Microsoft plays 'Detective' to determine phishing frequency

Microsoft has been collecting data on phishing through its Windows Live Toolbar.

Microsoft's research arm has been quietly collecting data through an add-on service to its Windows Live Toolbar to determine how often Web users actually fall prey to phishing attacks.

The company released findings of and methods used in that research Thursday in a presentation at the Anti-Phishing Work Group (APWG) E-Crimes Summit in Pittsburgh.

Over a three-month time period last year, Microsoft Research tracked password reuse among more than 500,000 Web users who downloaded the Phish Detective, part of the Windows Live OneCare Advisor package for the Windows Live Toolbar, in an attempt to determine how many users with the service were falling prey to phishing attacks, said Cormac Herley, a researcher at Microsoft Research. He presented findings of a paper about the research he co-wrote with fellow Microsoft researcher Dinei Florencio.

The research found that about 0.4 percent of Web users per year give up information to phishing sites, though it is not clear how much money is being lost in those attacks, he said.

In an interview following his presentation, Herley said the challenge researchers have when determining how often phishing occurs is that compared to the number of people that use e-mail and surf the Web safely, phishing is a rare occurrence.

"The problem with phishing is it's easy to get an accurate estimate of people who are going to vote one way or the other, but when you're trying to estimate something that's rare it gets hard," he said.

Tracking password reuse between sites is a logical way to try to determine phishing attacks because it mimics what happens when a user falls into a phishing trap, Herley said. When users are successfully phished, they will sign into a phishing site with the typical user name and password they would use if they actually were on the site being faked -- for example, a Bank of America site. A phisher would immediately reuse that information to sign in to the actual banking site to gain access to the users account.

Phish Detective sends URL information to servers at Microsoft when users with Phish Detective use the same password to sign in at two different sites. Some of these sites are legitimate instances of reuse -- many Web users have the same password for more than one Web site they commonly visit. However, some are not, and this is the activity used to detect phishing, Herley said.

It was easy to track which re-use seemed legitimate -- for example, when a user would sign in with the same password at eBay Inc. and then sign in to a Yahoo Mail account, Herley said. It was also fairly simple to determine when a password was being reused at a likely phishing site because the password would be used at a "site you've never heard of before," he said.

Microsoft took great pains to ensure it is not violating users' privacy by collecting data through Phish Detective, Herley said. The company does not extract specific user or password information through the tool; it only tracks instances of password reuse and logs URL information. Microsoft also had the tool audited by a third party to maintain privacy standards.

Herley declined to comment on if Microsoft would expand its use of Phish Detective to other products, such as Internet Explorer (IE), which also has anti-phishing capabilities. IE 7, the browser's current version, includes an anti-phishing filter that sends information about phishing sites to Microsoft. IE 8 is due out in late 2008 or early 2009, according to Microsoft's current schedule for the product.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?