Beyond mail server filtration techniques, mail clients are our front-line of defense against phishing email messages.

1/9
When a mail message is received in a mail client, the first line of defense that could be used by the recipient to identify a phishing email message is the sender's email address, and the second line of defense is the target of any links in the email message.

2/9
Mobile mail clients such as @Apple's Mail app or @Microsoft's @Outlook app don't show the sender's email address by default, nor do they provide an option to enable showing it on all messages. Instead users have to tap 1-3 times to see a sender's email address.

3/9
Those same mobile mail clients also fail to provide a way to safely identify the target of any hyperlinks in an email message. To identify the target of a hyperlink in an email message on a mobile device, the recipient has to press and hold the hyperlink.

4/9
Pressing and holding a hyperlink will result in a pop-up that shows the target information, yet any time that a message recipient would want to know the target of a hyperlink in a suspicious email message they received, the last thing they want to do is touch that link.

5/9
This is the exact opposite of how mail clients should work to protect us on mobile devices. Sender email addresses should be visible by default. Users should be able to view hyperlink targets in a suspicious email message without having to touch any hyperlinks.

6/9
Going further, mobile devices contain information for known contacts. Any email received by a mail client on a mobile system should not only look at the sender's email address, but also the display name, because any display name can be spoofed to resemble a trusted contact.

7/9
It would be trivial for a mail client to identify an email as suspect if the display name matches a known contact, but the email address does not match any of the email addresses that have been entered into the contact details on the recipient's device.

8/9
Scammers are smart enough to recognize this vulnerability. Developers are smart enough to code protective features to combat this vulnerability. Why then does this seem like none of this is a priority to the companies creating mail apps like @Microsoft and @Apple?

9/9
You can follow @Poshoholic.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more