PDA

View Full Version : [Content filter] Hoax emails that ask for webmail's password



ICEWARP_BRAZIL
06-20-2011, 11:03 AM
Hi,

You've probably seen a hoax that has been around which asks for user's webmail password, claiming that it was sent by the administrator.

This caused us problems as users would send their data and spammers would use it to send out spam (although we do have a restriction on emails out per day for each account).

Here's an example of part of such email:

Dear Email Account Owner,

This message is from webmail messaging center to all email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused email account to create space for new accounts.To prevent your account from being deactivated you will have to update it. Please do not send us wrong password-email address ok.

CONFIRM YOUR EMAIL ACCOUNT
Email Username :...............
Email Password :..............

*** The problem is that the text content changes!

Only solution I found is such a filter

Where Message is < 10 kB
and Where Message body matches webmail
and Where Message body matches password
and Where Recipient is local
Forward to cfwebmail@mydomain.com
and Add header/footer

In add header/footer, I put a disclaimer "Warning, this message seems to mention the words webmail and password. DO NOT inform your personal data in e-mails, these e-mails are usually hoaxes".

It also lets me audit, to see if any user did provide their password...

Hope it helps.

All the best,
Flávio

ICEWARP_BRAZIL
03-22-2012, 06:53 PM
Hi, everyone

We've seen variations of this. In portuguese they even put the recipient's email address in the body of the message filled out, just so user fills the rest (password, etc).

We had to adapt the filter, since now the send it with nothing in common, except always the word "password". Before it always had words password and webmail, now many times just password.

So we have a filter where msg smaller then 30 KB and body has word password, we add a footer "Be careful, never provide pwds in emails, there are hoax messages circulating, etc...".

All the best,
Flávio