Outlook’s new phishing filters

I installed Office 2003 Service Pack 2 and the latest junk e-mail filters for Outlook. The process was painless. And the anti-phishing features are interesting.

Details about bug fixes are in this KB article. After a five-minute search I can’t find any documentation of how the new anti-phishing features work. But these are my observations:

  • All messages that appear to be phishing attempts are moved to the Junk E-mail folder.
  • All HTML-formatted messages in the Junk E-mail folder are displayed in plain text. This is a crucial change, because it denies the scammer the opportunity to steal the look and feel of a legitimate site. Even if the scammer tries to steal a site’s graphic, the effort is in vain, because all you see is a link to the graphic.
  • Links are broken up into the link text and the link target, which appears in brackets. As this screen snippet shows, it’s pretty easy to spot the phony links. As a bonus, the link text is not clickable. You have to copy the URL and paste it into a browser’s Address bar to actually visit the site.

Phishing attempt in Outlook 2003

The forced conversion to plain text also renders a lot of spam unreadable, which is good. So-called online drugstores that try to disguise their content by burying the message text in a bunch of pseudo HTML just turn into so much gibberish.

What if the junk/phishing filters catch a legitimate message by mistake? No problem. Drag it back into the Inbox or any other folder and it’s displayed in its original format, complete with clickable links.

This is a simple but very effective fix. If you use Outlook 2003, go get it!

Update: Thanks to Rick in the comments for finding this link to Microsoft’s brand-new Help topic: Block or unblock links in suspicious phishing messages. In addition to the features I noted above, there’s a new link-blocking behavior that applies to messages that contain suspicious links but aren’t moved to the Junk E-mail folder. Here’s a screen from the Help topic:

Outlook 2003 blocks suspicious links

Unlike the spam filtering, this classification isn’t retroactive; it applies only to new messages as they’re received. So I won’t be able to see it in action (and show it to you) until I receive a new, suspicious phishing attempt that doesn’t get classified as spam. We’ll see how long that takes.

6 thoughts on “Outlook’s new phishing filters

  1. Pingback: OpsanBlog
  2. I installed the update. Since then, two blatant phishing emails have landed in my Inbox. One for eBay, one for PayPal. I’m not too impressed with the filter update. Does not seem to have improved over the pre-update install functionality on my system.

  3. So does this feature only work when in cached exchange mode like the junk email filter? I’m thinking of the corporate exchange clients I support and how this will affect them. Guess we’ll have to wait till MS decides we should know about what they’ve installed on our computers, we are really just renting their OS anyway, right?

Comments are closed.