I\u2019m start\u00ading to be impressed by the (almost) soph\u00adist\u00adic\u00ada\u00adtion of phish\u00ading attempts. The latest one in my inbox today con\u00adtained a mes\u00adsage from someone pur\u00adport\u00ading to have bought an item via eBay that they had\u00adn\u2019t received and unless they heard back they were going to com\u00adplain to eBay and then the police \u2014 I can quite see some nervous seller who thinks there might be a mis\u00adtake in the sys\u00adtem click\u00ading on the \u201clog in to eBay mes\u00adsage cen\u00adter\u201d link (which of course does\u00adn\u2019t go to eBay at all) to try to rec\u00adti\u00adfy it. <\/p>\n
Mind you, the spam fil\u00adters are also start\u00ading to become soph\u00adist\u00adic\u00adated \u2014 my ISP<\/span> adds head\u00aders to the email mark\u00ading poten\u00adtial spam and this one tripped a num\u00adber of meters, adding up to quite a lot of red flags. Some of them are, on their own, quite legit\u00adim\u00adate of course, but not all:<\/p>\n After I saw this I promptly went and got the latest ver\u00adsion of Pegas\u00adus Mail<\/a>, which I use for my per\u00adson\u00adal email. Pegas\u00adus has always had good anti-vir\u00adus pro\u00adtec\u00adtion, has had decent spam fil\u00adter\u00ading for some time, and shows the real URL<\/span> that is being linked to on HTML<\/span> emails, but it now advert\u00adises anti-phish\u00ading checks as well. It will be inter\u00adest\u00ading to see how well they work in practise. <\/p>\n","protected":false},"excerpt":{"rendered":" I\u2019m start\u00ading to be impressed by the (almost) soph\u00adist\u00adic\u00ada\u00adtion of phish\u00ading attempts. The latest one in my inbox today con\u00adtained a mes\u00adsage from someone pur\u00adport\u00ading to have bought an item via eBay that they had\u00adn\u2019t received and unless they heard back they were going to com\u00adplain to eBay and then the police \u2014 I can \u2026 Con\u00adtin\u00adue read\u00ading \u201cPhish\u00ading Sophistication\u201d<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[1,6],"tags":[],"class_list":["post-111","post","type-post","status-publish","format-standard","hentry","category-general","category-technology"],"_links":{"self":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":0,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n 1.0 FROM_ENDS_IN_NUMS \n From: ends in numbers\n 1.3 RCVD_NUMERIC_HELO \n Received: contains a numeric HELO\n 1.0 MSGID_SPAM_CAPS \n Message-ID =~ \/^\\s*< ?[A-Z]+\\@(?!(?:mailcity|whowhere)\\.com)\/\n 0.1 HTML_TAG_EXISTS_TBODY \n BODY: HTML has \"tbody\" tag\n 0.4 HTML_70_80 \n BODY: Message is 70% to 80% HTML\n 0.1 HTML_FONTCOLOR_BLUE \n BODY: HTML font color is blue\n 0.7 MIME_HTML_ONLY \n BODY: Message only has text\/html MIME parts\n 0.2 HTML_MESSAGE \n BODY: HTML included in message\n 0.3 HTML_FONT_BIG \n BODY: HTML has a big font\n 1.1 MIME_HTML_NO_CHARSET \n RAW: Message text in HTML without charset\n 0.2 MIME_QP_LONG_LINE \n RAW: Quoted-printable line longer than 76 chars\n 0.4 NORMAL_HTTP_TO_IP \n URI: Uses a dotted-decimal IP address in URL\n 0.1 FORGED_HOTMAIL_RCVD2 \n hotmail.com 'From' address, but no 'Received:'\n 3.0 FORGED_MUA_OUTLOOK \n Forged mail pretending to be from MS Outlook\n 0.6 MISSING_MIMEOLE \n Message has X-MSMail-Priority, but no X-MimeOLE\n 1.1 FORGED_OUTLOOK_HTML \n Outlook can't send HTML message only\n 1.1 MIME_HTML_ONLY_MULTI \n Multipart message only has text\/html MIME parts\n 1.1 FORGED_OUTLOOK_TAGS \n Outlook can't send HTML in this format\n 3.0 SARE_MSGID_YAHOO \n Message-ID is forged, (yahoo.com)\n 1.1 HTML_MIME_NO_HTML_TAG \n HTML-only message, but there is no HTML tag<\/pre>\n