Phishing protection

From MozillaZine Knowledge Base
Revision as of 19:07, 2 June 2013 by Rsx11m (talk | contribs) (→‎Scam warning: copy-pasted content from the TB 5.0 article)
Jump to navigationJump to search

Phishing is a malicious attempt to gather private information, usually credentials (username and password) for login to sensitive sites (e.g., on-line banking) or other sensitive information (credit-card or social-security numbers).

See the following articles, depending on whether you are looking for protection when browsing websites or for e-mail messages:

  1. Safe browsing (Firefox and SeaMonkey)
  2. Junk Mail Controls (Thunderbird and SeaMonkey)

Scam warning

The implementation of the scam feature remains incomplete [1]. It is based on a fixed set of rules which are triggered when an HTML message contains links with either a numerical IP address or where the text over the link suggests a different target than the actual link underneath. Unfortunately, many newspaper-style messages and notices follow the latter pattern, usually to keep track of clicked links in such messages to get some statistics how frequently such a link was clicked. There is currently no way to white-list such links [2], and no service similar to the Google-based phishing list Firefox is using has been established for Thunderbird [3].

A request to disable the feature by default for the time being has thus far been denied [4], but as a workaround it has been made more apparent that the feature can be switched off. The scam warning now comes with a direct link which will disable the feature for this and all other messages [5], thus it's easier to find when too many false positives are reported. To reactivate the scam warnings, check the respective box in the Security → E-mail Scams options.

Note that, even though Thunderbird does not have an agreement yet with a phishing-list provider, right-clicking on a suspicious link in a message you received allows you to report that link as such to a provider [6].