• United States



by Paul Kerstein

Microsoft Partners to Beef Up Antiphishing Tools

Nov 18, 20053 mins
CSO and CISOData and Information Security

Microsoft Corp. has signed up three companies to add phishingmonitoring and detection technology to its antiphishing filter in theMSN Search Toolbar and the upcoming release of Internet Explorer (IE)7, and its SmartScreen e-mail filter, the company said Thursday.

The software vendor also released the final version of its phishingfilter add-on technology for the MSN Search Toolbar. The technology isavailable for free download at

Microsoft is teaming with Cyota Inc., MarkMonitor Inc. and InternetIdentity to beef up customer protections in its antiphishing filters,said Samantha McManus, business strategy manager for the technology,care and safety group at Microsoft.

“These companies are providing us with data on reported phishingattacks so we can use that data to protect our customers through ourfilters,” she said.

Phishing is online fraud that uses fake Web sites, which look likethose of legitimate businesses, to trick online users into disclosingpersonal and financial information that can be used for criminalactivity.

Microsoft offers antiphishing technology in IE 7, which will beavailable in full release for Windows Vista and Windows XP Service Pack2 (SP2). Windows Vista is in beta now and is scheduled to ship in thelast quarter of 2006. Windows XP SP2 is available now, but the IE 7technology for the OS is still in beta.

Microsoft’s SmartScreen e-mail filter protects Microsoft Hotmail andthe Windows Live Mail beta as well as Microsoft Outlook and Exchangee-mail software. SmartScreen also provides antiphishing protection.

Cyota, based in New York, offers online authentication and antiphishingservices to provide real-time information about phishing attacks.MarkMonitor monitors and detects online fraud for financialinstitutions and other corporations, and will deliver information aboutconfirmed phishing attacks against its customers directly to Microsoft,according to the San Francisco company. Internet Identity, based inTacoma, Washington, automatically detects and takes reports forphishing Web sites for a wide range of clients, such as banks andcredit unions. The company will forward this information to Microsoft’santiphishing filter whenever those reports find a URL (uniform resourcelocator) that leads to a phishing site.

The services provided by the three companies will work slightlydifferently with the IE 7 antiphishing filter and the SmartScreene-mail filter, McManus said. For the IE 7 filter, the services willreport to the technology’s reputation service, which uses theinformation to scan a Web page to see if it has been reported by onlineusers as a known phishing site, she said.

For SmartScreen, the filter can learn when phishing attacks arehappening and include that information in the filtering process formessages that are sent through Hotmail and Windows Live Mail, as wellas clients using Outlook or Exchange, McManus said.

Microsoft previously worked only with WholeSecurity Inc., which wasrecently acquired by Symantec Corp., to provide information aboutphishing activity and known phishing sites to its filters, McManussaid. The company plans to partner with more companies to provideinformation in the future.

“This isn’t the final list of people who will provide the service,” she said. “This is a step along the way.”

By Elizabeth Montalbano – IDG News Service (San Francisco Bureau)