• PC World
• »Security

Microsoft today released a pair of add-ins to its MSN Search Toolbar with Windows Desktop Search, including one that detects Web sites that cybercriminals may be using to carry out phishing scams, according to an official from the Redmond, Washington, software vendor.

Microsoft announced last week that it planned to release an antiphishing add-in for this free Internet Explorer toolbar, but it didn't say when the download would make it available.

The Microsoft Phishing Filter Add-in is available here, as is a second add-in designed for gaming enthusiasts, Justin Osmer, an MSN product manager, said in an interview.

Phishing is a fraudulent practice in which scammers dress up e-mail messages to make them look as though they had come from a legitimate organization, such as an online store or a bank. The phishing e-mail message tries to lure users into linking to a fraudulent Web site that resembles the real one from the legitimate organization mentioned in the message. The idea is to get users to enter sensitive information--such as passwords, account numbers, or U.S. Social Security numbers--at the phony Web site, in order to steal the users' identities.

Microsoft's antiphishing add-in is in beta test form. It is based on the same technology that the upcoming Internet Explorer 7 browser will use for antiphishing. Releasing this add-in before IE 7 becomes generally available will extend the protection to users of IE 6 in the meantime, Osmer said. IE 7 is currently in a limited beta test period and thus is available to a relatively small number of users.

"We want to help customers be more aware of where they are landing online and steer clear of this phishing phenomenon out there, which unfortunately continues to grow," Osmer said.

Warnings Flash

"If the add-in suspects that the Web site a user is visiting is a phishing site, it flashes a bright yellow bar under the toolbar with a message warning that the site is suspicious and that the user should proceed with caution, Osmer said. The add-in determines whether a site is suspicious by analyzing various site characteristics to see if they match those commonly found on phishing sites, he said.

If the add-in's analysis concludes that the visited site is set up for phishing, it will flash a bright red bar under the toolbar with a message saying that, for to protect the user, it has blocked the user's ability to enter personal information on the site. For this purpose, the add-in checks a list compiled and constantly updated by Microsoft of sites verified to have been used for phishing, Osmer said. In these cases, the add-in also disables a toolbar feature that automatically fills in the user's information on online forms, he said. Users can override the blockage if they want, he said.

The add-in also has buttons that users can click to report to Microsoft any Web sites they suspect of being used for phishing, or to inform Microsoft that a Web site the add-in flags as suspicious may in fact be legitimate, Osmer said.

The Microsoft Phishing Filter Add-in will initially work on IE 6 running on Windows XP SP2, a spokesperson for Microsoft said. The company's goal is to expand the offering to other versions in the future "as we continue in the beta testing and gathering consumer feedback," she said via e-mail.

Meanwhile, the Games Add-in provides direct access from the toolbar to popular games from the gaming section of the MSN.com portal, and it links users to that MSN.com section, Osmer said.