Monday, June 20, 2011

A suggestion to thwart (some) phishing attacks?

Like just about everyone, I receive loads of predictable phishing e-mails that (hopefully) make it into my spam bucket. But I was intrigued by the following message that I happened upon when perusing my spam messages:

From: "Linda Evans"
To: david.fraser@XXXXXX.com
Date: Monday, June 20, 2011 2:10 PM
Subject: David f*** [redacted] you!!

Remove your f****** [redacted] comment from my profile , I AM NOT YOUR BITCH!
Do I even know you?
Remove it : http://www.facebook.com/profile.php?id=100000456101822
If you dont , I will report you to Facebook and get your account suspended!!!

The link went to a page that appeared to be the Facebook login page but was hosted on some other website, which would capture your password.

I am sure that this will become a routine phishing method, but will probably catch a few folks who haven't seen it before.

I would like to suggest something that should be implemented in all e-mail programs and all browsers: If there is some text that looks like a link between the <a> and </a> HTML tags that doesn't correspond to the actual URL that the link leads to, a warning should appear saying

"It looks like you're clicking on a link that goes to YYY but you're actually going to ZZZ. That doesn't sound good. Are you sure you want do do this?"

I wonder how many phishing attacks could be prevented with this simple change?

2 comments:

kurt wismer said...

a suggestion to add a new feature to email readers could be good, but in the mean time a suggestion to users to switch to reading email in plain text mode would serve the same purpose.

Heidi Morrill said...

Many email clients do display the actual link URL when you hover the mouse pointer over the link itself in the email body (for example, in a bar at the bottom of the screen).

Kurt's suggestion is also good, but an educated user is always going to be the best protection available.