Summary: Occasionally, security software examines links in email and alerts you if something is suspicious. Frequently, as in my newsletter, it's totally benign.
My email client, Thunderbird, thinks that your newsletters are a scam. I get an overall message with the email, plus a warning whenever I click on a link. This doesn't bother me, and no doubt I could fix it by setting something in the client, but it must be happening to others, and I thought you might want to know so you can fix whatever is triggering it.
•
Unfortunately, this happens to a lot of newsletters and other mailings. Needless to say my newsletter's no scam, but seeing as how I do run Thunderbird myself, and how I do occasionally get this report from folks, I thought it worthwhile to explain exactly what Thunderbird is doing, especially since other email programs may be doing something similar.
And it's a good education on how some scams try to fool you.
The scam warning has always thrown too many false positives for my taste, so I'll also show you how to turn it off in Thunderbird.
•
The fundamental issue is very, very simple. Hover over this link (or click, if you like - it's safe):
http://microsoft.com
The URL it links to is not the URL that is displayed. It might be trying to deceive you into clicking on what you see to get you to go somewhere else.
In other words, it might be a scam.
This is very easy to do in HTML. More commonly, the link would be:
Buy Leo Coffee!
Which a) is not displaying a URL at all, but text, and b) is very clear about what to expect when you click.
Now let's look at something a little more sinister:
http://paypal.com
You may think you're clicking on a link to Paypal, but you're not. If the page you land on, however looks like Paypal you may not even notice.
You might get scammed.
Now, not all scams can be easily detected, and not everything that's detected is a scam. However, Thunderbird's scam detection includes something like this simple rule:
-
If the display text of a link "looks like" a URL that begins with http://
-
and if the target of a link is also a URL that begins with http://
-
then if the rest of the URL doesn't match, it might be a scam.
The upshot is that:
http://microsoft.com
would generate the warning (display text and destination are both URLs, but they are different), while
http://buyleoalatte.com
would not - both display and destination are the same. Neither would:
microsoft.com
Since even though the display and destination are different, the displayed text is not a URL.
•
So why is it happening in a non-scam publication like my newsletter?
In fact, it's due to an extremely common and legitimate tool used in legitimate newsletters and other mass emailings: click tracking.
I'll continue to use my newsletter as an example. I occasionally include links, often from advertisers, that are complete URLs. For example: "http://www.FreePrintableCertificates.net" might be both the display text and the destination of an advertiser's link.
When the newsletter is sent, the destination of the link is automatically replaced with a different URL - something like "http://clicks.aweber.com/...". Aweber is my newsletter mailing service, and "clicks.aweber.com" is the domain they use to count clicks. When you click on the link that displays "http://www.FreePrintableCertificates.net" you're actually taken first to "http://clicks.aweber.com/..." where it simply counts the fact that you've clicked on that link, and then automatically forwards you to the intended destination, often faster than you'd ever notice.
But the display text and the destination that are encoded into the email a) are both URLs, and b) are different - so Thunderbird says "this might be a scam".
Even though it's not.
It's an extremely common technique to see just how popular things are. Understanding what people are clicking on is one of many ways that I and my advertisers get a better understanding of exactly what it is that interests people, and how better to target what we do to be more interesting and useful to you.
•
Since it's such a common technique, I personally find little value in having Thunderbird throw the warning all the time, for newsletters that I've signed up for and that I know are not scams. Unfortunately, not all email programs let you "whitelist" or say "these emails are always good" when it comes to scam detecting.
So I turn the feature off.
In Thunderbird's Tools, Options, Privacy, E-mail Scams dialog:
simply make sure that "Tell me if the message I'm reading is a suspected email scam" is unchecked.
Other email programs may have similar settings if you're seeing this warning too often.
Remember, too, that it is just a warning, not an absolute determination. With this feature enabled, which you may elect to do, it's just an alert that you need to tread carefully, nothing more.
And now you'll know what to look for.
Related:
-
Phishing? What's Phishing? Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.
-
Did I really just win an email lottery or sweepstakes? We all receive emails that indicate we've won several different lotteries. Are any of these winning notifications valid? I'll review what to look for.
Article C3758 - June 10, 2009
I learned a lot from this post but I disagree with turning of the Phishing warning. For example, if you get a warning about an email from your bank or PayPal most likely it really is a phishing attack.I So, I suggest keeping the filter on and be aware that some newsletters might get flagged. Instead of signing up for newsletters, I put a bookmark on the bookmarks toolbar of the sites I check out regularly.
Posted by: Mark Jacobs at June 11, 2009 5:15 AMIronically, I get this warning EVERY week, but ONLY with Leo's newsletter lol.
Posted by: Carl R. Goodwin at June 16, 2009 6:30 PM