Microsoft plays 'Detective' to determine phishing frequency

Microsoft has been collecting data on phishing through its Windows Live Toolbar.

Microsoft's research arm has been quietly collecting data through an add-on service to its Windows Live Toolbar to determine how often Web users actually fall prey to phishing attacks.

The company released findings of and methods used in that research Thursday in a presentation at the Anti-Phishing Work Group (APWG) E-Crimes Summit in Pittsburgh.

Over a three-month time period last year, Microsoft Research tracked password reuse among more than 500,000 Web users who downloaded the Phish Detective, part of the Windows Live OneCare Advisor package for the Windows Live Toolbar, in an attempt to determine how many users with the service were falling prey to phishing attacks, said Cormac Herley, a researcher at Microsoft Research. He presented findings of a paper about the research he co-wrote with fellow Microsoft researcher Dinei Florencio.

The research found that about 0.4 percent of Web users per year give up information to phishing sites, though it is not clear how much money is being lost in those attacks, he said.

In an interview following his presentation, Herley said the challenge researchers have when determining how often phishing occurs is that compared to the number of people that use e-mail and surf the Web safely, phishing is a rare occurrence.

"The problem with phishing is it's easy to get an accurate estimate of people who are going to vote one way or the other, but when you're trying to estimate something that's rare it gets hard," he said.

Tracking password reuse between sites is a logical way to try to determine phishing attacks because it mimics what happens when a user falls into a phishing trap, Herley said. When users are successfully phished, they will sign into a phishing site with the typical user name and password they would use if they actually were on the site being faked -- for example, a Bank of America site. A phisher would immediately reuse that information to sign in to the actual banking site to gain access to the users account.

Phish Detective sends URL information to servers at Microsoft when users with Phish Detective use the same password to sign in at two different sites. Some of these sites are legitimate instances of reuse -- many Web users have the same password for more than one Web site they commonly visit. However, some are not, and this is the activity used to detect phishing, Herley said.

It was easy to track which re-use seemed legitimate -- for example, when a user would sign in with the same password at eBay Inc. and then sign in to a Yahoo Mail account, Herley said. It was also fairly simple to determine when a password was being reused at a likely phishing site because the password would be used at a "site you've never heard of before," he said.

Microsoft took great pains to ensure it is not violating users' privacy by collecting data through Phish Detective, Herley said. The company does not extract specific user or password information through the tool; it only tracks instances of password reuse and logs URL information. Microsoft also had the tool audited by a third party to maintain privacy standards.

Herley declined to comment on if Microsoft would expand its use of Phish Detective to other products, such as Internet Explorer (IE), which also has anti-phishing capabilities. IE 7, the browser's current version, includes an anti-phishing filter that sends information about phishing sites to Microsoft. IE 8 is due out in late 2008 or early 2009, according to Microsoft's current schedule for the product.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?