Phishing Filter: frequently asked questions

Online phishing (pronounced like the word fishing) is a way to trick computer users into revealing personal or financial information through an e‑mail message or website. A common online phishing scam starts with an e‑mail message that looks like an official notice from a trusted source, such as a bank, credit card company, or reputable online merchant. In the e‑mail message, recipients are directed to a fraudulent website where they are asked to provide personal information, such as an account number or password. This information is then usually used for identity theft.

The Microsoft Phishing Filter is a feature in Internet Explorer that helps detect phishing websites. Phishing Filter runs in the background while you browse the web and uses three methods to help protect you from phishing scams. First, it compares the addresses of websites you visit against a list of sites reported to Microsoft as legitimate. This list is stored on your computer. Second, it helps analyze the sites you visit to see if they have the characteristics common to a phishing website. Third, with your consent, Phishing Filter sends some website addresses to Microsoft to be further checked against a frequently updated list of reported phishing websites.

If the site you are visiting is on the list of reported phishing websites, Internet Explorer will display a warning webpage and a notification on the Address bar. From the warning webpage, you can continue or close the page. If the website contains characteristics common to a phishing site but isn't on the list, Internet Explorer will only notify you in the Address bar that it might possibly be a phishing website. Use of Phishing Filter is governed by the Microsoft Service Agreement. For more information, read the Microsoft Service Agreement online.

When you use Phishing Filter to check websites automatically or manually, the address of the website you are visiting will be sent to Microsoft, together with some standard information from your computer such as your computer's IP address, browser type, and Phishing Filter version number. To help protect your privacy, the address information sent to Microsoft is encrypted using SSL and limited to the domain and path of the website you are visiting. Other information that might be associated with the web address, such as search terms, information you entered in forms, or cookies, will not be sent.

For example, if you visited the MSN search website at http://search.msn.com and entered "MySecret" as the search term, instead of sending the full address "http://search.msn.com/results.aspx?q=MySecret&FORM=QBHP", Phishing Filter would remove the search term and only send "http://search.msn.com/results.aspx".

Anonymous statistics about your use of Internet Explorer and Phishing Filter will also be sent to Microsoft, such as the time and total number of websites browsed since an address was sent to Microsoft for analysis. This information, along with the information described above, will be used to analyze and improve the Phishing Filter service. Microsoft will not use the information it receives to personally identify you. For more information about what information is sent and how it is used, see the Internet Explorer privacy statement.

No. When you first install Internet Explorer, Phishing Filter only compares the addresses of the websites you visit against the list of legitimate websites that is saved on your computer. It also helps analyze the websites you visit to see if they have the characteristics common to a phishing website. No information is sent to Microsoft unless you choose to send it. The first time you visit a website that is not on the legitimate website list, you will be prompted to indicate whether you want to check websites automatically. If you choose this option, Phishing Filter will send certain website addresses to Microsoft to be checked against a frequently updated list of reported phishing sites and alert you about suspicious or reported phishing websites.

A website that is flagged as suspicious has some of the characteristics typical of phishing websites, and it is neither on the list of legitimate websites that is stored on your computer nor on the online list of reported phishing websites. The website might actually be legitimate, but you should not submit any personal or financial information to it unless you are certain that the site is trustworthy. When a website is flagged suspicious, the Internet Explorer Address bar will turn yellow and will display a message.

A reported phishing website is one that has been identified as fraudulent and reported to Microsoft. If you visit a reported phishing website, Internet Explorer will block the site, display an information page, and the Address bar will turn red.

If you believe that a website has been mistakenly flagged as a phishing site, do the following:

No. Phishing Filter uses reputable information to alert you to phishing and fraudulent websites. In addition, website owners can contact Microsoft if their websites are mistakenly flagged as a phishing site. If a website tells you to ignore Phishing Filter's warnings, do not ignore the warnings and do not enter any personal or financial information.

Phishing Filter only blocks sites that have been verified as phishing sites by reviewers at Microsoft or by employees at third-party data providers. Phishing Filter also offers a web-based feedback system to help users and website owners report any errors as quickly as possible. These reports are verified and mistakes are corrected.

Yes, corporate computer administrators and individual users can add websites to their list of trusted sites, and then turn Phishing Filter off for all websites in the Trusted Sites security zone.

When the Phishing Filter service is not available, websites you visit during that time cannot be checked against an online list of phishing websites that have been reported to Microsoft. The service is unavailable if your computer loses its Internet connection. Make sure you are connected to the Internet and try again. If you are connected to the Internet but you haven't updated Internet Explorer recently, you might have an older version that is no longer supported by the Phishing Filter service. To check for updates, click the Tools button, and then click Windows Update or download the latest version from the Internet Explorer 7 webpage.

Here are some quick tips that might help protect you from online phishing:

• Never give out personal information in an e‑mail, instant message, or pop-up window.

• Do not click links in e‑mail and instant messages from strangers or any link that looks suspicious. Because even messages from friends and family can be faked, check with the sender to be sure they actually sent the message.

• Only use websites that provide privacy statements or information about how they use your personal information.

• Routinely review your financial statements and credit history and report any suspicious activity.

• Keep Windows and Internet Explorer updated. For more information, see Get security updates for Windows.

Immediately doing the following might help:

• Change the passwords or PINs on all your online accounts.

• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.

• Contact the bank or the online merchant directly. Do not follow the link in the fraudulent e‑mail.

• If you know of any accounts that were accessed or opened fraudulently, close those accounts.

Immediately doing the following might help:

• File a report with the local police.

• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.

• Change the passwords or PINs on all your online accounts.

• Contact the bank or the online merchant directly. Do not follow the link in the fraudulent e‑mail.

• If you know of any accounts that were accessed or opened fraudulently, close those accounts.