Domain: mailfrontier.com
Stories and comments across the archive that link to mailfrontier.com.
Comments · 19
-
Re:Not All PeopleOK, oh so smart one. I'm so happy that you won't be fooled. The problem for the rest of us is that the phishing attempts are getting better, and legitimate email sometimes looks phishy.
Take this quiz to see what I mean.
-
What a Ridiculous Test
I just took the referenced phishing test. Here's one of the answers, along with an explanation. Read it, and then tell me you think this test is legitimate: http://www.mailfrontier.com/quiztest2/answers/why
_ q9.html -
Re:Link doesn't support assertion.
You are exactly right. I got the Bank of America one right because I cheated and tried the URL for myself and found it was legit. The lame CapitalOne question got me because I was too bored to try the same test a second time. Their explanation of why it was legit was in fact an explanation of why it was verly likely an phishing attempt. I call bullshit.
-
Link doesn't support assertion.
only 4% of Internet users can flag 100% of phishing e-mails
I took the test the linked-to article cited as the source of data for that 4% claim. I only scored 80%. Does that mean I flagged only 80% of phish attempts? No, it doesn't. I flagged 100% of the phishing attempts as exactly what they were.
I had two false-positives, which lowered my score. But false-positives are quite a bit safer than false-negatives. In each case, the 'legitimate' email linked to different domains than the origin; the one from Bank of America linked to bankofamerica1.com, and the one from CapitalOne linked to a really odd domain, bfi0.com. That second one is a *huge* red flag, regardless of the content of the email, you'd have to be very trusting or do some extra research in order to *not* flag it as a phishing attempt.
Only 4% of users might score a 100% on that quiz, but that's not at all the same thing as saying that only 4% of users can't flag all phishing scams as such. -
Try this quiz instead...Ok, try this quiz. I give you how they described the e-mail in their "find out why it was a fraud/legit e-mail" section, and you guess if they were talking about a fraud or legit e-mail.
"The content of this e-mail introduces privacy policies, so it's good, right? But the e-mail is not personalized and some of the links go to bankofamerica1.com, which might be bad" Legit or Fraud?
"But, the e-mail provides links to login to your account-which could be abused by fishers." Legit or Fraud?
"These links seem legitimate as the URL displayed in the status bar at the bottom of the email appears to go to the legitimate Network Solution domain, but always remember that this display can be faked." Legit or Fraud?
What I'm getting at here, is the idea that telling people that they should weed out the good and bads is silly, because even the goods show characterstics of the bads. Just plain don't click on the links. Don't think of emails to be your little gateway to the www, but rather as just a way to get and send messages. Read the message about your bank account, then open up your browser and get to the account yourself or call up the bank.
-
Try this quiz instead...Ok, try this quiz. I give you how they described the e-mail in their "find out why it was a fraud/legit e-mail" section, and you guess if they were talking about a fraud or legit e-mail.
"The content of this e-mail introduces privacy policies, so it's good, right? But the e-mail is not personalized and some of the links go to bankofamerica1.com, which might be bad" Legit or Fraud?
"But, the e-mail provides links to login to your account-which could be abused by fishers." Legit or Fraud?
"These links seem legitimate as the URL displayed in the status bar at the bottom of the email appears to go to the legitimate Network Solution domain, but always remember that this display can be faked." Legit or Fraud?
What I'm getting at here, is the idea that telling people that they should weed out the good and bads is silly, because even the goods show characterstics of the bads. Just plain don't click on the links. Don't think of emails to be your little gateway to the www, but rather as just a way to get and send messages. Read the message about your bank account, then open up your browser and get to the account yourself or call up the bank.
-
Try this quiz instead...Ok, try this quiz. I give you how they described the e-mail in their "find out why it was a fraud/legit e-mail" section, and you guess if they were talking about a fraud or legit e-mail.
"The content of this e-mail introduces privacy policies, so it's good, right? But the e-mail is not personalized and some of the links go to bankofamerica1.com, which might be bad" Legit or Fraud?
"But, the e-mail provides links to login to your account-which could be abused by fishers." Legit or Fraud?
"These links seem legitimate as the URL displayed in the status bar at the bottom of the email appears to go to the legitimate Network Solution domain, but always remember that this display can be faked." Legit or Fraud?
What I'm getting at here, is the idea that telling people that they should weed out the good and bads is silly, because even the goods show characterstics of the bads. Just plain don't click on the links. Don't think of emails to be your little gateway to the www, but rather as just a way to get and send messages. Read the message about your bank account, then open up your browser and get to the account yourself or call up the bank.
-
The test is bad
In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
Had a look at the test and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits). -
Bad testThe Phishing IQ Test, on which this survey is based, is not a good gauge for the ability to detect Phishing emails. It presents you an image of questionable messages and asks you to decide whether they're trying to trick you. I don't know about you, but I use a lot more than the text and visual properties of a message to decide whether it's a fake. My first line of defense (and usually a very good one) is to look at the URLs that the message's links point to. I can weed out 99% of fraudulent email in a few seconds that way, and never even have to read what they're trying to sell me. Sometimes I'm even surprised to find that a suspicious message is actually genuine. The Phishing IQ Test denies me the URL-snooping that's available in just about every email reader and web browser, so it is by no means an accurate measurement of real-world detection skills.
I took this test a while ago and didn't get 100%, even though I'm one of the most internet-savvy people I know. Despite that, I don't know anyone who's been taken in by a phishing scam. Hmmm...
-
Re:Internet Darwinism
> Anyone that falls for a phishing scam is too dumb to have their money anyway.
http://survey.mailfrontier.com/survey/quiztest.htm l
(use IE, not the Fox)
Did you get 100% correct on the first try (I didn't, I only got 9 out of 10)? Educating the internet population to be aware of the varied and increasingly sophisticated scamming variants is a hopeless proposition in my opinion. -
Re:Nostradamus Predicts
"They really don't need a firefox version anyway.. People who use firefox fall under those who don't really need it
:)"
Oh yeah? How did you do on this quiz? -
This your smart enough?
Well, if you think you are, then why not see if your prone to phishing scams, or if it's a legitimate e-mail offer! Take the Mail Phishing Test
Enjoy! ;) -
Re:Where did the test go?
-
Re:Whose fault?Have you seen these emails? They're damned convincing,
Sounds like a good time to try the Phishing IQ test. As for using the exact domain, lots of sites use a different provider for their online commerce, so that won't necessarily work. -
Cool phishing detection quiz
This nifty quiz can help you assess your phishing detection abilities. Recommended. -
I think my 90% is highly justified.
I took the test thing. Apparently I failed it by Slashdot standards because I thought the first message ( http://survey.mailfrontier.com/survey/phishingtes
t /message_1/message1.htm ) was a fraud and it's not. I mean, I know the link said msn.com, but... asking you for money, threatening you if you don't pay them for the extras, sending you advertisement to a non-MSN account when they're an e-mail provider when their little policy on the bottom says that they only send you update info... how the hell is that an official e-mail? Does Hotmail suck that hard? Wayne: "It sucks rhino!" Garth: "It sucks blue whale!" Wayne: "It sucks Wookie!" Garth: "Wait a minute, Wayne, a blue whale is bigger than a Wookie." Wayne: "Oh, I'm sorry, Garth, I thought we were going for obscurity." -
Re:80% right, 100% ugly colour scheme.All right...I'll admit it, this one got by me...still not sure what kind of phishing attack a link redirecting me to "www.earthlink.net" would enable, but I guess I'm just not up to snuff on all this phishing stuff.
Either that, or I'm right and they're wrong.
-
It isn't just earthlink they are suingMailblocks has previous filed suits against Mail Frontier -- makers of the Matador plugin for outlook and outlook express, Digiportal -- makers of ChoiceMail, and Spam Arrest who offers end user and enterprise services that directly compete with Mailblocks.
Recent articles haven't mentions Digiportal or Mail Frontier, so it is possible that they have come to an agreement with Mailblocks.
Full article (dated 4/05/03) from the San Jose Mercury News.
-
Re:Nice movesMailblocks is a piece of junk, I had nothing but trouble dealing with them. And I wonder how Earthlink got out of being including in the numerous lawsuits Mailblocks are filing based on their patent covering challenge/response.
I think Mailblocks is the perfect example of a company the
/. crowd would hate: rich guy comes into the market late, drops a bundle of money, scoops up some shaky patents, and tries to sue/shutdown their competitors (some of which have been in business for over a year longer than them).By the way, Spam Arrest, one of Mailblocks' competitors (and currently being sued by Mailblocks) has no disk quota. (10 MB max message size though). Their enterprise product will forward messages through to your smtp server. A little pricey, but good for businesses.
Matador also does challenge-response (in addition to filtering) but runs on your desktop, if you are into that kind of thing.
Yes, I've done a lot of research into the anti-spam products!