Hi,
I've been wondering about how email clients could change to make
phishing less effective.
1) Display the email address not the name in your email folders
From: DVLA Services <[email protected]
<mailto:[email protected]>>
becomes
From:[email protected] <mailto:[email protected]>
So, on a normal day, you would get used to seeing emails from
`[email protected]` rather than `Tim Bray`
2) in html email, the a tag contents are replaced with the URL you will
go to.
so <a href='https://dvla.tax.scam.domain.example.org' style='button'>
Vehicle tax</a> becomeshttps://scam.example.org/ <https://scam.example.org/>
And any images inside an <a></a> are removed
I'm sure the scammers will move on, but it's just so easy to make
something look convincing. Apple, Gmail, thunderbird, roundcube and
outlook. Just pick a day and all change.
I'm open to comments and feedback. I'm interested if I've missed an
obvious other way hide stuff if you are scamming people.
(and sorry for picking on DVLA, but my mailbox is fillling up with
people faking being you this morning. DLVA is the uk authority where
you register and pay the tax for your Car)
--
Tim Bray
Huddersfield, GB
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
