Configuring IE7 security: The Phishing filter

This portion of the step-by-step guide on configuring IE7 security on Vista discusses the phishing filter.

The phishing filter feature is receiving a lot of press. When you visit a Web site with IE7, the browser compares the site's URL against a list of Web sites that are known to be legitimate. If the Web site does not appear to be legitimate, then the URL is compared against a list of known phishing sites. If the URL matches a known phishing site, then the filter displays a warning message telling the user that the site is a reported phishing Web site and it recommends closing the page.

If a page does not appear on the list of sites known to be legitimate, but it does not appear on the list of phishing sites either, then the filter will use heuristics to determine whether or not the site has characteristics common to phishing sites. If it does, then the filter will display a warning message indicating that the site could potentially be a phishing site; it will also give you a chance to report the site to Microsoft for inclusion in its list of phishing sites.

The first time you use Internet Explorer 7, it asks if you want to use the phishing filter. You can also manually enable or disable the filter through the Advanced tab of the Internet Options properties sheet, as shown in Figure B.

Figure B: Use the Advanced tab of the Internet Options properties sheet to manually enable or disable the phishing filter.

Configuring IE7 security on Windows Vista

  General security configuration
 The Phishing filter
 International domain names, URL handling
 ActiveX, Information bar, cross-domain protection
 Security features on the Windows Vista version of IE7

Brien Posey

About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

This tip originally appeared on

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.