Closed
Bug 212296
Opened 21 years ago
Closed 21 years ago
Warn user of scam URLs.
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
VERIFIED
DUPLICATE
of bug 122445
People
(Reporter: bugtraq, Assigned: security-bugs)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529
Novice users are often tricked into entering credit card details etc into scam
URLs. The URL looks similar to a valid URL, but it's not. Perhaps pop up an
'ok / cancel' window when they press 'Go'.
A regular expression should be able to pick this up, something like
http[s?]:{something that looks like a url}{anything except /}{something that
looks like a url}/{anything}.
Care would have to be taken about false positives such as news.com.com, and
increasing sophistication, such as housing scams on '.id' or other less obvious
ccTLDs.
Reproducible: Always
Steps to Reproduce:
1.Type in scam URL.
2.
3.
Actual Results:
Get taken to scam web site.
Expected Results:
Pop up warning box, explaining the possible scam, and listing the actual site
you are going to, not the apparent site.
For example, see the scam email I got :
Dear PayPal Member,
This email was sent by the PayPal server to re-verify your e-mail address
and to update your profile information on PayPal. You must complete
this process by clicking on the link below and entering the information
from your profile. This is done for your protection --- becaurse some of our
members no longer have access to their email addresses and we must verify it.
To update your profile information and access your account,
click on the link below. If nothing happens when you click on the
link (or if you use AOL), copy and paste the link into the address bar of
your web browser.
https://www.paypal.com:ac=AwWI5HUK5eOcxVMmH984XvzwKJFjdLEHSTJVGieOuKMe2C9@KI54fT.WoRlDiSpNeTwOrK.CoM/i.CgI?textures@willsmith.org
The link will take you to our Verify Your Identity page. Fill in the
appropriate fields to update your profile information and Security
Questions, and click Submit. You will then be able to access your account.
Thanks for using PayPal!
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the footer of any page.
----------------------------------------------------------------
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at
https://www.paypal.com. Protect yourself against fraudulent
websites by checking the URL/Address bar every time you log in.
----------------------------------------------------------------
Comment 1•21 years ago
|
||
*** This bug has been marked as a duplicate of 122445 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•