I wasn't warned away from Firefox's "It's a Trap!" page after clicking on "test out your own phishing detection" in "6 Ways to Stay Secure on Desktop" in the 27 oct email from mozilla@awesomeness.mozilla.org, subject "6 Tips to Stay Safe while Browsing".
Nor from the "It's an Attack!" page after clicking on "malware test site" in the "Phishing and Malware Protection - Frequently asked QUESTIONS" page, via the "Phishing Protection" link in the above mentioned "It's a Trap" page.
In both "It's a . . ." pages, it says "if you're using Firefow 2 or later, you should have been warned away from this page". I'm using Firefox 7.0.1, but received no such warnings.
Regardless of these inconsistencies, I'm just hoping the above Mozilla email is genuine . . .
All Replies (7)
Can you please tell to which pages you were sent? Are they on www.mozilla.org or www.mozilla.com ? The pages on the .org domain do not work anymore. This all sounds like a scam to me so far.
I do not understand why Mozilla would send e-mails to random users. Normally these are scam e-mails. They try to scare you and say that you are infected with malware. Then afterwards you are offered a so called "security update" which in reality will infect you computer with a virus. Do not install a fake update.
The pages that actually should work are on the .com domain:
http://www.mozilla.com/firefox/its-a-trap.html
http://www.mozilla.com/firefox/its-an-attack.html
Hello Knorretje,
The pages I have are .org.
I felt uneasy when, following this lack of performance, I clicked on a further link in the email to a "Plugin check" which recommended I download an update to my Shockwave Flash to ensure the safe and smooth running of my Firefox.
I didn't do this, nor did I bother with any of the other Firefox-related tests or downloads offered.
I'm concerned though that someone the other end had checked out my plugins and goodness knows what else.
It is a convincingly authentic email though:
Hmm; when I try to upload an RTF copy of the email, I get a message, "Error Uploading Image: Invalid or no image received".
Modified by DGWeale
The links on the phishing-protection web page to test the protection link to .org sites after a recent change and are currently not yet in the phishing protection database and thus don't display the red warning page.
Use these links to .com instead of links to .org as posted above.
Bug 693389 - Update urlclassifier DB for Mozilla com->org move
Hello Cor-el,
I can take it then that the email - from mozilla@awesomeness.mozilla.org - is genuine?
In the meantime, thank you both, Cor-el and Knorretje, for your responses.
So an e-mail from Mozilla asking to test the phishing protection is sending people to urls which are already known by Mozilla to not work at all? That does not make sense at all. Why does Mozilla not send people to pages that actually work if this is not a scam.
Did you ever subscribe to a news letter (Get Monthly News)?
Whilst it would seem a safe bet that Cor-el speaks with some authority, it is to be hoped that Mozilla takes more care with its protection systems than it does with its promotions for them.