Last month Cyveillance released the Cyveillance Intelligence Report for the 1st half of 2009. As a regular part of the report and to better understand the daily risks consumers face from Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks, Cyveillance tests unique and confirmed phishing attacks against some of the leading consumer anti-phishing protections. For the testing Cyveillance feeds confirmed live attacks through four of the most widely used Web browsers with embedded anti-phishing technology and reports the detection rates for each browser.
At the time of the testing, Microsoft’s Internet Explorer 7 (IE7) was configured in the Cyveillance testing environment. As stated in the report, IE7 detected 24.9% of all phishing attacks fed through its anti-phishing protection capabilities. Since the time of the IE7 testing Cyveillance has updated the testing environment to Microsoft Internet Explorer 8 (IE8). Using IE8, the detection rate of new phishing attacks increased to 31.5%. This increase in the detection rate of attacks represents an improvement of over 6 percentage points, but still fails to protect consumers from over two thirds of newly discovered phishing attacks. These results also represent a significantly smaller detection rate than the 83% detection rate reported for the same application by NSS Labs in July of this year (http://nsslabs.com/browser-security-phishing-3Q2009).