Share via


Event 1035 - Anti-Phishing

  • Logged Message
  • What Is It?
  • When Is This Event Logged?
  • Example
  • Remediation
  • Related topics

Logged Message

The Microsoft Phishing Filter compares the addresses of websites that a user attempts to visit to a list of reported and confirmed phishing sites (fraudulent sites used to gather sensitive information from unsuspecting users). The Phishing Filter also analyzes sites for characteristics common to phishing sites and, if the user allows it, sends the addresses of visited sites to Microsoft to be verified against a frequently updated list of confirmed phishing sites. If you find that your website is flagged incorrectly as a phishing site, you can report the problem from the Tools menu.

What Is It?

Phishing is one of the fastest growing threats on the Internet, with the number of Internet sites having increased over 400 percent in the last year. Microsoft is committed to protecting Internet users worldwide from becoming victims of phishing scams by promoting valuable consumer education, industry collaboration, legislation, enforcement, and technology innovation.

Phishing (pronounced "fishing") is a way to trick computer users into revealing personal or financial information through an e-mail message or a website. A common phishing scam starts with an e-mail message that looks like an official notice from a trusted or reputable source, such as a bank, a credit card company, or an online merchant. In the e-mail message, recipients are directed to a fraudulent website where they are asked to provide personal information, such as an account number or password.

How the Phishing Filter Works

The Phishing Filter works by comparing the addresses of websites that a user attempts to visit to the list of reported and confirmed phishing sites, stored on the end user's computer. The Phishing Filter also analyzes sites for characteristics common to phishing sites, and, if the user enables it, sends the addresses of visited sites to Microsoft to be verified against a frequently updated list of confirmed phishing sites.

When Is This Event Logged?

This event is logged when Windows Internet Explorer detects a suspicious website.

Example

Perform the following steps to see this event logged in the compatibility tool:

  • Enter the following into the Address bar:

    http://207.68.169.170/contoso/enroll_auth.html

    Note  This is a test site for demonstrating the anti-phishing features of Internet Explorer. Do not enter any information into the page.

     

The Address bar turns red and a warning message is displayed, as shown in the following screen shot.

When this warning is displayed, the Anti-Phishing filter event is logged by Internet Explorer.

Remediation

The Phishing Filter works with Windows Internet Explorer 8 to provide feedback on whether a website is a known or potential phishing threat.

  • Blocked Website - Reputable sources have confirmed that the website is a known phishing website.
  • Suspicious Website - Reputable sources have not yet confirmed that the website is fraudulent, but the site has characteristics that indicate it is a phishing site. The user must proceed with caution.

False URL Warnings and Dispute Submission

The following sections discuss the reasons for which the Phishing Filter might flag a URL, guidelines to prevent false URL warnings, and the process by which you can dispute a false warning.

Microsoft recommends the following best practices to help prevent Phishing Filter flagging.

  • If you intend to ask users for personal information, you must use Secure Sockets Layer (SSL) certification.
  • Verify that your website is secure from outside attacks by maintaining updated firewalls and installing all required security updates. Additionally, verify that your virus detection software is current and your server is virus-free.
  • Verify that you are free from cross-site scripting attacks. For more information on this security issue, see Cross-Site Scripting (Wikipedia), The Cross Site Scripting (XSS) FAQ.
  • Verify the reliability of your external or third-party hosted content. Also verify that the content is secure and from a known or trusted source.
  • Use a reputable domain name and avoid using an IP address. For example, URLs for sites hosted on the Microsoft domain must read Microsoft.com instead of 207.46.19.30.
  • Verify that you and your users are running the most recent version of Internet Explorer 8.

Additional Resources

Refer to the following websites for more information about anti-phishing and the Microsoft Phishing Filter:

Internet Explorer Application Compatibility

Events 1030 through 1037