Suramya's Blog : Welcome to my crazy life…

August 23, 2020

Mozilla Thunderbird has a ‘Link Mismatch Detection’ feature to protect from Phishing & Scams

Filed under: Computer Software,Techie Stuff — Suramya @ 10:03 PM

Yesterday I was trying to register for a new service and as always I had to share my email address and wait for the confirmation/validation email to verify that the email address I had provided was a valid one. Once I finally got the email it had a clickable link to validate my email address that looked like the screenshot below:


Clickable link for email address validation

Since this was an email I was expecting and wanted to create an account, I clicked on the link and got a surprise. Instead of immediately taking me to the link I had clicked on Thunderbird popped up the following pop-up telling me that the link was taking me to another website than what the link text was indicating. This is new behavior that I believe was implemented in Thunderbird 68 but haven’t found the release notes confirming it. (I didn’t really spend a lot of time searching to be honest)


Link Mismatch Detected

In this case it was a benign reason because the link was taking me to a tracking site before redirecting to the email confirmation page. But the benefits are immediately obvious as this would flag the links on the phishing/scam emails that pretend to come from a bank/email provider/facebook but redirect users to a Phishing site and prompt users to verify if they are going to the correct site.

Unfortunately the fix is not perfect and needs more work as this would include all links in newsletters etc that include tracking links (which is pretty much all of them). If users constantly get the popup then there is a high probability that they will get conditioned to click on the First button to go the site the link is taking you to without reading the text fully.

Some of the users will find this to be annoying and want to disable it, so below are the steps to disable the Phishing checks in Thunderbird (not recommended). Only make this changes if you are absolutely sure of what you are doing and take full responsibility of the fact that you disabled the Phishing checks. I will not be responsible if you disable the checks and then end up with an empty bank account after having your account Phished. Also, I found the instructions on the Mozilla Forum but haven’t tried them myself so like anything else you find on the internet please validate the steps and only follow if you are sure that they are safe :).

There are four phishing preferences.

* mail.phishing.detection.enabled

i.e. Tools > Options > Security > Email Scams > Tell me if the message I’m reading is a suspected email scam

* mail.phishing.detection.ipaddresses
* mail.phishing.detection.mismatched_hosts
* mail.phishing.detection.disallow_form_actions

Try setting the mail.phishing.detection.mismatched_hosts preference to false in the about:config window, then restart and test again.

It’s great that the Thunderbird team is adding more and more features to make email safer. Looking forward to more such features in TB.

Well this is all for now. Will post more later.

– Suramya

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress