this add-in before IE 7 becomes generally available will provide the protection to users of IE 6 in the meantime, Osmer said. IE 7 is in a limited beta test period currently, and thus available only to a small number of users.

"We want to help customers be more aware of where they are landing online and steer clear of this phishing phenomenon out there, which unfortunately continues to grow," Osmer said.

If the add-in suspects the Web site a user is visiting is a phishing site, it flashes a bright yellow bar under the toolbar with a warning saying the site is suspicious and to proceed with caution, Osmer said. The add-in determines a site is suspicious based on an analysis of a variety of the site's characteristics that match those commonly found on phishing sites, he said.

If the add-in is sure the visited site has been set up for phishing, it will flash a bright red bar under the toolbar with a message saying the ability to enter personal information on the site has been blocked for the user's protection. This determination is based on a list compiled by Microsoft of sites that have been verified as being used for phishing, Osmer said. This list is being constantly updated. The add-in also automatically, in these cases, disables the toolbar's feature that automatically fills in the user's information on an online form, he said. Users can override the blockage if they want, he said.

The add-in also has buttons for users to report to Microsoft any Web sites they suspect are being used for phishing, or to report if they think a Web site the add-in flags as suspicious is legitimate, Osmer said.

The Microsoft Phishing Filter Add-in will initially work on IE 6 running on Windows XP SP2, a spokeswoman for Microsoft said. The company's goal is to expand the offering to other versions in the future "as we continue in the beta testing and gathering consumer feedback," she said via e-mail.

Meanwhile, the Games Add-in gives access right from the toolbar to popular games from the gaming section of the MSN.com portal. It also links users over to that MSN.com section, Osmer said.

Phishing is a fraudulent practice in which scammers dress up e-mail messages to make them look like they came from a legitimate organization, such as an online store or a bank.

The phishing e-mail attempts to get users to link to a Web site that resembles the one from the legitimate organization mentioned in the message. The idea is to get users to enter sensitive information, such as passwords, account numbers or U.S. Social Security numbers, on this fraudulent Web site, in order to steal the users' identities.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about INSMicrosoftMSNVIA

Show Comments