Microsoft plays 'Detective' to determine phishing frequency

Microsoft has been collecting data on phishing through its Windows Live Toolbar.

Microsoft's research arm has been quietly collecting data through an add-on service to its Windows Live Toolbar to determine how often Web users actually fall prey to phishing attacks.

The company released findings of and methods used in that research Thursday in a presentation at the Anti-Phishing Work Group (APWG) E-Crimes Summit in Pittsburgh.

Over a three-month time period last year, Microsoft Research tracked password reuse among more than 500,000 Web users who downloaded the Phish Detective, part of the Windows Live OneCare Advisor package for the Windows Live Toolbar, in an attempt to determine how many users with the service were falling prey to phishing attacks, said Cormac Herley, a researcher at Microsoft Research. He presented findings of a paper about the research he co-wrote with fellow Microsoft researcher Dinei Florencio.

The research found that about 0.4 percent of Web users per year give up information to phishing sites, though it is not clear how much money is being lost in those attacks, he said.

In an interview following his presentation, Herley said the challenge researchers have when determining how often phishing occurs is that compared to the number of people that use e-mail and surf the Web safely, phishing is a rare occurrence.

"The problem with phishing is it's easy to get an accurate estimate of people who are going to vote one way or the other, but when you're trying to estimate something that's rare it gets hard," he said.

Tracking password reuse between sites is a logical way to try to determine phishing attacks because it mimics what happens when a user falls into a phishing trap, Herley said. When users are successfully phished, they will sign into a phishing site with the typical user name and password they would use if they actually were on the site being faked -- for example, a Bank of America site. A phisher would immediately reuse that information to sign in to the actual banking site to gain access to the users account.

Phish Detective sends URL information to servers at Microsoft when users with Phish Detective use the same password to sign in at two different sites. Some of these sites are legitimate instances of reuse -- many Web users have the same password for more than one Web site they commonly visit. However, some are not, and this is the activity used to detect phishing, Herley said.

It was easy to track which re-use seemed legitimate -- for example, when a user would sign in with the same password at eBay Inc. and then sign in to a Yahoo Mail account, Herley said. It was also fairly simple to determine when a password was being reused at a likely phishing site because the password would be used at a "site you've never heard of before," he said.

Microsoft took great pains to ensure it is not violating users' privacy by collecting data through Phish Detective, Herley said. The company does not extract specific user or password information through the tool; it only tracks instances of password reuse and logs URL information. Microsoft also had the tool audited by a third party to maintain privacy standards.

Herley declined to comment on if Microsoft would expand its use of Phish Detective to other products, such as Internet Explorer (IE), which also has anti-phishing capabilities. IE 7, the browser's current version, includes an anti-phishing filter that sends information about phishing sites to Microsoft. IE 8 is due out in late 2008 or early 2009, according to Microsoft's current schedule for the product.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?