Phishing protection: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
m (added link to the respective Wikipedia page)
(→‎Scam warning: copy-pasted content from the TB 5.0 article)
Line 4: Line 4:
# [[Safe browsing]] ''(Firefox and SeaMonkey)''
# [[Safe browsing]] ''(Firefox and SeaMonkey)''
# [[Junk Mail Controls]] ''(Thunderbird and SeaMonkey)''
# [[Junk Mail Controls]] ''(Thunderbird and SeaMonkey)''
===Scam warning===
The implementation of the scam feature remains incomplete [https://bugzilla.mozilla.org/show_bug.cgi?id=654502]. It is based on a fixed set of rules which are triggered when an HTML message contains links with either a numerical IP address or where the text over the link suggests a different target than the actual link underneath. Unfortunately, many newspaper-style messages and notices follow the latter pattern, usually to keep track of clicked links in such messages to get some statistics how frequently such a link was clicked. There is currently no way to white-list such links [https://bugzilla.mozilla.org/show_bug.cgi?id=320351], and no service similar to the Google-based phishing list Firefox is using has been established for Thunderbird [http://groups.google.com/group/tb-planning/browse_thread/thread/46da904ec70e5dee].
{{Right-pic|Tb50scamWarning.png}}
A request to disable the feature by default for the time being has thus far been denied [https://bugzilla.mozilla.org/show_bug.cgi?id=623198], but as a workaround it has been made more apparent that the feature ''can'' be switched off. The scam warning now comes with a direct link which will disable the feature for this and all other messages [https://bugzilla.mozilla.org/show_bug.cgi?id=653103], thus it's easier to find when too many false positives are reported. To reactivate the scam warnings, check the respective box in the Security → E-mail Scams options.
Note that, even though Thunderbird does not have an agreement yet with a phishing-list provider, right-clicking on a suspicious link in a message you received allows you to report that link as such to a provider [https://bugzilla.mozilla.org/show_bug.cgi?id=653798].


[[Category:Privacy and security]]
[[Category:Privacy and security]]

Revision as of 19:07, 2 June 2013

Phishing is a malicious attempt to gather private information, usually credentials (username and password) for login to sensitive sites (e.g., on-line banking) or other sensitive information (credit-card or social-security numbers).

See the following articles, depending on whether you are looking for protection when browsing websites or for e-mail messages:

  1. Safe browsing (Firefox and SeaMonkey)
  2. Junk Mail Controls (Thunderbird and SeaMonkey)

Scam warning

The implementation of the scam feature remains incomplete [1]. It is based on a fixed set of rules which are triggered when an HTML message contains links with either a numerical IP address or where the text over the link suggests a different target than the actual link underneath. Unfortunately, many newspaper-style messages and notices follow the latter pattern, usually to keep track of clicked links in such messages to get some statistics how frequently such a link was clicked. There is currently no way to white-list such links [2], and no service similar to the Google-based phishing list Firefox is using has been established for Thunderbird [3].

A request to disable the feature by default for the time being has thus far been denied [4], but as a workaround it has been made more apparent that the feature can be switched off. The scam warning now comes with a direct link which will disable the feature for this and all other messages [5], thus it's easier to find when too many false positives are reported. To reactivate the scam warnings, check the respective box in the Security → E-mail Scams options.

Note that, even though Thunderbird does not have an agreement yet with a phishing-list provider, right-clicking on a suspicious link in a message you received allows you to report that link as such to a provider [6].