Sometimes a convincing fake login page or app is all it takes to steal a user’s credentials. An unsuspecting user could easily provide an attacker with critical “input data” to an organization’s systems by simply entering the password in the wrong place.

A phishing attack is sometimes disguised as an email that appears suspiciously similar to the actual thing and takes the victim to a bogus login page. Phishing campaigns that are genuinely convincing duplicate the logos, language, and layout down to the pixel.

The URL is often the sole clue, although there are techniques to obscure and disguise this as well.

Enhanced Phishing Protection in Windows 11 for Users

Microsoft included phishing protection in Windows 11 Version 22H2 to assist battle the ongoing threat of credential theft.

When activated, Microsoft Defender SmartScreen provides Enhanced Phishing Protection.

But what exactly does this give users?

Enhanced Phishing Protection examines URLs as well as any active processes to determine if a site or application looks to hold dangerous information or is unsafe.

If this is the case, SmartScreen uses telemetry data from various Microsoft security products to alert the user and ban the problematic site or program.

Because this integration is tightly embedded into Windows through operating system-level interaction with Microsoft Defender, it allows for a more thorough investigation of processes and URLs than many competing solutions. Furthermore, Enhanced Phishing Protection is included in Windows 11 and does not need extra installation or licensing.

When Enhanced Phishing Protection detects that a user has typed their Windows password into a website or program, an alert and prompt are shown, advising the user to change their password.

If a password is entered into a program such as Notepad, security will suggest that the user delete their password from this file.

Protection in Windows 11

When you enter your password in Notepad on Windows 11, you will see a warning.

This proactive method keeps users secure and prevents possible attackers from using their discovered credentials.

Phishing Attacks’ Real-World Consequences

Threat actors are finding it all too simple to start phishing attacks.

Caffeine, a Phishing-as-a-Service (PhaaS) platform, enables open registration and concentrates on Microsoft 365 logins but with a subscription model with anti-detection and anti-analysis safeguards.

The rapidity with which a new threat actor might make a genuine phishing attempt on a victim is increasingly challenging to manage.

American Airlines is a real-world illustration of this. They discovered that an employee’s Microsoft 365 account had been compromised. Multiple staff accounts were obtained and used from this vantage point to send even more phishing emails from inside the firm.

According to court documents, the data breach appears to have affected over 1,700 workers and consumers. As a result, American Airlines is now required to provide compensation as well as protection against future risks. Not to mention the time commitment needed to safeguard and manage the fallout from phishing attacks.

What to Consider When Setting Up Enhanced Phishing Protection

There are various caveats, as with most solutions. This integration is only applicable to non-Windows Hello logins. If you do not use a password to log in to your computer, the Enhanced Protection feature is disabled.

Furthermore, the browser-level integration only works with Chromium-based browsers, leaving Firefox and Opera out of the picture. Because Microsoft Edge is Chromium-based, this makes sense for Microsoft but may not meet the needs of every enterprise.

System administrators may configure the Enhanced Phishing Protection using Group Policy, making organization-wide rollouts more straightforward.

These options include activating the feature and warning users of harmful websites if a password has been repeated or a rouge program has been discovered.

Add Enhanced Phishing Protection to your users’ profiles and preferences if you’re using Microsoft Endpoint Manager. Furthermore, enterprises that use Microsoft 365 Defender may access warnings via the Defender for Endpoint interface.

Microsoft’s Enhanced Phishing Protection is simply one component of actively safeguarding users and your company; keeping track of passwords and banning weak ones is the other.

The Windows Defender SmartScreen is quite helpful, but when it begins to ban trusted programs, you wonder whether it’s worth keeping enabled. You may switch it off and on again by following these instructions. You may also use these instructions to disable this software in the Edge browser. What do you think of its utility? Share your ideas in the comments section below, and don’t forget to share this post on social media.

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://rhyno.io”

For media enquiries, contact us at media-enquiries@rhyno.io.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

immediate help

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center