A Suspicious E-Mail Alert
Unless told to no longer display the message (via the Please do not show me this dialog again checkbox), Windows Mail will display this alert at every instance of suspicious mail. If the user chooses the default option (Close), he is redirected to the Junk E-mail folder where the suspect message is awaiting review.
The Junk E-Mail Folder Populated with a Suspicious Message
At this point, the user can fully view the suspect message and give it a not Junk status. If the Phishing Filter confirms that a message is malicious, it behaves slightly differently. First, it does not move the message to the Junk E-mail folder. Second, it displays it in the Inbox with a red header/banner that provides the user with a very clear warning that the link or sender is known for phishing (see Figure 8.16). The message header information is set to a bold red font and the now familiar Security Shield (first introduced in Windows XP) is appended to the message displayed in the Inbox.
Notification of a Confirmed Phishing Threat
Lastly, Windows Mail removes all images and hyperlinks, further shielding the user who chooses to investigate the e-mail from the dangers of accidental enabling or browsing. Although this may initially seem somewhat restrictive, consider that many unwise users may not be up-to-date on matters such as antivirus, leaving them very vulnerable to the threats brought about by accidentally launching a Web site.
It is only a matter of time before a Windows Mail user receives a message that contains a link to a Web site that is fraudulent and wonders why the great and powerful Phishing Filter has not caught it. The answer has less to do with a deficiency in Microsoft code and more to do with todays electronic culture.
At the time of this writing, Microsoft has averaged an addition of 17,000 URLs per month to the Phishing Filter service. These are updates provided by the users of Hotmail and Live Mail who sent suspicious URLs to Microsoft for research. Since the release of Internet Explorer 7, users of the program have reported close to 4,500 potential phishing sites per week. Needless to say, the rate at which new scams and forms of spam are released into the Internet is truly staggering, and there are simply no applications that can boast 100 percent effectiveness at providing security and detection.
To ensure that the Phishing Filter can continue to provide you with accurate information, you have the option to report suspicious Web sites to Microsoft. This feature, however, is not on by default, and you must configure it from within Internet Explorer. In fact, to ensure that your Phishing Filter is checking more than just the local copy of the Microsoft blacklist, you need to enable the full functionality of the feature. To do this, simply go to Internet Explorer and choose Tools | Phishing Filter.