Feature Request: Phishing

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 18 15:13:32 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Also, what happens when the real link is believable? There was one going
around here for quite a while that actually went to www.ibarclays.co.uk
which was actually a fake site. Without a dirty great warning, many
people would have gone there anyway.

Roger Jochem wrote:

>But thats the real link...
>
>If the e-mail says
>
>access www.linux.com and it's a fraud, the <a href> is www.windows.com . If
>www.windows.com is removed, the real address (www.linux.com) would be
>accessible... Or not?
>
>----- Original Message -----
>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Tuesday, January 18, 2005 12:45 PM
>Subject: Re: Feature Request: Phishing
>
>
>
>
>>But the user's mail client will display the address as a link. So you
>>haven't gained anything much.
>>
>>Roger Jochem wrote:
>>
>>
>>
>>>Even so, the link would disapear, but the address (the real one) don't.
>>>
>>>
>If
>
>
>>>the user really wants to access it, it could be done simply by cutting
>>>
>>>
>and
>
>
>>>pasting the address in the browser...
>>>
>>>And would be an option. "Disarm", "Allert", or "No" would be the
>>>
>>>
>options...
>
>
>>>No - Would not look for the frauds
>>>Allert - Would work like today
>>>Disarm - Would be the new option
>>>
>>>
>>>
>>>----- Original Message -----
>>>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
>>>To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>Sent: Tuesday, January 18, 2005 12:03 PM
>>>Subject: Re: Feature Request: Phishing
>>>
>>>
>>>
>>>
>>>
>>>
>>>>I purposely didn't do that as there is an inevitable false alarm rate. I
>>>>don't even tag the Subject: line. Having a valid (false positive) link
>>>>removed would annoy my users very quickly!
>>>>
>>>>Roger Jochem wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>I'd would like to have a way of "disarming" phishing frauds from the
>>>>>
>>>>>
>>>>>
>>>>>
>>>e-mail
>>>
>>>
>>>
>>>
>>>>>instead of warning the user about it.  Could it be done? Something like
>>>>>removing the <a href...> from the e-mail, disabling the fraud. Even
>>>>>
>>>>>
>>>>>
>>>>>
>>>warning
>>>
>>>
>>>
>>>
>>>>>my users, some of them open the link. Maybe because they're curious
>>>>>
>>>>>
>about
>
>
>>>>>it... Is it possible?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>--
>>>>Julian Field
>>>>www.MailScanner.info
>>>>Buy the MailScanner book at www.MailScanner.info/store
>>>>
>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
>>>>------------------------ MailScanner list ------------------------
>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>'leave mailscanner' in the body of the email.
>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>>Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>>
>>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list