Update on IE7 and MSN/Windows Live Toolbar's Phishing Filter statistics

Microsoft's Phishing Filter is proving to be quite a success, thanks not only to all of the IE7 and MSN/Windows Live Toolbar users who are actively reporting phishing sites, but also thanks to data sharing between MS and third party data sources.

Recently MS have been adding up to 17,000 URLS a month to its Phishing Filter service.  This figure is sure to continue to grow as more people use IE7 and MS adds new data provider partners. 

From February to Mid Aug 2006 the Phishing Filter helped block over 800,000 instances of people trying to access reported phishing websites using IE7 or MSN/Windows Live Toolbar.  This figure includes almost 500,000 blocks since IE7 Beta 2 was released.

Finally, IE7 users are reporting up to 4,500 potential phishing sites per week.

The Anti-Phishing Working Group reported 12,000 new unique (base URL) phishing sites just during the month of May.  It also reported 215 unique variants of phishing based trojans or keyloggers, hosted on 2,100 unique (base URL) phishing sites.

The fact that keyloggers and trojans are becoming more prevalant on phishing sites shows why it is so very important that users don't go anywhere near phishing sites, even if they have absolutely no intention of handing over their personal information, and why services such as Microsoft's Phishing Filter are providing such an important service.  It is no longer enough to simply warn somebody about the domain they are on (eg, services such as provides by Spoofstick).

On a related note, Ed Bott checked out Firefox's phishing filter, and the results were not that good (http://www.edbott.com/weblog/?p=1419).  Ed says:

"Normally I just delete those phishing messages, but lately I’ve been clicking on every single one to see what happens. Surprisingly, IE7 has nailed one fake site after another. I haven’t kept detailed records, but the hit rate has been nearly 100%.

I’ve only begun using the Firefox beta in the past few days, so I have only a small sample size to work with. But so far it has missed every one of four phishing sites I’ve pointed it to, each of which has been detected by IE7. I’ve tried monkeying with the settings for the anti-phishing option in FF2, with no luck, and I’ve repeated the installation on a separate computer with identical results. (Both computers were running stock installations of Windows XP.)"

Ed also has an excellent Image Gallery comparing IE7 and Firefox's various security features. 

I have one important question.  Does the Firefox phishing filter block access to known phishing sites, or does it only warn you after the page loads?  If the latter, the service is simply not sufficient protection, considering the increasing prevalence of keyloggers and trojans hosted on phishing sites.

I also note that Firefox gives you the option of using a downloadable "regularly updated" blacklist of bad sites or a dynamic checking service via Google.  Frankly, I would not use the downloadable list.  Phishing sites appear and disappear so quickly that a downloaded blacklist that must be updated, simply isn't sufficient.