MozillaZine

Phishing protection

From MozillaZine Knowledge Base

(Difference between revisions)
Revision as of 13:02, 30 May 2013
Rsx11m (Talk | contribs)
(added link to the respective Wikipedia page)
<-- Previous diff
Revision as of 19:07, 2 June 2013
Rsx11m (Talk | contribs)
(Scam warning - copy-pasted content from the TB 5.0 article)
Next diff -->
Line 4: Line 4:
# [[Safe browsing]] ''(Firefox and SeaMonkey)'' # [[Safe browsing]] ''(Firefox and SeaMonkey)''
# [[Junk Mail Controls]] ''(Thunderbird and SeaMonkey)'' # [[Junk Mail Controls]] ''(Thunderbird and SeaMonkey)''
 +
 +===Scam warning===
 +
 +The implementation of the scam feature remains incomplete [https://bugzilla.mozilla.org/show_bug.cgi?id=654502]. It is based on a fixed set of rules which are triggered when an HTML message contains links with either a numerical IP address or where the text over the link suggests a different target than the actual link underneath. Unfortunately, many newspaper-style messages and notices follow the latter pattern, usually to keep track of clicked links in such messages to get some statistics how frequently such a link was clicked. There is currently no way to white-list such links [https://bugzilla.mozilla.org/show_bug.cgi?id=320351], and no service similar to the Google-based phishing list Firefox is using has been established for Thunderbird [http://groups.google.com/group/tb-planning/browse_thread/thread/46da904ec70e5dee].
 +
 +{{Right-pic|Tb50scamWarning.png}}
 +A request to disable the feature by default for the time being has thus far been denied [https://bugzilla.mozilla.org/show_bug.cgi?id=623198], but as a workaround it has been made more apparent that the feature ''can'' be switched off. The scam warning now comes with a direct link which will disable the feature for this and all other messages [https://bugzilla.mozilla.org/show_bug.cgi?id=653103], thus it's easier to find when too many false positives are reported. To reactivate the scam warnings, check the respective box in the Security &rarr; E-mail Scams options.
 +
 +Note that, even though Thunderbird does not have an agreement yet with a phishing-list provider, right-clicking on a suspicious link in a message you received allows you to report that link as such to a provider [https://bugzilla.mozilla.org/show_bug.cgi?id=653798].
[[Category:Privacy and security]] [[Category:Privacy and security]]

Revision as of 19:07, 2 June 2013

Phishing is a malicious attempt to gather private information, usually credentials (username and password) for login to sensitive sites (e.g., on-line banking) or other sensitive information (credit-card or social-security numbers).

See the following articles, depending on whether you are looking for protection when browsing websites or for e-mail messages:

  1. Safe browsing (Firefox and SeaMonkey)
  2. Junk Mail Controls (Thunderbird and SeaMonkey)

Scam warning

The implementation of the scam feature remains incomplete [1]. It is based on a fixed set of rules which are triggered when an HTML message contains links with either a numerical IP address or where the text over the link suggests a different target than the actual link underneath. Unfortunately, many newspaper-style messages and notices follow the latter pattern, usually to keep track of clicked links in such messages to get some statistics how frequently such a link was clicked. There is currently no way to white-list such links [2], and no service similar to the Google-based phishing list Firefox is using has been established for Thunderbird [3].

Image:Tb50scamWarning.png

A request to disable the feature by default for the time being has thus far been denied [4], but as a workaround it has been made more apparent that the feature can be switched off. The scam warning now comes with a direct link which will disable the feature for this and all other messages [5], thus it's easier to find when too many false positives are reported. To reactivate the scam warnings, check the respective box in the Security → E-mail Scams options.

Note that, even though Thunderbird does not have an agreement yet with a phishing-list provider, right-clicking on a suspicious link in a message you received allows you to report that link as such to a provider [6].