Auto-Notifications Flagged as Phishing Scam (Original Poster Only)

[lmacri]

I don't know if this is related to the problem already report by MAXBAR1 <here>,  but I'm subscribed to the thread  Win7 freeze, Event ID 36887 from "scan file system" and every time the original poster (OP) DSperber posts a reply in this thread the auto-notification is flagged by my e-mail program (Win Vista's built-in Windows Mail) as a phishing scam and moved from my Inbox to my Junk E-mail folder.

When Malwarebytes staffer LiquidTension replies in that thread the auto-notification land in my Inbox without a problem.  All notifications are being sent from Malwarebytes Forums <noreply@invisioncloudcommunity.com> and I can't see anything in my Safe Senders / Blocked Senders list in my local email client that would cause notifications from the OP (or something in their user profile like a signature) to be flagged as a phishing scam.

The only difference I can see is that LiquidTension uses a custom image for the badge in their user profile, while the image for DSperber's profile is auto-generated by the forum software.

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.2.22 * MB Free v3.5.1.2522-1.0.365

[Amaroq_Starwind]

Gmail does this for my own notifications from the Malwarebytes Forums, moving them to the Spam folder, except it does so with all Malwarebytes notifications. I had to manually create a filter to prevent the messages from being moved spam.

[AlexSmith]

@lmacri looking at what you have posted, this looks like a false positive with how the Windows Mail application is treating content within the emails. Unfortunately, being that its Windows Vista it's very likely the mechanism that powers this is no longer updated or supported since Windows Vista hit end of life about 2 years ago.

Edited April 5, 2019 by AlexSmith

[David H. Lipman]

Windows Live Mail went EoL about the same time as Windows Vista. 
Chances are the Windows Live Mail "Rules" for moving and identifying email as "Junk Email" is out of date causing a false Negative on legitimate Malwarebytes' email.

I think the Windows Live Mail Rules for Junk Mail should be disabled .

Edited April 5, 2019 by David H. Lipman

[lmacri]

1 hour ago, David H. Lipman said:

...I think the Windows Live Mail Rules for Junk Mail should be disabled.

AlexSmith / David H. Lipman:

That would be reasonable if all auto-notifications from Malwarebytes were being flagged as spam, but how does one explain why every notification for replies by MB employee LiquidTension arrive as expected in my Inbox, while every notification for replies by the OP DSperber are flagged as a phishing scam?  Both these users are posting in the same thread Win7 freeze, Event ID 36887 from "scan file system" .   This behaviour started about five days ago.

If this was a problem with my Windows Mail program I would a) expect e-mails from sources other than Malwarebytes to be incorrectly flagged as phishing scams, and/or b) all e-mail notifications from Malwarebytes Forums <noreply@invisioncloudcommunity.com>  to be flagged as a phishing scam.  Neither of those things is happening.

And just to clarify, I'm not using the standalone Windows Live Mail program that Microsoft discontinued a few years ago.  I'm using the Windows Mail program that's built in to my (now unsupported) Vista SP2 OS.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.2.22 * MB Free v3.5.1.2522-1.0.365

[Firefox]

At times some of my MB notifications get caught as spam in Outlook 365 (usually if you guys make a change on how they get sent out)

[David H. Lipman]

1 hour ago, lmacri said:

And just to clarify, I'm not using the standalone Windows Live Mail program that Microsoft discontinued a few years ago.  I'm using the Windows Mail program that's built in to my (now unsupported) Vista SP2 OS.

It may or not be Windows Live Mail (WLM) Version 2012 (Build 16.4.3528.0331) but that is a moot point as when WLM was EoL'd no new Junk Mail Rules were generated.  What was distributed in Windows Essentials 2012 is just an updated version of Windows Mail that came stock with Vista and provided a few extras like; Live Messenger, Writer, Family Safety, etc.  I have installed it on Windows 7 and Windows 8.1.  I have the full 134MB Windows Essentials 2012 installer and installed it as recently as last month.  However being a dead end product, it receives no updates from Microsoft.

What you are experiencing is that some email is flagged which means there is something that is common in the email that is causing it to be flagged.  The problem is not with WLM or Windows Mail but with a Junk Mail associated Rule that is causing a False Positive.  Since the product is past its EoL and there are no Junk mail Rule corrections and no new rules are being created by Microsoft it would be best to disable Windows Mail Junk Mail handling ( Options --> Safety Options --> Options, "No automatic filtering..." ).

Rerference:
EoL - End of Life

 

Edited April 5, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[lmacri]

59 minutes ago, David H. Lipman said:

...The problem is not with WLM or Windows Mail but with a Junk Mail associated Rule that is causing a False Positive...

Never mind, then. I just assumed this was a bug Malwarebytes might be able to fix on their end after reading MAXBAR1's 14-Mar-2019 thread Problems with Mail Notification of the Forum on iPhone about issues reading forum auto-notifications with iOS Mail (but not MacOS Mail). 

Quote

"Questo messaggio non puo essere visualizzato a causa del formato utilizzato.  Chiedi al mittente di inviarlo di muovo utilizzando un formato o programma di posta elettronica diverso."

From Google Translate:

"This message cannot be displayed due to the format used. Ask the sender to send it by using a different e-mail format or program."

I can try adding noreply@invisioncloudcommunity.com to my Safe Senders list.  That might be safer than turning off my default Junk E-Mail rules altogether.

--------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.2.22 * MB Free v3.5.1.2522-1.0.36

 

[alvarnell]

6 hours ago, lmacri said:

I don't know if this is related to the problem already report by MAXBAR1 <here>

@MAXBAR1 reported his issue when using an iPhone and iOS Mail, so likely different from your problem, although it's possible that one or both are being caused by e-mail server rules between Malwarebytes and your email providers.

[David H. Lipman]

16 minutes ago, lmacri said:

I can try adding noreply@invisioncloudcommunity.com to my Safe Senders list.  That might be safer than turning off my default Junk E-Mail rules altogether.

Actually, that may be the best idea and overrides the idea of just disabling the Rules altogether.

Give it a shot and see if that mitigates the issue.