Phishing, or using bogus URLs in email to lure the unsuspecting into giving up personal information, has become as pervasive and troubling as spam.
Unfortunately, most people aren't aware of how widespread or insidious phishing scams are, and often have a hard time telling if a link is legitimate or not.
To that end, the new Office 2003 Service Pack 2 update adds functions to Microsoft Outlook 2003's Junk E-mail Filter to help protect against phishing scams.
How it works
When Microsoft Outlook receives an email with hyperlinks in it, the email is checked by the Junk E-mail Filter to see if it might be coming from a spoofed address, or if the links in it are suspicious. If the links look suspicious -- even if the mail itself hasn't been tagged as spam -- the hotlinks in the mail are disabled. Clicking on one of them brings up the warning:
Some links in this message might connect to unsafe or fraudulent sites. To help protect your security, links have been turned off in this message.
A bar at the top of the message reads:
Click here to turn on links. To help protect your security, links are turned off in this message.
Users then has to go through an extra step to open a possibly dangerous link. When doing so, they have the option to add the sender to a list of known good domains.
Because of the way the filter evaluates messages, it's sometimes a little overzealous, but Microsoft decided it was better to err on the side of caution.
For instance, I receive Favorite Search email once a day from eBay -- a report of what's currently matching all my most common eBay searches. The links in the message are "bounced" through the Doubleclick.net ad service. And, since Doubleclick.net isn't listed as a safe domain in my copy of Microsoft Outlook, the links in my Favorite Search email are blocked.
About the author: Serdar Yegulalp is editor of the Windows Insight.
MEMBER FEEDBACK TO THIS OUTLOOK SECURITY TIP
Can this feature be disabled? If so, how?
—David B.
******************************************
In Microsoft Outlook, go to Actions -> Junk E-mail -> Junk E-mail Options, and uncheck the box marked "Don't turn on links in messages that might connect to unsafe or fraudulent sites."
—Serdar Yegulalp, tip author
******************************************
Can this feature be turned off by a group policy object (GPO) setting?
—David L.
******************************************
There is a registry setting you can change for it through GPO:
HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Options\Mail
Create a DWORD named JunkMailEnableLinks and set it as follows:
1: Allow links in junk mail to be active.
0: Disable links in junk mail (default).
I don't think this setting works in Microsoft Outlook 2007, though.
—Serdar Yegulalp, tip author
******************************************
Is there a way to set this filter so that recipients -- and/or sites -- that I deem to be safe will have the links available (i.e., not blocked)?
—Michael O.
******************************************
If you receive an email from a domain that you know is safe, you can declare that domain exempt from the phishing filter within the message itself or from the Actions -> Junk E-mail menu option.
For instructions on how to do this, read Microsoft's "Get antiphishing and spam filters with Outlook SP2."
—Serdar Yegulalp, tip author
Do you have comments on this tip? Let us know.
Please let others know how useful this tip is via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.
