Thunderbird failed to spot slightly obfuscated phishing attempt (Barclays)

RESOLVED DUPLICATE of bug 326082

Status

Thunderbird
Mail Window Front End
RESOLVED DUPLICATE of bug 326082
12 years ago
11 years ago

People

(Reporter: Mike Ralphson, Assigned: Scott MacGregor)

Tracking

x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:spoof])

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Thunderbird 1.5 (Windows/20051201)

Thunderbird failed to spot this as a phishing attempt. The suspect url was slightly obfuscated in the following way:

"However, if you did not initiate
the log ins, please visit Barclays IBank as soon as possible to check-up your
account information:<br><br>
<a href="http://koreabanks.com/board/data/now_connect1.php">ht<font>tps://iba</font>nk.ba<font>rclays.co.uk/olb/p/Lo</font>ginMember.do</a><br><br>
Thanks for your patience.<br><br>"

Reproducible: Sometimes

Steps to Reproduce:
1. Phishing email is checked with Thunderbird before being sent
2. ????
3. Profit

Actual Results:  
'Thunderbird thinks this might be an email scam' does not appear.

Expected Results:  
Phishing warning should appear.

Strip redundant html tags from url destination before comparison with legend. Comparison with header domains also?
(Reporter)

Comment 1

12 years ago
Created attachment 209339 [details]
Example of email concerned

Target domain changed to example.com for privacy
Clever.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:spoof]
(Reporter)

Updated

12 years ago
Version: unspecified → 1.5
(Reporter)

Comment 3

12 years ago

*** This bug has been marked as a duplicate of 326082 ***
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.