Closed Bug 212296 Opened 21 years ago Closed 21 years ago

Warn user of scam URLs.

Categories

(Core :: Security, enhancement)

enhancement
Not set
normal

Tracking

()

VERIFIED DUPLICATE of bug 122445

People

(Reporter: bugtraq, Assigned: security-bugs)

References

()

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529 Novice users are often tricked into entering credit card details etc into scam URLs. The URL looks similar to a valid URL, but it's not. Perhaps pop up an 'ok / cancel' window when they press 'Go'. A regular expression should be able to pick this up, something like http[s?]:{something that looks like a url}{anything except /}{something that looks like a url}/{anything}. Care would have to be taken about false positives such as news.com.com, and increasing sophistication, such as housing scams on '.id' or other less obvious ccTLDs. Reproducible: Always Steps to Reproduce: 1.Type in scam URL. 2. 3. Actual Results: Get taken to scam web site. Expected Results: Pop up warning box, explaining the possible scam, and listing the actual site you are going to, not the apparent site. For example, see the scam email I got : Dear PayPal Member, This email was sent by the PayPal server to re-verify your e-mail address and to update your profile information on PayPal. You must complete this process by clicking on the link below and entering the information from your profile. This is done for your protection --- becaurse some of our members no longer have access to their email addresses and we must verify it. To update your profile information and access your account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser. https://www.paypal.com:ac=AwWI5HUK5eOcxVMmH984XvzwKJFjdLEHSTJVGieOuKMe2C9@KI54fT.WoRlDiSpNeTwOrK.CoM/i.CgI?textures@willsmith.org The link will take you to our Verify Your Identity page. Fill in the appropriate fields to update your profile information and Security Questions, and click Submit. You will then be able to access your account. Thanks for using PayPal! Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. ---------------------------------------------------------------- PROTECT YOUR PASSWORD NEVER give your password to anyone and ONLY log in at https://www.paypal.com. Protect yourself against fraudulent websites by checking the URL/Address bar every time you log in. ----------------------------------------------------------------
*** This bug has been marked as a duplicate of 122445 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.