Feature Request: Phishing
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Jan 18 15:10:39 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I'm still wary, as you are teaching users it is always safe to click on
a link in an email address. Short-term that's good, but I'm not so
convinced about the long-term wisdom of this.
But as an option (particularly as a "default") it would be okay I guess.
How about we combine these 2 threads that really have the same subject
as well as the same Subject: ?
Roger Jochem wrote:
>But thats the real link...
>
>If the e-mail says
>
>access www.linux.com and it's a fraud, the <a href> is www.windows.com . If
>www.windows.com is removed, the real address (www.linux.com) would be
>accessible... Or not?
>
>----- Original Message -----
>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Tuesday, January 18, 2005 12:45 PM
>Subject: Re: Feature Request: Phishing
>
>
>
>
>>But the user's mail client will display the address as a link. So you
>>haven't gained anything much.
>>
>>Roger Jochem wrote:
>>
>>
>>
>>>Even so, the link would disapear, but the address (the real one) don't.
>>>
>>>
>If
>
>
>>>the user really wants to access it, it could be done simply by cutting
>>>
>>>
>and
>
>
>>>pasting the address in the browser...
>>>
>>>And would be an option. "Disarm", "Allert", or "No" would be the
>>>
>>>
>options...
>
>
>>>No - Would not look for the frauds
>>>Allert - Would work like today
>>>Disarm - Would be the new option
>>>
>>>
>>>
>>>----- Original Message -----
>>>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
>>>To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>Sent: Tuesday, January 18, 2005 12:03 PM
>>>Subject: Re: Feature Request: Phishing
>>>
>>>
>>>
>>>
>>>
>>>
>>>>I purposely didn't do that as there is an inevitable false alarm rate. I
>>>>don't even tag the Subject: line. Having a valid (false positive) link
>>>>removed would annoy my users very quickly!
>>>>
>>>>Roger Jochem wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>I'd would like to have a way of "disarming" phishing frauds from the
>>>>>
>>>>>
>>>>>
>>>>>
>>>e-mail
>>>
>>>
>>>
>>>
>>>>>instead of warning the user about it. Could it be done? Something like
>>>>>removing the <a href...> from the e-mail, disabling the fraud. Even
>>>>>
>>>>>
>>>>>
>>>>>
>>>warning
>>>
>>>
>>>
>>>
>>>>>my users, some of them open the link. Maybe because they're curious
>>>>>
>>>>>
>about
>
>
>>>>>it... Is it possible?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list