Undetected phishing attempt
Ian
cobalt-users1 at fishnet.co.uk
Tue Sep 26 15:20:54 IST 2006
On 25 Sep 2006 at 15:09, Denis Beauchemin wrote:
> Hello all,
>
> One of our users has forwarded me the following email (addresses
> obfuscated for obvious reasons):
> http://pages.usherbrooke.ca/dbeauchemin/tmp/phish2.txt
>
> None of the links have been detected as phishing attempts, even though
> they clearly are.
Hi,
The problem is that each of these urls in the email has the text of 'click here' or something
similar. In other words it is not trying to hide itself as another domain name so it is not
detected as a phising attempt.
If the link text had something like www.timemagazine.com but the link was pointing at
something else then this would (probably!) be detected.
The only way to detect this as a phising attempt would be to know exactly what links TIME
magazine publish and somehow detect these and then compare them with the email and
every other email TIME has every sent out - in other words not really possible (at the
present!).
> Is there anything we can do about these? They seem to use a clever
> redirect that goes undetected by MS.
Yes, you can do something about these - enducate your users to have a default state of
complete paranoia when it comes to the source of any email ;)
Regards
Ian
--
More information about the MailScanner
mailing list