On Tue, 16 Sep 2014, francis picabia wrote:
Hello,
We just received the most authentic looking phishing I've seen. It was
professionally written, included a nice signature in the style used by
people at my workplace, and the target link was an exact replica of an
ezproxy website we run.
The URL domain was only different by a few letters. I'm thinking we
will see more of these. So here is a question perhaps someone can solve
and many of us can benefit from...
How can I make a uri rule which matches
example.com.junk/
but does not match
example.com/
uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i
The goal is to score fake URLs containing our domain, and thus an email
with a link to something like http://example.com.tk/ wouldn't be
delivered.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
From the Liberty perspective, it doesn't matter if it's a
jackboot or a Birkenstock smashing your face. -- Robb Allen
-----------------------------------------------------------------------
Tomorrow: the 227th anniversary of the signing of the U.S. Constitution
