Fraud and Phishing detection

[DAve]

Kevin Miller wrote:
> DAve wrote:
>> I did, and I have. But I only get to see the page *after* MS has
>> disabled it.
>>
>> I have clients asking "Why?". They are not complaining, just asking
>> how it works, they are glad we are disabling suspected fraud. I would
>> like to say what the system is looking for and provide a valid
>> example in before and after states.
>>
>> The bottom line, it works, and works well. But I don't want to sound
>> stooopid because I can't explain how it works with confidence.
> 
> In a nutshell it compares the purported URL with the underlying one, and
> if they're different it flags it unless it's in the whitelist.  For
> example www.mybank.com might point to w3.someservername.mybank.com;
> whatever they're using for a web or mail server.  It's probably
> legitimate.  Or it may be a message that says www.ebay.com but points to
> some server in Russia.  MS will ding that one.
> 
> I'm sure it's much more complicated than that under the hood, but if
> you're trying to explain it to non-technical users, that's the gist of
> it.  I think...
> 
> ...Kevin

That is what I'm been saying after a "very quick" glance at the source 
code and a few messages.

I have one example I use, I wasn't sure if MS would catch more that this.

<a href="http://thisurldontmatch.com">http://thisurlisdifferent.com</a>

Thanks,

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.