Protect Exchange Server and Outlook email from phishing scams

On the Internet, phishing (also known as carding or brand spoofing) is a scam used by an attacker who sits at a remote computer dangling a malicious Web site on spam email waiting for a naive Internet user to happen by.

MessageLabs recorded a 1,000% increase in the number of phishing attacks they intercepted between June and July of 2004 and that number continued to grow, ending the year 50 times higher than the same period in 2003. Suffice it to say, phishing is a critical problem, particularly for users gullible enough to take the bait.

What can you do to protect Windows from being victimized by phishing scams? You've already had many experts tell you continually patch systems and get rid of Internet Explorer -- a Web browser with more exploitable vulnerabilities than its competition -- so here are a few other quick tips that may come in handy.

Block spam effectively in Outlook
Filtering and blocking spam is probably the single biggest step you can take in guarding Windows against phishing attacks. Spam is the delivery mechanism that gets the bait to your computer. If an attacker can't get his phishing message to your inbox, there is no chance your systems will be victimized. The latest version of Microsoft Outlook and many other email client applications now have fairly good junk mail filters to keep the majority of spam out of your inbox. In Outlook, you can set the Junkmail options by navigating to Actions/Junk E-mail/Junk E-Mail Options.

Guard your hosts file with an IPS
The hosts file in Windows maps network destinations or Web sites to IP addresses, and can be used to override DNS. Some phishing attacks actually rewrite the hosts file, so the next time users try to visit certain Web sites they are unwittingly visiting the malicious replica site. You should use an intrusion prevention system (IPS) or other security software to guard your hosts file, and periodically check the hosts file to look for any suspicious entries. You can open it in Notepad.

Strip out code in email messages
Phishing scams rely almost exclusively on the ability to include and execute active-scripting code within an email message. You can turn off this ability. To do so, go to Tools/Options/Security and then select Zone Settings. When the warning box pops up, click "ok" and select Custom Level to disable specific types of code from executing. You can also set Outlook to display all incoming email as plain text only, which will prevent scripting code from being executed. Simply click Tools/Options/E-Mail Options and select the checkbox next to "Read all standard mail in plaint text".

About the author
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Phishing and Email Fraud Protection Exchange 2007 out-of-office (OOF) feature adds usability and security Microsoft Outlook and Exchange Server 2003 Email Security Guide A Microsoft Outlook email security tutorial -- 8 tips in 8 minutes Microsoft Office 2007's native security and antiphishing tools New tools fight fraud and phishing Phishing protection primer Three ways phishers are hooking you Phishing: A whale of a problem for enterprises New phishing threat outpaces Netsky-P PhishTank casts its net for malicious email Spam and virus protection How to install Forefront Security for Exchange Server Block Web beacons and protect OWA users from spam Controlling spam in Exchange 2007 at the edge transport server level How file-level antivirus software can harm your Exchange Server Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 Spam and virus protection Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) Sender ID  (SearchExchange.com) Vouch by Reference (VBR)  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.