What is an Anti-Phishing Filter?

Phishing refers to a group of illegal activities in which the intention is to steal valuable information from a person in order to get money, access, or power, or to commit identity theft. The name, a purposeful misspelling of fishing, comes from the use of a lure or bait to gain the information. It is often done using impersonation, and in that case may also be known as spoofing. Phishing can be done through email or websites, or employing telephone calls. A software program or feature of a software program that attempts to block phishing activities is referred to either as a phishing filter or an anti-phishing filter, with an identical meaning.

There are four main ways that anti-phishing filter software can be deployed. First, several — but not all — web browsers have integrated an anti-phishing filter into the browser itself. Second, at least one brand of security software has integrated an anti-phishing filter into its anti-virus program and its Internet security software. Third, there is anti-phishing software available from at least one company specifically for routers. And finally, email software, or suites that include email software, may include an anti-phishing filter, or email blocking may be offered by a web host.

In a browser, an anti-phishing filter attempts to detect spoofed websites, also known as examples of web forgery. The filter checks sites that the user visits against a list of phishing and malware sites that have been reported. The lists are automatically updated periodically. The filter is often put into place by preference choices, which may be on by default or may require the user to make a change. In the preferences, the user may have the option to choose to, for example, have the browser attempt to block web forgeries and attack sites.

It is important to recognize that having an anti-phishing filter enabled does not relieve the user of responsibility for being discerning. There may be cases in which a website owner has not updated the certificate for the site, for example, and the browser issues a warning, telling the user of the situation and allowing the user to make a choice. This was true in May 2010 on several Microsoft® pages, showing that even with an anti-phishing filter in place, incidents can arise that depend on user judgment. In addition, in May 2010, a new type of phishing attack dubbed “tabnabbing” was discovered, in which the scammer is able to replace information on tabs that a user already has open and, therefore, trusts. The antidote to this is to not let one’s guard down simply because one has enabled an anti-phishing filter.

When directly working on email, an anti-phishing filter can be overzealous, blocking legitimate email. It can also allow phishing emails through on the leading edge of a new attempt by phishers to get around the filters. Experts suggest reviewing email that is relegated to Junk to make sure that important communications are not being relegated their and to be cautious with email as a matter of habit, even email that has passed the anti-phishing filter.