Photographs courtesy of Toby Watt - lawyer, friend and photographer extraordinaire...


Welcome to IE-Vista

Dedicated to providing advice and support to users of IE7 and IE8


Phishing Filter

Over the past few years, phishing has become a major problem for user and businesses alike. 

Organisations such as  have been set up to try and fight the problem, toolbars have been designed to help protect users and even anti-virus companies have joined the fight.

Internet Explorer is also working to help the fight against these scammers by adding a Phishing Filter to Internet Explorer 7.


How does the Phishing Filter work?

The Phishing Filter is off by default; that is, it does not transmit any data to Microsoft and will only check visited Web sites against locally stored data until the user decides to turn the Filter on.

The locally stored data is a list of 'safe sites' that is downloaded and installed by Internet Explorer 7.

When you visit a Web site, IE7 first checks the local 'safe list'.  If the URL is there or it appears in the local cache, things will go no further.

If, on the other hand, the site is not in those lists then the users must opt in to use the Phishing Filter.  If the user decides to enable the Phishing Filter, IE will *then* transmit details of the URL being visited for checking.  Also, from that time on, IE7 will maintain a dynamic cache of sites that have already been checking by the Phishing Filter for a certain period of time.

Personally identifiable information such as search terms are stripped from the URL before being sent to MS, and the information is sent encrypted via SSL.  Internet Explorer 7 uses the traditional query strings to decide what to strip from a URL.

Internet Explorer 7 introduces a new notification area called the Security Status Bar.  If a web site is a known phishing site the Address Bar turns red, and the Security Status Bar will appear.

Click on Report that this is not a phishing website to dispute the phishing filter assessment.

If a web site is a suspected phishing site, the Address Bar turns yellow, and the Security Status Bar will appear.

Click on Report whether or not this is a phishing website to report, or dispute, the phishing filter assessment.

High trust, legitimate sites will display a green Address Bar.

Whenever the Phishing Filter is active, an animated icon appears in the Internet Explorer Status Bar


The Phishing Filter can be turned off at any time via Internet Explorer's Advanced settings tab.

The Phishing filter can also be enabled or disabled for a security zone (that is, Internet Zone, Local Intranet Zone, Restricted Zone or Trusted Sites Zone)

The Phishing Filter works in real time - it is not like an antivirus program which downloads and stores a detection list of bad guys. 

A check of the latest stats at (Nov 04 - Nov 05) shows that most phishing sites survive for an average of 5.5 days before disappearing - some last longer, some disappear quickly. 

In such a rapidly changing environment a static list is not the best way to protect users. We need something that always up-to-date and not dependent on downloaded reference files - hence the decision to use a live check.

Note: I've been watching the reaction time of the phishing filter by comparing its scan results to reports received via Castlecops "Fried Phish" service.  If the sites are not already blocked by the time a Fried Phish report is received in my inbox, they are certain blocked within hours.. very impressive.

Finally, Microsoft is making it as difficult as possible for anybody to rort the reporting system by using CAPTCHA (completely automated public turing test) (yes, I know, I've got the wrong text in the Character field) ;o)