Version: 1.9.9 (using KDE 3.5.9) Installed from: Slackware Packages OS: Linux The html snippet: <P><U><SPAN style=3D'color:blue'><a href=3D"http://www5.abbey.net.cfm93.net/servlet/?host=3D22shfdsnDshfdsnwhacrOrdn">http://ww2.abbeynational.net/servlet/?cookie=3D22shfdsnDshfdsnwhacrOrdn</A></SPAN></U></P> results in the forged target being displayed in the status bar, rather than the actual target. The full html snippet is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR> <title>Abbey: Private and Corporate Details Confirmation Webpage</title> <STYLE></STYLE> </HEAD> <BODY> <DIV> <P><SPAN><img id=3D"qhc99c71" SRC=3D"cid:000901c8bef5$ab96040b$7301260a@marica"></SPAN></P> <P><B><SPAN>Dear Abbey Private and Corporate Banking customer!</SPAN></b></p> <P><SPAN>Our Maintenance Subdivision is doing a planned Digital Banking Service upgrade</SPAN></p> <P><SPAN>By clicking on the link below you will open the procedure of the user details verification:</SPAN></p> <P><U><SPAN style=3D'color:blue'><a href=3D"http://www5.abbey.net.cfm93.net/servlet/?host=3D22shfdsnDshfdsnwhacrOrdn">http://ww2.abbeynational.net/servlet/?cookie=3D22shfdsnDshfdsnwhacrOrdn</A></SPAN></U></P> <P><SPAN>These directions are to be e-mailed and followed by all members of the Abbey National On-line Banking</SPAN></p> <P><SPAN>Abbey National does apologize for any problems caused to you, and is very grateful for your collaboration.</SPAN></p> <P><SPAN>If you are not customer of Abbey eBanking please disregard this e-mail!</SPAN></p> <P><SPAN>*** This is an automated message, please do not reply ***</SPAN></P> <P><SPAN style=3D'font-size:8.5pt;color:#003399'>(c) 2008 Abbey Electronic Banking. All Rights Reserved.</SPAN></p> </DIV> </BODY> </HTML>
Created attachment 25125 [details] Phishing email - forged target displays in status bar
Although we do warn by default not to trust the content of HTML mail, people will be turning on Prefer HTML to Plain Text by default nowadays. We should do something about phishing. I wonder if Konqueror has a solution?
This works for me with the KDE4 version, the phishing URL is displayed in the statusbar. Will, did you test this? The ironic thing about the attached mail is that the plain text part of the mail doesn't have the phising URL in it, so by default it is not even possible to go to the phishing website.
Thomas: This bug was not raised against KDE4 but KDE 3.5.9. Closing this bug as WORKSFORME is incorrect.
This bug was not raised against KDE4 but KDE 3.5.9. Closing this bug as WORKSFORME is incorrect.
There will be no more fixes in the KDE 3.x branches. You can leave it open, but if you do not fix it, it will probably stay there forever ... Therefore, please close it. We've much too much open bugs which are really problems even with kmail in KDE4
KDE 3.5 is unmaintained - no fixes and backports from the team anymore