Hi all, We keep receiving variations of this dropbox phish that's never tagged properly. I was hoping someone had some ideas for catching them.
I've added a few more body rules, and some header rules to block this "drpbox" spelling variation, but I hoped someone had some better ideas to block them before they're received... http://pastebin.com/7PQgEsrJ The domains in the body still aren't blacklisted anywhere, and the IPs are on more whitelists than otherwise. Perhaps someone knows more about google user content and the data-saferedirecturl components, and rules for keeping google from redirecting users to bad sites? Thanks, Alex
