IE7 Anti Phishing Technology Protects Users from Online Identity Theft

Microsoft’s highly anticipated release of Internet Explorer 7 is approaching, and Web developers were given a chance to preview IE7 beta in preparation. Internet Explorer 7 was developed amid a flurry of security concerns associated with Internet Explorer 6, and the Microsoft IE7 development team prioritized enhanced browser security in response. One of Microsoft’s solutions to the online security problem is a Web browser feature that protects us from the most dangerous online threat of all: ourselves.

Anti Phishing Technology and Online Identity Theft

This new IE7 feature warns browser users when they are visiting a “phishing” site designed to acquire their credit card number or other sensitive information. Phishing sites work by convincing visitors that they are submitting sensitive data to a trusted, well-known organization, when they are actually sending it to the site’s private owner, or phisher.

Phishers “catch” their victims by indiscriminately sending authentic-looking e-mails linking recipients to a convincing imposter site modeled after a well-known, trusted financial site.  This e-mail directs readers to log in with their password credentials to perform some important action, such as renewing contact information or checking a bank statement for fraud. The phishing site collects its visitors’ credentials and sends them to the site’s owner, who logs in to the phishing victims’ real accounts and makes fraudulent charges and withdrawals. Phishing has been highly implicated in online identity theft.

Internet Explorer 7 and Microsoft’s Anti Phishing Technology

To protect its users from phishers, IE7 looks for tell-tale signs that an e-mail or site is suspicious. If IE7 is set as your default Web browser, when you receive a phishing e-mail and click on the link directing you to the phishing site, IE7 examines the e-mail for suspicious coding. If the Web site and e-mail follow patterns associated with phishing, IE7 tints the Web browser address bar yellow to notify the user that this is a “suspicious” Web site that has been heuristically determined a possible phishing site. A yellow warning message reading, “Suspicious Web Site” also appears to the right of the address bar to explain the color coding to novice browser users.

If a particular Web site has been flagged by a human security expert at Microsoft as a confirmed phishing site, a stronger warning appears. The Web browser address bar turns red, and a red warning message reading, “Phishing Web Site” appears. Even more importantly, navigation to this Web page is blocked, and the user must first read a warning message to visit the reported phishing Web site.

Safety and Web Developer Concerns with IE7 Anti Phishing Technology

IE7’s anti phishing technology has stirred up controversy about a Web browser’s role in protecting its users. Some online safety advocates believe that IE7’s warnings should carry more urgency. Suspected phishing warnings are an understated, light yellow, and many users do not check the address bar when browsing.

Furthermore, smaller browsing windows do not display the phishing warning at all; a concern for those using low screen resolutions common in office environments.

On the other hand, some Web developers fear that IE7 users will take the yellow warnings too seriously. If IE7 anti fishing technology notices characteristics on a Web site similar to those on confirmed phishing sites, the Web site may be marked as a “suspected” site with a yellow warning.

Alternately, the red warning indicates a site a human security expert has positively identified as dangerous. This distinction is not clearly explained in the browser interface, and some Web developers feel that IE7’s criteria for flagging a site as “suspicious” are too strict. In the end, IE7 anti phishing technology may lead to legitimate sites being incorrectly flagged and subsequently losing visitors.

Because IE7 is in its beta testing, however, Microsoft has a chance to duly address the concerns of both parties before this new Web browser is released. Whether Microsoft chooses to take a lenient or strict approach to its anti phishing technology, this new innovation makes surfing the Web on your high speed Internet connection that much safer.