Undetected phishing attempt

Ian cobalt-users1 at fishnet.co.uk
Tue Sep 26 15:20:54 IST 2006

On 25 Sep 2006 at 15:09, Denis Beauchemin wrote:

> Hello all,
> One of our users has forwarded me the following email (addresses 
> obfuscated for obvious reasons):
> http://pages.usherbrooke.ca/dbeauchemin/tmp/phish2.txt
> None of the links have been detected as phishing attempts, even though 
> they clearly are.


The problem is that each of these urls in the email has the text of 'click here' or something 
similar.  In other words it is not trying to hide itself as another domain name so it is not 
detected as a phising attempt.

If the link text had something like www.timemagazine.com but the link was pointing at 
something else then this would (probably!) be detected.

The only way to detect this as a phising attempt would be to know exactly what links TIME 
magazine publish and somehow detect these and then compare them with the email and 
every other email TIME has every sent out - in other words not really possible (at the 

> Is there anything we can do about these?  They seem to use a clever 
> redirect that goes undetected by MS.

Yes, you can do something about these - enducate your users to have a default state of 
complete paranoia when it comes to the source of any email ;)



More information about the MailScanner mailing list