Este site está com funcionalidades limitadas enquanto realizamos manutenção para melhorar sua experiência de uso. Se nenhum artigo resolver seu problema e você quiser fazer uma pergunta, nossa comunidade de suporte pode te ajudar em @FirefoxSupport no Twitter e /r/firefox no Reddit.

Avatar for Username

Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

Addon to "defang" fraudulent links in emails?

  • 2 respostas
  • 1 tem este problema
  • 4 visualizações
  • Última resposta de Toad-Hall

fredwehr
fredwehr
more options

AFAIK a common phishing technique is to insert a legitimate-looking URL into the malicious message, but when the unsuspecting victim clicks the link, their browser is redirected to the actual, malicious URL. Attached image is courtesy of it.sheridancollege.ca.

Many financial institutions warn customers NOT to click links in emails but rather, to select and copy the displayed URL then paste it into their browser. BUT - how many people will remember the discipline to do this?

It seems to this amateur that it should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed. If the domains are not identical, an addon (theoretically) could convert the link to plain text, rendering it NON-clickable and protecting the recipient.

I hoped to find a Tbird addon that does this, but did not. Any opinions as to whether this concept is (a) doable and (b) helpful? Thanks

AFAIK a common phishing technique is to insert a legitimate-looking URL into the malicious message, but when the unsuspecting victim clicks the link, their browser is redirected to the actual, malicious URL. Attached image is courtesy of it.sheridancollege.ca. Many financial institutions warn customers NOT to click links in emails but rather, to select and copy the displayed URL then paste it into their browser. BUT - how many people will remember the discipline to do this? It seems to this amateur that it should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed. If the domains are not identical, an addon (theoretically) could convert the link to plain text, rendering it NON-clickable and protecting the recipient. I hoped to find a Tbird addon that does this, but did not. Any opinions as to whether this concept is (a) doable and (b) helpful? Thanks
Capturas de tela anexadas

Todas as respostas (2)

Toad-Hall
Toad-Hall
  • Top 10 Contributor
more options

re :It should be possible to compare the domain shown in the displayed URL, with the real URL to which the browser will be directed.

This ability is already available. When anyone receives an email with a link, it is normal practise to hover over the link to see whether the real link is exactly the same as the stated link. The real link would be displayed in the bottom status bar.

If there is any anomally and sometimes it can be tricky to spot if somone replaces an 'i' with a number 1 (one), the you should never click on the link. You cannot assume the email has been sent from the person who owns the email address, as there are nefarious people who abuse other peoples email addresses.

This is the normal practise which all email users should use and be aware of using. Hovering over a link is not difficult and a whole lot easier and quicker than any other method. After all, you have to move the mouse to that position before you actually click, so the info is already visible before clicking.

Toad-Hall
Toad-Hall
  • Top 10 Contributor
more options

Just to prove a point. It is also common practise to use something that says; Get Thunderbird here where a few short words are used legitimately rather than enter a longer and no so attractive website address.

So, it can used to good effect.

I suppose the bottom line is that you cannot stop people from clicking on links they refuse to check.