As I use my email daily, I find my self opening hyperlinks without enough hesitation. While it is the users responsibility to verify links, many humans become complacent and open links with out double checking.
Similar to the "block content" feature, I believe a good anti-phishing measure would be to block links when clicked. Instead, I would like a pop-up when a link is clicked that displays the link URL, sender address, and sender name always reminding the user to verify the source of the email. It should also use a font that is large, clear to read and properly distinguishes numbers from letters (I, l and 1, 0 vs O).
There could be a few options for the pop-up; Open link, trust address, cancel, cancel & move to junk, and open in "container"
Open link would open the link like normal
Trust address would disable the pop-up for that sender.
Cancel will stop the link from opening
Cancel and move to junk does exactly what it says.
Open in "container" is for the links you need to open but don't want to give access to your browser session, such as for an unsubscribe link. Sandbox mode would be a like Firefox container, or a Firefox profile with no password auto fill, strict security policies and it self resets for every link.
While not preventing all phishing attacks, this would prevent a lot of careless clicks. If I got an email from Amazon telling me my order was delayed, an email a lot of people have received before, I may not immediately notice this one was from Amaz0n.com. The pop up would remind me to double check by presenting the pertinent info right in front of me. Additionally, I probably have the real amazon trusted already, so the pop-up alone will be a clue that some thing is not right.
... View more