Phishing Detection Support to Thunderbird checked in
The following was just checked into the trunk of Mozilla Thunderbird:
Get a phishing detector going for Thunderbird. I'm sure it can be improved quite a bit but this starts to catch some of the more obvious scams.
More info in the bug report:
When the user clicks on a URL that we think is a phishing URL, he now gets prompted before we open it. Handles two cases so far. Hopefully we can add more as we figure out how. The host name of the actual URL is an IP address. The link text is a URL whose host name does not match the host name of the actual URL.. I added support for a silentMode so later on we can hopefully walk an existing message DOM and call into this routine on each link element in the DOM. This would allow us to insert an email scam warning bar in the message window down the road.
See screenshot
View bug report
Related entries
Ads:
 |
 |
9 Comments
I have to agree with the other poster that while the detection is great the sort of users it's trying to protect won't understand this message and will just click anyway.
What would be great is a "Thunderbird thinks this is junk" style message at the top as you read it indicating "Thunderbird believes this message has suspicious hyperlinks that could be an attempt to steal your personal information."
Or something...
[)
Maybe combine both idea. Using a dialog like this:
Thunderbird thinks this is a phishing site.
More >>
Clicking "more" will then show the detail information.
Comment by minghong at January 21, 2005 02:35 PM | Permalink
It's important to avoid the word "phishing" as most people probably don't know what it is. I think the message should say something like "This e-mail appears to be fradulent. Click on links with care" or something, with a link to a description of what a phishing email is.
Basically, my point is that in order to explain it, you should definately use laymen's terms so that it is easily understood.
I agree with what most people are saying here, I think that instead of "URL" you should place "Address" that is more popular name.
I also think that it could probably contain the word fraud, or something like this, and that should be very visible, to make it catch the atention of the reader. Probably instead of yes and no, that are easily recognized something other could help deincentivate the "blind click" of a button. Probably something in the line of two links "I think this is fraud" and "I trust this site".
What do you think?
Comment by Victor Bogado at January 24, 2005 11:53 AM | PermalinkI even made it to ZDNet:
http://news.zdnet.co.uk/internet/security/0,39020375,39185311,00.htm
![[TypeKey Profile Page]](http://gemal.dk/nav-commenters.gif)
at January 24, 2005 08:55 PM | Permalink
And you also made it to Webwereld, a wellknown Dutch internet magazine. Thunderbird should build up a name as the most secure e-mail program around, whatever the solution for the Phishing problem will be. Only then it has a chance of taking noticable market share from Outlook (Express)
Comment by Supergugler at January 25, 2005 01:58 PM | Permalink
I've somewhat recently written a Thunderbird extension that looks for phishing in a different way -- using SPF and DomainKeys on the From: address. See: http://taubz.for.net/code/spf
Comment by Joshua Tauberer at January 25, 2005 05:08 PM | Permalinkphishing detection needs options to allow you to tell it to ignore certain emails/addresses. email from my support droids gets tagged everytime.
Comment by bloodnok at March 21, 2006 04:33 PM | Permalink
Good job. But most people don't know what a "URL" is. I suggest using a different term, while retaining "URL" in parentheses to be specific for technical users.
Comment by me at January 21, 2005 12:16 PM | Permalink