Editing AntiPhishing
Help Page
|
Text Formatting Rules
|
HTML Basics
Concept for SIQ-enabled Client software located on an inbound email server: Connection from IP address for message is passed to to the anti-phishing process. Message header and body are parsed for domain names. An SIQuery is made for each domain name found, using the connection-from IP address for the IP part of the query. The IP address the SIQuery comes from is set up in the Outbound Index with an Anti-Phishing check configuration. If a domain found in the header or body of the email fails the Anti-Phishing check in the Outbound Index (ie, the domain owner has listed in the Anti-Phishing database and this connection-from IP is not authorized), a Caution or Warning flag is added to the message, stating "This email is not from Domain.com" or "This email may not be from Domain.com" or "Do not give your user name, password or any confidential information in response to this email." This could be extended to placing warnings in messages with trademark names and their variations. Although a malicious sender could obfusticate PayPal to Pay-Pal or Pay--|Pal - most users would find that too unusual looking to trust in the second case, and would be easy to also warn about, in the case of simple Pay-Pal type of changes. The Anti-phishing client could be designed to unobfusticate all workable alternate forms of web addresses prior to performing the queries. In the case of friends sending each other mention of websites with an Anti-phishing listing, the warnings would do no harm - ie: WARNING: This email is not from PayPal.com! WARNING: This email is not from Etrade.com! WARNING: This email is not from eBank.com! WARNING: This email is not from Ebay.com! Dear Joan, You might try a few of the places I like to shop online - ebay.com has great deals, and you can pay with paypal. We got an account with http://www.ebank.com/ last year and love it. Greg has worn out two mice day trading with Etrade.com. Looking forward to seeing you Saturday at the game. - Martha <HR> We suggest that the 2 friends will understand and not be offended by the warnings. I'll find a real example of a phishing email I got and paste it below. <HR> From unknown Sun Jun 4 21:41:00 -0400 2006 From: Date: Sun, 04 Jun 2006 21:41:00 -0400 Subject: <a href='http://www.ringtones-dir.com' Message-ID: <20060604214100-0400@wiki.outboundindex.net> <u style="display: none;">... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... Welcome!!! Links: <a href='http://www.ringtones-dir.com'>free ringtones</a> : [http://www.ringtones-dir.com download ringtones] - [HTTP://www.ringtones-dir.com download ringtones] : [nokia ringtones|http://www.ringtones-dir.com] - [nokia ringtones|HTTP://www.ringtones-dir.com] : http://www.ringtones-dir.com/download/ : [[http://www.ringtones-dir.com ring tones]] : [[http://www.ringtones-dir.com | ringtones download]] : "samsung ringtones" http://www.ringtones-dir.com : [http://www.ringtones-dir.com|ringtones free] </u> From unknown Sun Jun 4 21:41:39 -0400 2006 From: Date: Sun, 04 Jun 2006 21:41:39 -0400 Subject: <a href='=' Message-ID: <20060604214139-0400@wiki.outboundindex.net> <u style="display: none;">... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... no changes ... </u>
Optional note: