Bookmark page
Printable version
Course updates
How Office 2007 Protects You From Phishing
Next article
Previous article
Back to article list
Back to Microsoft Office articles
Wed 23rd September 2009
Many of us have been victims of Phishing - a technique used by criminals in an online situation which results in you disclosing your personal information. I remember receiving an online reminder message from what I understood to be a legitimate source requesting that I update my bank details. I started to key in my personal information including my bank account number, (not even questioning why my bank did not have this information), sort code and was just about to divulge my password, when I became frustrated with the effort. I abandoned the rest of the request, but not because I was being vigilant. The reason I did not disclose any more confidential information was due to my impatience at having to supply information I thought was obvious. It wasn't until a few days later I realised I had - nearly - been the victim of a phishing scam.
There are many fraudulent email and web site scams that do mimic trusted brands. The purpose of these spoofed messages is to trick you into providing personally identifiable information: Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.
Unfortunately, as phishing attacks become more sophisticated, it is difficult to tell whether an e-mail message or web site is fraudulent. That is why phishing schemes are so prevalent and successful for criminals. For example, many phony e-mail messages and web sites link to real company logos of well-known brands, so they look legitimate.
Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking they are visiting a familiar web site. Special software is needed to detect these kinds of spoofed domain names in web addresses.
However, this doesn't mean that the time has come to disconnect from the internet. By default, the 2007 Office release displays security alerts in some of the following situations:
For example, when you have a document open and you click a link to a web site with an address that has a potentially spoofed domain name; or if you open a file from a web site with an address that has a potentially spoofed domain name then Word rings alarm bells.
And by default, Microsoft Office Outlook 2007 does the following to a suspicious message:
If the Junk E-mail Filter considers the message to be both spam and phishing, the message is automatically sent to the Junk E-mail folder. Any message sent to the Junk E-mail folder is converted to plain text format and all links are disabled. In addition, the Reply and Reply All functionality is disabled. The Info Bar alerts you to this change in functionality.
There are obviously steps you can take to protect your personal information from being the victim of a Phishing crime:
Do not divulge personal information in an email message. Most businesses do not ask for personal information by email. Don't feel pressurised in replying to a request urgently. Phishing fraudsters will try to create a sense of urgency so that you immediately respond without thinking.
Many phishing schemes ask you to open attachments, which can then infect your computer with a virus or spyware. Spyware can record the keystrokes that you use to log into your personal online accounts. To help protect your computer, Outlook 2007 automatically blocks certain attachment file types that can spread viruses. If Outlook detects a suspicious message, attachments of any file type in the message are blocked.
And beware of homographs. A homograph is a word with the same spelling as another word but with a different meaning. In computers, a homograph attack is a web address that looks like a familiar web address but has been subtly actually altered. The purpose of spoofed web links that are used in phishing schemes is to deceive you into clicking the link. For example, www.microsoft.com could appear instead as www.micosoft.com.
In more sophisticated homograph attacks, the web address looks exactly like that of a legitimate web site. This occurs when the domain name was created by using alphabet characters from different languages, not just English.
Office 2007 goes a long way to offering protection to Phishing attacks, but it's wise to be alert and question any messages from unknown sources or requests to disclose any personal information.
There are many fraudulent email and web site scams that do mimic trusted brands. The purpose of these spoofed messages is to trick you into providing personally identifiable information: Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.
Unfortunately, as phishing attacks become more sophisticated, it is difficult to tell whether an e-mail message or web site is fraudulent. That is why phishing schemes are so prevalent and successful for criminals. For example, many phony e-mail messages and web sites link to real company logos of well-known brands, so they look legitimate.
Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking they are visiting a familiar web site. Special software is needed to detect these kinds of spoofed domain names in web addresses.
However, this doesn't mean that the time has come to disconnect from the internet. By default, the 2007 Office release displays security alerts in some of the following situations:
For example, when you have a document open and you click a link to a web site with an address that has a potentially spoofed domain name; or if you open a file from a web site with an address that has a potentially spoofed domain name then Word rings alarm bells.
And by default, Microsoft Office Outlook 2007 does the following to a suspicious message:
If the Junk E-mail Filter considers the message to be both spam and phishing, the message is automatically sent to the Junk E-mail folder. Any message sent to the Junk E-mail folder is converted to plain text format and all links are disabled. In addition, the Reply and Reply All functionality is disabled. The Info Bar alerts you to this change in functionality.
There are obviously steps you can take to protect your personal information from being the victim of a Phishing crime:
Do not divulge personal information in an email message. Most businesses do not ask for personal information by email. Don't feel pressurised in replying to a request urgently. Phishing fraudsters will try to create a sense of urgency so that you immediately respond without thinking.
Many phishing schemes ask you to open attachments, which can then infect your computer with a virus or spyware. Spyware can record the keystrokes that you use to log into your personal online accounts. To help protect your computer, Outlook 2007 automatically blocks certain attachment file types that can spread viruses. If Outlook detects a suspicious message, attachments of any file type in the message are blocked.
And beware of homographs. A homograph is a word with the same spelling as another word but with a different meaning. In computers, a homograph attack is a web address that looks like a familiar web address but has been subtly actually altered. The purpose of spoofed web links that are used in phishing schemes is to deceive you into clicking the link. For example, www.microsoft.com could appear instead as www.micosoft.com.
In more sophisticated homograph attacks, the web address looks exactly like that of a legitimate web site. This occurs when the domain name was created by using alphabet characters from different languages, not just English.
Office 2007 goes a long way to offering protection to Phishing attacks, but it's wise to be alert and question any messages from unknown sources or requests to disclose any personal information.
Author is a freelance copywriter. For more information on microsoft office courses, please visit http://www.microsofttraining.net
Original article appears here:
http://www.microsofttraining.net/article-597-how-office-2007-protects-you-from-phishing.html
Distribution notes
PUBLICATION GUIDELINES