To make its products more secure, Microsoft has announced a new feature for Windows 11 2022 that will automatically detect when passwords are entered into unsafe apps or sites. The feature, called Enhanced Phishing Protection, is based on Microsoft’s SmartScreen technology.
By automatically detecting and reporting unsafe password practices to administrators, Microsoft hopes to make its products more secure and reduce the chances of users falling victim to phishing scams. Here’s everything you need to know about this latest update.
How Does the Phishing Protection Feature Work?
Phishing is a type of cyber-attack in which an attacker attempts to trick a victim into clicking on a malicious link or email attachment. The goal is to steal sensitive information, such as login credentials or financial information.
The Windows 11 2022 update includes enhanced phishing protection that will warn users when they are about to make a mistake with their passwords. This is an important update because it will help prevent people from falling for phishing scams and inadvertently giving attackers access to their accounts or personal data.
The ‘Enhanced Phishing Protection’ in Windows 11, version 22H2, works by stopping phishing attempts that use malicious URLs. Phishers use these URLs to steal sensitive information, such as login credentials.
Windows SmartScreen Feature
When you visit a website, Windows SmartScreen checks the site against a list of reported phishing and malware sites. If the site is on the list, SmartScreen shows a warning message that advises you to avoid the site.
If you try downloading a file from a website on Microsoft’s blacklist, Windows will display a warning message. The same happens if you try to run an executable file that hasn’t been digitally signed or comes from an unknown publisher.
Microsoft has been gradually improving SmartScreen over the years. In Windows 10, for example, SmartScreen checks downloaded files and apps against a blocklist of known malicious software. If you try to run a piece of malware, Windows will display a warning message and prevent the program from running.
Steps to Enable Phishing Protection
If you are a windows user, you can enable phishing protection by following the steps below:
- Click on the Start Menu and search for “Windows Security.”
- Click “Windows Security” and “App and browser control.”
- Now click the Reputation-based setting.
- You can now turn on the “Phishing Protection” toggle switch.
- In the end, check all the boxes asking for warning notification permissions.
Once you do that, Windows 11 will warn you if you enter your password into a site that is not trusted or if you try to click on a malicious link.
How Can IT Administrators Use It?
IT administrators can modify the settings for Enhanced Phishing Protection using the Group Policy solution. The feature is in audit mode by default, enabling admins to see insecure password use in their environment via the Defender for Endpoint interface without notifying users. IT admins may help the feature to prevent access to known harmful sites or to display warnings for specific categories of sites.
This feature is available to all users, regardless of whether they have a free or paid subscription to Windows. Phishing attacks are the cause of 90% of security breaches in organizations and they’re only getting more sophisticated and challenging to detect.
BSC Solutions Group has been offering comprehensive IT solutions for over thirty years. Want to learn more? Reach out to us today!