Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Bob or post in the Forum.

« Sick of launching IE all the time? | Main | iTunes and iPhone Kill Vista »

The IE Phishing Filter

Phishing websites impersonate trustworthy websites for the purpose of obtaining personal or financial information from you. This has become a pretty big problem in recent years. I get notices from Paypal, Ebay and any number of banks urging me to update my account on an almost daily basis. Two things should be evident: first, these sites will never contact you via email to come update your account. second, if you hover over the links provided in these emails, you'll see the address is normally an IP address and not the proper website name to which the text refers.

IE7 provides some automatic protection here with its phishing filter. To test the effect of IE7s phishing filter, Microsoft provides a test URL. Follow the steps below to test the effect of your phishing filter settings:

* From IE7, select "Phishing Filter" from the tools menu and choose "Phishing Filter Settings"

* The Internet Options "Advanced" dialog appears with a long list of settings, scroll down to "Phishing Filter" (which you will find toward the very end of the list).

* If it is disabled, turn in on by choosing "Turn on automatic website checking". Note: if you set this to "Turn Off Automatic Website Checking" you will simply get a little icon in the status bar which will let you manually trigger the check to see if a site is reported as a phishing website. And naturally, setting it to "Disable Phishing Filter" will result in no such functionality.

* Now visit the test URL: http://207.68.169.170/contoso/enroll_auth.html

* You should see the page start to load, and then the phishing filter takes over and warns you have the security risk. It warns you in the title of the window, in the address bar (which also turn red), and in place of the document a message with some options about how to proceed is presented (including the option to report that this is not actually a phishing site). View image

* Another URL is provided to test a "suspected phishing site", visit this URL to test this result: http://207.68.169.170/woodgrovebank/index.html.html

* You should see the page load, and then the phishing filter injects a warning by coloring the address bar yellow with the message "Suspicious Website". Click on this message for an explanation and option to report if you feel this is a phishing site or not.

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Bob Kelly on July 2, 2007 10:11 AM |

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Bob Kelly's Bio:

Bob Kelly is the founder of AppDeploy.com — a resource focused on desktop management products and practices. He is author of the Start to Finish Guide to Scripting with KiXtart and The Definitive Guide to Windows Desktop Administration. He is also president and co-founder of iTripoli, Inc. who provide AdminScriptEditor.com, home to an integrated suite of scripting tools and a shared library of scripts and language help. Not enough? For more on Bob click here.