Last month Cyveillance released the Cyveillance Intelligence Report for the 1st half of 2009. As a regular part of the report and to better understand the daily risks consumers face from phishing attacks, Cyveillance tests unique and confirmed phishing attacks against some of the leading consumer anti-phishing protections. For the testing Cyveillance feeds confirmed live attacks through four of the most widely used Web browsers with embedded anti-phishing technology and reports the detection rates for each browser.
At the time of the testing, Microsoft’s Internet Explorer 7 (IE7) was configured in the Cyveillance testing environment. As stated in the report, IE7 detected 24.9% of all phishing attacks fed through its anti-phishing protection capabilities. Since the time of the IE7 testing Cyveillance has updated the testing environment to Microsoft Internet Explorer 8 (IE8). Using IE8, the detection rate of new phishing attacks increased to 31.5%. This increase in the detection rate of attacks represents an improvement of over 6 percentage points, but still fails to protect consumers from over two thirds of newly discovered phishing attacks. These results also represent a significantly smaller detection rate than the 83% detection rate reported for the same application by NSS Labs in July of this year (http://nsslabs.com/browser-security-phishing-3Q2009).