X

Images: How IE7 beta protects you from phishing

Although it's not a part of IE7, this screen shot of Outlook shows an email that's probably from a phisher because the user doesn't have an account at Chase. Phishers send their emails to millions of people in hopes that some of the people who receive them actually have an account on the financial site's systems and can be fooled into clicking on the links and submitting their login credentials.
By Bill Detwiler, Contributor
10990.jpg
1 of 10 Bill Detwiler/ZDNET

Although it's not a part of IE7, this screen shot of Outlook shows an email that's probably from a phisher because the user doesn't have an account at Chase. Phishers send their emails to millions of people in hopes that some of the people who receive them actually have an account on the financial site's systems and can be fooled into clicking on the links and submitting their login credentials. One way phishers fool people is by presenting a full Web address ("http" and all), as this email does. That makes it look real because the Web address looks like the legitimate domain for Chase. But, as you will soon see in the next frame, the actual Web address that the link takes you too is different than the Web address being displayed.

10991.jpg
2 of 10 Bill Detwiler/ZDNET

In Outlook, when you mouse over a link, it will show you what the real Web address behind that link is. In this case, it is definitely different from the link being displayed. Whereas the link being displayed points to the Chase.com domain, the actual link hiding behind it goes to the notifychase.com domain. This is not Chase's domain, but rather, the phisher's.

10992.jpg
3 of 10 Bill Detwiler/ZDNET

When attempting to click on one of the links, the first Microsoft technology to warn you has nothing to do with Internet Explorer 7. But rather, it's the most recent version of Outlook 2003 that warns you this email could harbor a threat.

10993.jpg
4 of 10 Bill Detwiler/ZDNET

Outlook prevents you from actually clicking on the link until you activate the links by clicking on the grey warning bar (orange when highlighted) that turns up just above the email.

10994.jpg
5 of 10 Bill Detwiler/ZDNET

Once the link in the email is activated and clicked on, IE7 starts (if it's your default browser), and you go to the site and a warning appears with a pastel yellow background, next to the Web address at the top of the browser's toolbar, that this is a Suspicious Website. The Web address is given a pastel yellow background as well. From a user interface perspective, we feel that this is probably too subtle for a warning of this nature.

10995.jpg
6 of 10 Bill Detwiler/ZDNET

If you click on the box that says "Suspicious Website," you are given a more detailed explanation of what the problem could be, a help link to get more information, and another link to report the suspected phisher to Microsoft. Microsoft takes spamming and phishing very seriously and has deep legal pockets that it uses very liberally to shut down spammers and phishers.

10996.jpg
7 of 10 Bill Detwiler/ZDNET

After clicking on the link to report the suspected phishing site, you're taken to a Web form on Microsoft's site so that you can either report the suspected phisher, or claim ownership of the suspected domain to let Microsoft know that you're not a phisher.

10997.jpg
8 of 10 Bill Detwiler/ZDNET

Once you decide to submit the previous Web form, you must offer proof that your not some automated machine submitting the information. These are designed to prove that a human is interacting with the Web site since the validation code is not in machine readable form.

10998.jpg
9 of 10 Bill Detwiler/ZDNET

The process ends with a Thank You from Microsoft.

10999.jpg
10 of 10 Bill Detwiler/ZDNET

One problem with the way IE7 presents the warning is that the warning text disappears if the IE7 window is re-sized to be smaller. In this screenshot, the Web address is still tinted in pastel yellow, but the warning is gone. Since it's a security issue and security is more important to the task at hand, perhaps the Google search box should have been bumped out of the display before the warning message. As a reminder, this is a beta version of IE7, so any and all features we report on here on ZDNet can change by the time the product ships

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos