Phishing fraud question

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Thu Oct 14 09:51:25 IST 2004 

Julian

To help us give informed feedback can you please put on this list an
example "phishing" message [perhaps faked so that existing rules will
not tag it!] which has your additional warning text. I need to see what
our users would get in order to judge whether it is enough to alert them
to the possible danger of the message.

It would also be helpful if you could include as well an example false
positive with enough text lines before and after the duff link and
wraning text to give enough context.

There is a balance to be struck here. The warning text needs to be
"intrusive" enough to alert our users, particularly overseas students,
of the dangers of a true phishing message.

On the other hand it will give rise to complaints if it appears too
intrusive in the case of false positives.

Thanks 

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."  

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 14 October 2004 09:32
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Phishing fraud question
>
>I want your opinion.
>
>When things like scripts and forms are detected in emails, 
>they are just
>quietly disarmed without any subject line tagging at all.
>
>Should I do the same with phishing fraud attempts? The warning in the
>message will be put in right next to the offending link.
>
>It's just that phishing detection does detect quite a few 
>false positives
>due to the stupidity of a lot of newsletter authors who put 
>"fake" links in
>their material. I don't want people to become used to seeing 
>"{Dangerous
>Content?}" or whatever, and therefore ignoring it.
>
>I have tagged the subject line so far, and I think it is 
>already starting
>to cause problems. I am tending towards removing the subject tag.
>
>Any thoughts please?
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list