Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Addon to "defang" fraudulent links in emails?

  • 2 个回答
  • 1 人有此问题
  • 4 次查看
  • 最后回复者为 Toad-Hall

fredwehr
fredwehr
more options

AFAIK a common phishing technique is to insert a legitimate-looking URL into the malicious message, but when the unsuspecting victim clicks the link, their browser is redirected to the actual, malicious URL. Attached image is courtesy of it.sheridancollege.ca.

Many financial institutions warn customers NOT to click links in emails but rather, to select and copy the displayed URL then paste it into their browser. BUT - how many people will remember the discipline to do this?

It seems to this amateur that it should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed. If the domains are not identical, an addon (theoretically) could convert the link to plain text, rendering it NON-clickable and protecting the recipient.

I hoped to find a Tbird addon that does this, but did not. Any opinions as to whether this concept is (a) doable and (b) helpful? Thanks

AFAIK a common phishing technique is to insert a legitimate-looking URL into the malicious message, but when the unsuspecting victim clicks the link, their browser is redirected to the actual, malicious URL. Attached image is courtesy of it.sheridancollege.ca. Many financial institutions warn customers NOT to click links in emails but rather, to select and copy the displayed URL then paste it into their browser. BUT - how many people will remember the discipline to do this? It seems to this amateur that it should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed. If the domains are not identical, an addon (theoretically) could convert the link to plain text, rendering it NON-clickable and protecting the recipient. I hoped to find a Tbird addon that does this, but did not. Any opinions as to whether this concept is (a) doable and (b) helpful? Thanks
已附加屏幕截图

所有回复 (2)

Toad-Hall
Toad-Hall
  • Top 25 Contributor
more options

re :It should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed.

This ability is already available. When anyone receives an email with a link, it is normal practise to hover over the link to see whether the real link is exactly the same as the stated link. The real link would be displayed in the bottom status bar.

If there is any anomally and sometimes it can be tricky to spot if somone replaces an 'i' with a number 1 (one), the you should never click on the link. You cannot assume the email has been sent from the person who owns the email address, as there are nefarious people who abuse other peoples email addresses.

This is the normal practise which all email users should use and be aware of using. Hovering over a link is not difficult and a whole lot easier and quicker than any other method. After all, you have to move the mouse to that position before you actually click, so the info is already visible before clicking.

Toad-Hall
Toad-Hall
  • Top 25 Contributor
more options

Just to prove a point. It is also common practise to use something that says; Get Thunderbird here where a few short words are used legitimately rather than enter a longer and no so attractive website address.

So, it can used to good effect.

I suppose the bottom line is that you cannot stop people from clicking on links they refuse to check.