The criminal mind knows no bounds. How else do you explain the clever nefariousness of phishing attacks?
In a phishing attack, you’re sent what appears to be legitimate email from a bank, eBay, PayPal, or some other financial Web site. The message tells you that the site needs to confirm account information, or warns that your account has been hacked, and needs you to help keep it safe.
If you, responsible citizen that you are, click the provided link to clear up the supposed problem, you wind up on what looks like the bank/eBay/PayPal Web site. But it’s a fake, carefully designed to look like the real thing; it’s run by a scammer. If you type in your password and login information, as requested, the next thing you know, you’re getting credit-card bills for $10,000 charges at high-rolling Las Vegas hotels.
The fake sites look so much like the real ones that it can be extremely difficult to tell them apart. (That’s can be; on some of the phishing sites, spelling mistakes a fourth grader wouldn’t make are a clear giveaway.) To make the site seem more realistic, the scam artist often includes legitimate links alongside phony ones. But if you click the login link, you’re in trouble.
Internet Explorer 7’s new phishing filter protects you from these scams. You don’t need to do anything to turn it on; it’s always running.
One day, though, when you least expect it, you’ll be on your way to visit some Web siteand Internet Explorer will stop you in your tracks with a pop-up warning that you’re about to open to a “reported phishing website”
In that situation, click the green checkmark button to close the page. Do not click the red X button; it will send you through to the phony site.
If Internet Explorer isn’t quite sure about a certain site’s phishiness, but it has a funny feeling in its bones, a yellow button appears next to the Address bar that says, “Suspicious Website.” Unless you absolutely know the site is legitimate, it’s a good idea to head somewhere else.
Phine-Tuning the Phish Philter
There’s not much to controlling the phishing-filter feature; you can turn it on and off and check a certain Web site to see if it’s legitimate. Choose ToolsPhishing Filter to view the following options:
Check this Website. This command sends the address of the Web site you’re visiting to Microsoft’s computers, where it’s checked against the massive real-time database of phishing sites.
After a moment, a message appears to let you know whether the site is legitimate, suspicious, or a phishing site. If it’s legitimate, a box pops up telling you so; if it’s suspicious or a phishing site, the warning appears in the Address Bar .
Turn Off/On Automatic Website Checking.
This option sounds as if it turns off the phishing filter, but it really doesn’t do that. Instead, it disables one of the lines of defense against phishing sites: sending a list of Web sites that you visit to Microsoft, to check against Microsoft’s database.
However, you’ll still be protected by the two other lines of defense (checking your own PC’s database of phishing sites and heuristic checking).
Microsoft says that it doesn’t save the Web site addresses it collects, and can’t associate it with you in any way. If you’d prefer not to transmit your whereabouts to Microsoft or anyone else, however, you can turn off this featurewith the understanding that you’ll be a little more vulnerable to phishing attacks.
Report this Website.
If you stumble onto a Web site that you think is a phishing site, click here. A new browser window opens; turn on “I think this is a phishing Website.” Choose the language used by the site, and then click Submit.
Also use this option in the opposite situation: when you’re visiting what you know is a legitimate site, but that Internet Explorer identifies as a phishing site. Just above the Submit button are two choices: one for reporting that you don’t think the Web site is a phishing site, and the other to report that you know it’s not a phishing hole because you own it.
Phishing Filter Settings.
When you select this option, the Advanced Internet Options dialog box opens, crammed with Internet Explorer settings covering virtually every aspect of the browser. To see the phishing filter settings, scroll way down, almost to the bottom of the list.
Choose Disable Phishing Filter if you think you can spot the tricksters perfectly well on your own. The other options provide a second place where you can turn that sending-Web-site-information-to-message (”automatic website checking”) on or off.
