info-spamassassin-t...@cs.utexas.edu wrote:
Hi,Before I try to roll my own, does anyone have a set of rules or a plugin designed to detect all these webmail account phishes. You know -- the kind that pretend to be a webmail administrator who informs the user his/her webmail account is being upgraded or has exceeded quota or whatever .. And that it is necessary for the user to send them a login/password pair for validation? One commonly used indicator is username: .... password: ....
Hi, I've used the following to block on the subject. header PHISH2 Subject =~ /UPGRADE YOUR.*ACCOUNT/i describe PHISH2 Attempted password scam score PHISH2 50 header PHISH3 Subject =~ /UPDATE YOUR.*ACCOUNT/i describe PHISH3 Attempted password scam score PHISH3 50 Regards, Rick
