Write a keyword blacklist expressions for phishing - ORF Forums

Write a keyword blacklist expressions for phishing RSS Back to forum


Some people often get phishing emails with hyperlinks, the link as :
https://cotsys.com/js/chinamail/upgrade/[email protected]

I wrote some expressions but failure.

Thanks for your input in advanced!

by Monkeenmao 1 year ago

@Monkeenmao: Hello,

If you want to block emails that contain hyperlinks which include an "email=*@*.*" string in the URL, I recommend the following:

1. Start the 'ORF Administration Tool'
2. Navigate to 'Blacklists > Keyword Blacklist' page
3. Click 'New'
4. In the Keyword Filter Properties dialog, set the Search Scope to 'Email body' and mark the 'Body raw HTML source' checkbox enabled
5. Add a Comment text (e.g., "URL Blocker")
6. On the 'Filter Expression' tab, add the following expression:

.*&lta[^>]+href=['"\s]https?[^>]+email=[^>][email protected][^>]+>

7. Set the expression type to Regular expression (Perl-compatible)
8. Click 'Ok'
9. Save your settings to apply the changes by pressing 'Ctrl + S'.

I hope the above proves helpful to you, but let me know if you need further assistance.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2