Enable or disable security alerts about links to and files from suspicious Web sites

This article explains the risks involved when a document that you are working in contains a link to a suspicious Web site or when you try to open a file from a suspicious Web site. The 2007 Microsoft Office system helps to mitigate these risks to help protect you from homograph attacks used in phishing schemes.

In this article


What is a homograph attack?

A homograph is a word with the same spelling as another word but with a different meaning. In computers, a homograph attack is a Web address that looks like a familiar Web address but is actually altered. This occurs when the domain name (domain name: The address of a network location that identifies its owner in this specific format: server.organization.type. For example, www.whitehouse.gov identifies the Web server at the White House, which is part of the U.S. government.) was created by using alphabet characters from different languages, not just English. For example, the following Web address looks legitimate, but what you can't see is that the "i" is a Cyrillic character from the Ukrainian alphabet.

www.microsoft.com

Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking that they are visiting a familiar Web site. Special software is needed to detect these kinds of spoofed domain names in Web addresses. See the next section to learn more about how The 2007 Office release helps protect you from links that attempt to lead you to suspicious Web sites.

Top of Page Top of Page

How can the Trust Center help protect me from homograph attacks?

By default, the 2007 Office release displays security alerts in the following situations:

  • You have a document open and you click a link to a Web site with an address that has a potentially spoofed domain name.
  • You open a file from a Web site with an address that has a potentially spoofed domain name.

The following is the alert that appears when you click a link to a Web site that uses a potentially spoofed domain name.

Microsoft Office Security Notice

You can then choose whether to continue to visit the Web site. In this situation, we recommend that you click No. If you don't want to receive these alerts, you can disable them. For more information, see the next two sections.

Top of Page Top of Page

Enable or disable security alerts about links to and files from suspicious Web sites

Detection of potentially spoofed domain names is on by default. You can turn detection off so that you don't get security alerts, but we do not recommend this. Do the following in these 2007 Microsoft Office system programs:

Which program are you using?


Access

  1. Click the Microsoft Office Button Button image, and then click Access Options.
  2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
  3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Clip Organizer

  1. On the Help menu, click Customer Feedback Options.
  2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Excel

  1. Click the Microsoft Office Button Button image, and then click Excel Options.
  2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
  3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

InfoPath

  1. On the Tools menu, click Trust Center, and then click Privacy Options.
  2. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

OneNote

  1. On the Help menu, click Customer Feedback Options.
  2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

PowerPoint

  1. Click the Microsoft Office Button Button image, and then click PowerPoint Options.
  2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
  3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Project

  1. On the Help menu, click Customer Feedback Options.
  2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

SharePoint Designer

  1. On the Help menu, click Customer Feedback Options.
  2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Visio

  1. On the Tools menu, click Trust Center, and then click Privacy Options.
  2. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Word

  1. Click the Microsoft Office Button Button image, and then click Word Options.
  2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
  3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

Top of Page Top of Page

Disable security alerts for a Web site by marking it as a Trusted site

If you think that a particular Web site is trustworthy, you can disable the alerts by adding the Web site to your Trusted sites zone in Windows Internet Explorer. The Trusted sites zone contains Web sites that you consider to be safe, such as sites that are located on your organization's intranet or sites that you learned about from established sources in whom you have confidence. When you add a Web site to the Trusted sites zone, you indicate that you think any files that you download or run from that Web site will not damage your computer or data. By default, no Web sites are assigned to the Trusted sites zone, and the security level for the Trusted sites zone is set to Low.

Assign a Web site to the Trusted sites zone

  1. In Internet Explorer version 5, 6, or 7, on the Tools menu, click Internet Options.
  2. On the Security tab, click Trusted sites, and then click Sites.
  3. In the Add this Web site to the zone box, type or select the address of the Web site, and then click Add.
  4. If you want Internet Explorer to verify that the server for each Web site in this zone is secure before you connect to any Web sites in this zone, select the Require server verification (https:) for all sites in this zone check box.
  5. Click OK twice.

Top of Page Top of Page

 
 
Applies to:
Access 2007, Excel 2007, InfoPath 2007, OneNote 2007, PowerPoint 2007, Publisher 2007, Visio 2007, Word 2007