Thunderbird2:Phishing

From MozillaWiki
Jump to navigation Jump to search
Please do not edit these pages unless you are a member of Team Thunderbird. Your feedback and comments are welcomed on the discussion page.

Tracked by: bug 328749

Design Overview

Objectives

The primary objectives of this project are to:

  • Make it easy for web service extensions to support online phishing detectors with Thunderbird.
  • Ship a default phishing service implementation that uses a local and online URL blacklist.

Background

Thunderbird 1.5 contains a simple phishing detector to help protect users against revealing personal information to e-mail scams.

The current implementation uses a set of simple static rules to determine if a URL in a message looks suspicious or not.

These rules look for things like: IP addresses in the host name field, URLs which have different host names than the urls the message shows the user (i.e. the url is http://myevilsite.com but the url text shown to the user is http://ebay.com).

We would like to make it possible for web service extension authors to replace our existing phishing detector with one that can leverage local and online URL blacklists. This requires us to first write a phishing API which can be implemented by the extension authors and which integrates with our existing phishing detector.

Front End Design

We already have a user interface in Thunderbird 1.5 for presenting messages which could be potential e-mail scams. We plan on leaving this UI intact, focusing our work on re-designing the actual phishing detector engine.

The current UI has two layers of defense:

A large, highly visible status bar across the top of the message indicates that Thunderbird thinks the current message is a potential e-mail scam:

phishingbar.png

If a user then proceeds to click on a link in this message, we bring up an alert prompt which includes some information about why we think the link is suspicious (i.e. it says ebay.com but you are really going to myevilsite.com):

phishingalert.png

The phishing bar is part of the message notification bar associated with each message window.

When a message has been parsed, we update the pishing bar for the current message by calling [1] setPhishingMsg. Currently setPhishingMsg calls isMsgEmailScam. This is where we'll tie into an improved phishing detector.


Team

API Changes Required

The APIs for accessing Bookmarks and History will be replaced. APIs abstracting the layout of the metadata tables used in the profile storage file will be provided. See above for details.


Extensions

The APIs for accessing and manipulating Bookmarks and History are being replaced with new ones, and almost all Bookmarks and History user interface will be replaced or updated significantly. Any extension that does anything with History or Bookmarks will almost certainly have to be rewritten, at the very least to use the new APIs.

Retrieved from "https://wiki.mozilla.org/index.php?title=Thunderbird2:Phishing&oldid=18508"