Microsoft: Phishing is not very successful

Through an additional service integrated in Windows Live Toolbar, Microsoft's research department has quietly collected data over time to find out why web users are vulnerable to online fraud. (phishing).

The results of the study were officially presented at the e-Crime Summit organized by the Online Anti-Phishing Organization (APWG) in Pittsburgh last weekend.

Within a three-month period, Microsoft Research closely monitored the reuse of passwords among the 500,000 web users who downloaded the Phish Detective service built into the Windows Live OneCare package for the Windows Live Toolbar. This service helped Microsoft count the number of service users who became victims of phishing attacks.

Research results show that on average, only about 0.4% of web users are cheated to provide content for phishing sites each year. Microsoft does not calculate the amount of money lost, said Cormac Herley, a research specialist at Microsoft Research.

Picture 1 of Microsoft: Phishing is not very successful Herley said that the challenge for researchers is to make a judgment about the frequency of online phishing attacks compared to the number of web users who use email and web surfing methods. all. According to them, the level of attack is not high.

Tracking password reuse is an effective and affordable solution to assess how online phishing attacks are similar to phishing attacks. When a user is deceived they will log into a phishing website with a real name and password. Scammers get that information to log into the real website to get their money.

Phish Detetive sends information about websites where users have used the same password that was used to log into another website about Microsoft servers. Some websites are completely legal but some are not. For example, there are users who use the same password for Yahoo Mail and eBay.

But Mr Herley declined to say whether Microsoft will have Phish Detective applications in other products, for example Internet Explorer 7, which comes with online phishing protection or in IE 8 release sometime in late 2008. or early in 2009 here.

Hoang Dung