Debunked links in the body of emails
Idea shared by BMark - 11/17/2023 at 8:10 AM

I thought of an idea and would like to share it with the community and Staff:
given that spam attacks, especially phishing, attack by trying to disguise links making people believe they are real and instead referring to scam sites, it would not be possible to create a system that acts directly on the links (http:// - https://) who makes sure to print the real link?

Let me explain:

in the body of the html email it is indicated:

"click here https://truelink.com to access your profile and update your password"

but in reality the url points to "https://xyzphishing.xx";, this is a typical example.

If the system looked for links in the body and simply appended the real URL like this:

"click here https://truelink.com [https:// xyzphishing.xx] to access your profile and update your password"

even with a different color (red?) users would immediately understand that it is Phishing and that the link is suspicious.

Programmingly it doesn't require much, because you just need to search for the links (http:// - https://) and print them unmasked below.

It seems simple and almost banal to me, but it's not there, why?
It can also be implemented as optional, with those who want enabling it and those not (even by domain if there are advanced users who may find it annoying)

The same goes for the sender address of emails in Webmail, why not also print the real sender address next to the name:

From True Agency [trueagency@xyzphishing.com]

it would be very easy for users to understand that it is Phishing.

What do you think?

Hello everybody!


Reply to Thread