Showing posts with label Phising. Show all posts
Showing posts with label Phising. Show all posts

Wednesday, July 09, 2008

GMail Filter Is Not 100% Success

It seems that GMail new feature about Phishing filter is not 100% working for all people. Abhinav.Singh still has a problem with Paypal which he posted on his blog. It's dated 8 July, so it's still fresh (only few hours after GMail announced their new filter).

As you can see in the image, phisher usually uses undisclosed-recipient as the recipient and not our single email account because they sent a mass email to lots of people. So by looking at this criteria, we could reduce the risk by deleting or marking it spam. And also, PayPal usually write their customer's name in most of their email messages, so if you receive messages from PayPal without your full name, please beware. It might be phishing attempt.

Update (10 July 2008 : 06:45): Thanks to Somesh for clarification. GMail seems to use filters only for emails that tries to camouflage as PayPal or Ebay and ends with @paypal.com or @ebay.com (email spoofing), but emails that tries to camouflage as PayPal or Ebay and uses domain other than paypal.com and ebay.com will not get filtered away (this is what happened in Abhinav's case with @online.net domain). Please pay more attention about this.
Posted by at Wednesday, July 09, 2008 3 comments
Labels: , , ,

Tuesday, July 08, 2008

Bye Bye Phishing

GMail has worked together with Paypal and EBay to make sure that email sent from those two web sites to GMail accounts are valid messages and not an attempt of phising. Here's some point from the GMail blog:
Now any email that claims to come from "paypal.com" or "ebay.com" (and their international versions) is authenticated by Gmail and -- here comes the important part -- rejected if it fails to verify as actually coming from PayPal or eBay. That's right: you won't even see the phishing message in your spam folder. Gmail just won't accept it at all. Conversely, if you get an message in Gmail where the "From" says "@paypal.com" or "@ebay.com," then you'll know it actually came from PayPal or eBay. It's email the way it should be.
It's said that they used DomainKeys and DKIM to verify each messages, so the reliability of this methods is based on those two. I just hoped they don't break too easy in the future resulting a false alarm big grin
Posted by at Tuesday, July 08, 2008 3 comments
Labels: , , ,
Subscribe to: Posts (Atom)