Phishing fraud question
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Thu Oct 14 10:17:39 IST 2004
Julian
Thanks for that. I saw the warnings in BOLD BLUE rather than RED.
Are there situations where the recipients mailer will not render HTML in
messages? If so you may need some plain text border characters around
the inserted warning to make it stand out.
Quentin
---
PHONE: +44 191 222 8209 Information Systems and Services (ISS),
University of Newcastle,
Newcastle upon Tyne,
FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."
________________________________
From: MailScanner mailing list
[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
Sent: 14 October 2004 10:00
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Phishing fraud question
Here's an excerpt from an abbey national phishing scam.
To log into your account, please visit the online banking
MailScanner
has detected a possible fraud attempt from
http://200.153.201.119:16780/ <http://200.153.201.119:16780/>
http://www.abbey.com <http://200.153.201.119:16780/>
If you have questions about your online statement,
please send us a Bank Mail or call us at 1-800-374-9700
And a false positive:
since 2001; and Otylia Jedrzejczak of Poland who won a gold
medal in Athens in the 200m butterfly finals and has committed to
auctioning her medal to help raise money for children suffering from
leukemia. The European Heroes were chosen as 'they inspire, create,
devote themselves to others, and even risk their lives...'
MailScanner has detected a possible fraud attempt from
http://www.time.com/time/europe/hero2004/mcarthur.html
<http://www.time.com/time/europe/hero2004/mcarthur.html> www.time.com
<http://www.time.com/time/europe/hero2004/mcarthur.html> <<B&Q>>
UNDERGOES 'ROUND THE WORLD' REFIT...
Since returning to her French base in Lorient in mid-September,
the 75-foot trimaran
Sorry for the HTML post, but you need to see it in bold red.
If you don't like the text/style, feel free to suggest
improvements.
I just think that flagging the false positive as "banned
content" or "dangerous content" is going too far.
At 09:51 14/10/2004, you wrote:
Julian
To help us give informed feedback can you please put on
this list an
example "phishing" message [perhaps faked so that
existing rules will
not tag it!] which has your additional warning text. I
need to see what
our users would get in order to judge whether it is
enough to alert them
to the possible danger of the message.
It would also be helpful if you could include as well an
example false
positive with enough text lines before and after the
duff link and
wraning text to give enough context.
There is a balance to be struck here. The warning text
needs to be
"intrusive" enough to alert our users, particularly
overseas students,
of the dangers of a true phishing message.
On the other hand it will give rise to complaints if it
appears too
intrusive in the case of false positives.
Thanks
Quentin
---
PHONE: +44 191 222 8209 Information Systems and
Services (ISS),
University of Newcastle,
Newcastle upon Tyne,
FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can
get its own."
>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian
Field
>Sent: 14 October 2004 09:32
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Phishing fraud question
>
>I want your opinion.
>
>When things like scripts and forms are detected in
emails,
>they are just
>quietly disarmed without any subject line tagging at
all.
>
>Should I do the same with phishing fraud attempts? The
warning in the
>message will be put in right next to the offending
link.
>
>It's just that phishing detection does detect quite a
few
>false positives
>due to the stupidity of a lot of newsletter authors who
put
>"fake" links in
>their material. I don't want people to become used to
seeing
>"{Dangerous
>Content?}" or whatever, and therefore ignoring it.
>
>I have tagged the subject line so far, and I think it
is
>already starting
>to cause problems. I am tending towards removing the
subject tag.
>
>Any thoughts please?
>--
>Julian Field
>www.MailScanner.info <http://www.mailscanner.info/>
>MailScanner thanks transtec Computers for their support
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
1415 B654
>
>------------------------ MailScanner list
------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and
>the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and
the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Julian Field
www.MailScanner.info <http://www.mailscanner.info/>
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list