Mail (OSX&iOS) needs better phishing prevention - duplicate my radar!

[Glassed Silver]

Hey guys!

I think it's not far fetched to say that most of us on here will probably not click links found in emails where "Amazon" asks you to "verify your account" and such, but the problem is, I haven't filed my report for myself, I did it, because phishing is becoming a much bigger problem year after year and it's mostly because computers are often required these days for jobs, for hobbies, for life, etc...

Many people, let's face it, seem to have a hard time remembering best practices for IT security. We're often the kind of folks who're then called by grandpa or grandma, father/mother, ... Well you get the gist.

I have filed a bug report with Apple, obviously they will take this issue more seriously if some guys duplicate the radar, so here's what you need if you feel like it, including my description, feel free to copy it 1:1:

Go to: bugreport.apple.com

Product: Mail
Classification: Feature (New)
Reproducibility: Not Applicable

Title:

Security feature: Warn users about clicking links that display as link for a trusted domain and link elsewhere (duplicate of rdar://18622914

Description:

Phishing mails are becoming an increasing problem, especially amongst people, who can't remember all best practices for safe computing.
Apple's ethos has always been to make computing safe and easy for as many people as possible, in that regard I think it's time to warn users about domains that display similar to this:
"Check your account status at: www.amazon.com" when in reality that link sends you to an obscure website set up to phish for your account details or at the very least by clicking the link verifying the active use of that email address.

Steps to reproduce:

n/a

Expected Results:

One could display the link still, but highlight it with red color and ask to confirm visiting the link after clicking on it, before the link is passed to Safari.
Also, once such a link has been found in a given email, I think it'd be wise to warn about all links found in the email and never display external graphics that may be loaded otherwise, even when Mail's settings are set to "Display remote images in HTML messages".

Actual Results:

User is not warned about such links, which poses as a common threat amongst many users who aren't very IT security savvy.
Many don't think twice in such a situation as some may be in shock about an alleged security issue with some of their accounts.

Configuration:

OS X and iOS - any version / any build

Thanks for your attention and time

Glassed Silver:mac

 

[Scubadiver]

Not a bug

This is not a bug, it is a suggestion.

 

[Glassed Silver]

This is not a bug, it is a suggestion.

Where did I say it's a bug?
Did you read my post?

edit:
I eat my words!
I see I wrote that I filed a bug report, although I also stated the info I entered in the report.
I quoted that I filed it as "Classification: Feature (New)", so I don't know why your only comment is pointing something out that's already there.
If I had talked about a bug in the title of this thread, well fair enough.
However you clearly did read my post, hence you should also come across the part where I clearly stated what I classified this as.

Glassed Silver:mac