Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 2671 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failure to filter Phishing email

RaphaelH

Last week I got a very plausible email from a friend who was "in trouble" in Scotland.  It was thought to be OK as the person is a regular world traveler and I had been with him a couple of weeks before, he is from Canada.  It ran for a couple of steps and I then realised what it was, I refused to send any help unless I spoke to him.  I was able to get an address in Scotland and a Bank Account number in England that I forwarded to the anti-fraud unit.  (I have not heard back from them.) 

I went direct to my e-mail account on Gmail a couple of days later to check things there and realised that the warning was there and had not been forwarded to Apple Mail!  I also found the IP address is in Nigeria!

My problem is that the mail on Apple Mail looked good, BUT had filtered out the warning information that was present on the Gmail website. What I missed initially was the fact that it was adddressed to a number of "undisclosed recipients." 

I am a relatively new iMac user, having used PC/Microsoft Windows from the beginning.  I am also new to the UK, so I have not yet settled in with an ISP that I am happy with, so have stayed with Gmail as I do not want to change email address too often.  I am using Apple Mail using a POP and SMTP for download into it.  I installed the home user free Sophos soon after getting going on the iMac having seen it recommended on Macformat magazine.  I have always used Nortons products before.

There are two issues: 1. Sophos missed it and 2. Apple is filtering out important information.

Does anyone have any advice.  I will post this on an Apple Forum as well.

Thanks

Raphael

:1003653


This thread was automatically locked due to age.
  • 0

    Sophos AV for Mac is an Anti-Virus, and it does exactly that, catches malware such as virus, worms and trojans. It is NOT like those Norton products on Windows that will do everything from setting up a firewall (when windows already has one), creating a another Recycle Bin, and generally annoy the user with glossy messages and hog computer resources. It doesn't try to catch phishing messages and it's not suppose to. For that GMail and Mail.app and user discretion are the tools needed to avoid phishing.

    What Sophos does is just scan files for malicious programs or files, and a phishing message isn't neither.

    In the Windows world Sophos AV for Mac would be something like Microsoft Security Essentials.

    :1003655
  • 0

    Hello Raphael ,

    1. Specimen has already explained that Sophos AV "just" scans for malware. As there have been some questions about Sophos' approach to scanning mail in general and scanning mail during "transfer" (i.e. while your mail client fetches it from the server): On-access scans the attachments (including HTML parts) when you're attempting to open them, but the plain text isn't analyzed - it doesn't look for Spam and Scam.

    2. Apple Mail likely didn't filter out important information. Then why the warning on Gmail? Nowadays many mail clients include some sort of protection against Spam and Scam - and Apple Mail does as well, calling it Junk Mail filtering -  in addition to the "Anti-" measures on the gateway (server). The client employs its own (adaptive and explicit) rules to identify junk messages, it might consult external lists and it can also work in concert with the server. Perhaps the Gmail server hasn't come to a definite decision to put the mail in the spam folder (I assume it will do so, and even if you access your Gmail mailbox with an external client). Either the Gmail client has warned you because the server has put some "spam probability indicator" in the header (View->Message->Long Headers) but Apple Mail didn't understand or check it or it did some additional checks on its own (in which case there was nothing to filter out at all). Apple Mail offers the option to Trust junk mail headers set by my ISP - AFAIK it checks the X-Spam-Flag and in Leopard and later Received-SPF headers). You might want to review your Apple Mail preferences and take a look at the headers of the mentioned email.

    Hope this clarifies it a little bit

    Christian         

    :1003657
  • 0

    Thanks for your explanation.

    I have already reset all the settings you have suggested as I examined closely every security step.  I fortunately was suspicious early on and did not get caught, but was close to it due to being cautios.

    Once again many thanks

    Raphael

    :1003659
  • 0

    One thing to add is that while the Mac Home AV product  is not an Anti-Spam product (we have an appliance and a few other solutions that do this for business customers), we DO detect some of the more common phishing attachments that can arrive in email or are on websites linked to from email.  This is not a replacement for an anti-spam solution (such as what is provided by email providers and your mail client), but it does add one extra layer of protection.

    :1003673
  • 0

    Thanks for the extra info.

    Raphael

    :1003677