Images: How IE7 beta protects you from phishing
Although it's not a part of IE7, this screen shot of Outlook shows an email that's probably from a phisher because the user doesn't have an account at Chase. Phishers send their emails to millions of people in hopes that some of the people who receive them actually have an account on the financial site's systems and can be fooled into clicking on the links and submitting their login credentials. One way phishers fool people is by presenting a full Web address ("http" and all), as this email does. That makes it look real because the Web address looks like the legitimate domain for Chase. But, as you will soon see in the next frame, the actual Web address that the link takes you too is different than the Web address being displayed.
In Outlook, when you mouse over a link, it will show you what the real Web address behind that link is. In this case, it is definitely different from the link being displayed. Whereas the link being displayed points to the Chase.com domain, the actual link hiding behind it goes to the notifychase.com domain. This is not Chase's domain, but rather, the phisher's.
When attempting to click on one of the links, the first Microsoft technology to warn you has nothing to do with Internet Explorer 7. But rather, it's the most recent version of Outlook 2003 that warns you this email could harbor a threat.
Outlook prevents you from actually clicking on the link until you activate the links by clicking on the grey warning bar (orange when highlighted) that turns up just above the email.
Once the link in the email is activated and clicked on, IE7 starts (if it's your default browser), and you go to the site and a warning appears with a pastel yellow background, next to the Web address at the top of the browser's toolbar, that this is a Suspicious Website. The Web address is given a pastel yellow background as well. From a user interface perspective, we feel that this is probably too subtle for a warning of this nature.
If you click on the box that says "Suspicious Website," you are given a more detailed explanation of what the problem could be, a help link to get more information, and another link to report the suspected phisher to Microsoft. Microsoft takes spamming and phishing very seriously and has deep legal pockets that it uses very liberally to shut down spammers and phishers.
After clicking on the link to report the suspected phishing site, you're taken to a Web form on Microsoft's site so that you can either report the suspected phisher, or claim ownership of the suspected domain to let Microsoft know that you're not a phisher.
Once you decide to submit the previous Web form, you must offer proof that your not some automated machine submitting the information. These are designed to prove that a human is interacting with the Web site since the validation code is not in machine readable form.
The process ends with a Thank You from Microsoft.
One problem with the way IE7 presents the warning is that the warning text disappears if the IE7 window is re-sized to be smaller. In this screenshot, the Web address is still tinted in pastel yellow, but the warning is gone. Since it's a security issue and security is more important to the task at hand, perhaps the Google search box should have been bumped out of the display before the warning message. As a reminder, this is a beta version of IE7, so any and all features we report on here on ZDNet can change by the time the product ships