/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

Images: How IE7 beta protects you from phishing

Although it's not a part of IE7, this screen shot of Outlook shows an email that's probably from a phisher because the user doesn't have an account at Chase. Phishers send their emails to millions of people in hopes that some of the people who receive them actually have an account on the financial site's systems and can be fooled into clicking on the links and submitting their login credentials.

|
bill-detwiler.png
|
Topic: Security
10990.jpg
1 of 10 Bill Detwiler/ZDNet

Although it's not a part of IE7, this screen shot of Outlook shows an email that's probably from a phisher because the user doesn't have an account at Chase. Phishers send their emails to millions of people in hopes that some of the people who receive them actually have an account on the financial site's systems and can be fooled into clicking on the links and submitting their login credentials. One way phishers fool people is by presenting a full Web address ("http" and all), as this email does. That makes it look real because the Web address looks like the legitimate domain for Chase. But, as you will soon see in the next frame, the actual Web address that the link takes you too is different than the Web address being displayed.

10991.jpg
2 of 10 Bill Detwiler/ZDNet

In Outlook, when you mouse over a link, it will show you what the real Web address behind that link is. In this case, it is definitely different from the link being displayed. Whereas the link being displayed points to the Chase.com domain, the actual link hiding behind it goes to the notifychase.com domain. This is not Chase's domain, but rather, the phisher's.

10992.jpg
3 of 10 Bill Detwiler/ZDNet

When attempting to click on one of the links, the first Microsoft technology to warn you has nothing to do with Internet Explorer 7. But rather, it's the most recent version of Outlook 2003 that warns you this email could harbor a threat.

10993.jpg
4 of 10 Bill Detwiler/ZDNet

Outlook prevents you from actually clicking on the link until you activate the links by clicking on the grey warning bar (orange when highlighted) that turns up just above the email.

10994.jpg
5 of 10 Bill Detwiler/ZDNet

Once the link in the email is activated and clicked on, IE7 starts (if it's your default browser), and you go to the site and a warning appears with a pastel yellow background, next to the Web address at the top of the browser's toolbar, that this is a Suspicious Website. The Web address is given a pastel yellow background as well. From a user interface perspective, we feel that this is probably too subtle for a warning of this nature.

10995.jpg
6 of 10 Bill Detwiler/ZDNet

If you click on the box that says "Suspicious Website," you are given a more detailed explanation of what the problem could be, a help link to get more information, and another link to report the suspected phisher to Microsoft. Microsoft takes spamming and phishing very seriously and has deep legal pockets that it uses very liberally to shut down spammers and phishers.

10996.jpg
7 of 10 Bill Detwiler/ZDNet

After clicking on the link to report the suspected phishing site, you're taken to a Web form on Microsoft's site so that you can either report the suspected phisher, or claim ownership of the suspected domain to let Microsoft know that you're not a phisher.

10997.jpg
8 of 10 Bill Detwiler/ZDNet

Once you decide to submit the previous Web form, you must offer proof that your not some automated machine submitting the information. These are designed to prove that a human is interacting with the Web site since the validation code is not in machine readable form.

10998.jpg
9 of 10 Bill Detwiler/ZDNet

The process ends with a Thank You from Microsoft.

10999.jpg
10 of 10 Bill Detwiler/ZDNet

One problem with the way IE7 presents the warning is that the warning text disappears if the IE7 window is re-sized to be smaller. In this screenshot, the Web address is still tinted in pastel yellow, but the warning is gone. Since it's a security issue and security is more important to the task at hand, perhaps the Google search box should have been bumped out of the display before the warning message. As a reminder, this is a beta version of IE7, so any and all features we report on here on ZDNet can change by the time the product ships

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users
iVerify

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router