Closed
Bug 332079
Opened 20 years ago
Closed 18 years ago
Phishing detector not picking up all scams
Categories
(Thunderbird :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 370141
People
(Reporter: k.jewsbury, Assigned: mscott)
Details
Attachments
(1 file)
|
13.33 KB,
message/rfc822
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
After installing the latest version of Thunderbird 1.5, I went and looked at some scam messages I had received in the past. Most where marked as Scam apart from 1 email.
It has the image which looks genuine but the link takes you off somewhere else.
<http://www.personal.barclays.co.uk.dhlmailcorp.com/r1/b/>
If you require a copy of the email I can forward it.
Regards
Karl
Reproducible: Didn't try
Summary: Phishing detector not pinking up all scams → Phishing detector not picking up all scams
|
||
Comment 2•20 years ago
|
||
relevant part of the mail :
<p> <a href="http://www.personal.barclays.co.uk.dhlmailcorp.com/r1/b/"><IMG SRC="cid:part1.09040608.06070809@custservice_ref_155369898540@barclays.co.uk" border="0" ALT=""></a></p>
That's not a scam, at least not for the current detector. It's just an image with a link to a remote site. How should the phishing detector detect that this is a bogus link, unless you want to block ALL outgoing links ? Warning before you go to a site is one thing, but a mail with a link is not always a scam.
(In reply to comment #2)
> relevant part of the mail :
>
> <p> <a href="http://www.personal.barclays.co.uk.dhlmailcorp.com/r1/b/"><IMG
> SRC="cid:part1.09040608.06070809@custservice_ref_155369898540@barclays.co.uk"
> border="0" ALT=""></a></p>
>
> That's not a scam, at least not for the current detector. It's just an image
> with a link to a remote site. How should the phishing detector detect that this
> is a bogus link, unless you want to block ALL outgoing links ? Warning before
> you go to a site is one thing, but a mail with a link is not always a scam.
>
I understand what you are saying, but it still a scam. The Email says it comes from @barclays.co.uk
but the link goes to
www.personal.barclays.co.uk.dhlmailcorp.com
This must have been made to fool the reader in to clicking on the link since the first part of the address looks good.
|
|
||
Comment 4•20 years ago
|
||
(In reply to comment #3)
> I understand what you are saying, but it still a scam. The Email says it comes
> from @barclays.co.uk
> but the link goes to
> www.personal.barclays.co.uk.dhlmailcorp.com
Well, I can point to any URL on the intranet, even if I have a gmail.com address. That's not necessarily an error, we might trigger a lot of false positives.
> This must have been made to fool the reader in to clicking on the link since
> the first part of the address looks good.
Maybe we can flag it as a scam if we detect "barclays.co.uk" (from the from-address) *inside* the URL ?
(In reply to comment #4)
The point you make is valid, maybe it very difficult or impossible to protect against this type of scam.
I did notice that when you use simple HTML view text appears at the end of the message, I assume this to get through spam filters. But this text is hidden in original HTML. They seem to set the Font colour to white in order to hide it on a white background. Are there any valid reasons why someone sending a genuine email would hide text.
|
||
Updated•18 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•