Scam protection

Author: mgurgel

special-pages/pages/special-error/app/components/App.jsx

@@ -34,10 +34,9 @@ function PageTitle() {
     useEffect(() => {
         switch (kind) {
             case 'malware':
-                document.title = t('malwareTabTitle');
-                break;
             case 'phishing':
-                document.title = t('phishingTabTitle');
+            case 'scam':
+                document.title = t('maliciousSiteTabTitle');
                 break;
             default:
                 document.title = t('sslPageHeading');

special-pages/pages/special-error/app/components/Components.jsx

@@ -29,7 +29,7 @@ const platforms = {
  */
 function idForError(errorData) {
     const { kind } = errorData;
-    if (kind === 'phishing' || kind === 'malware') {
+    if (kind === 'malware' || kind === 'phishing' || kind === 'scam') {
         return kind;
     }
 

special-pages/pages/special-error/app/components/Warning.module.css

@@ -60,7 +60,7 @@
         margin-top: calc(-1 * var(--sp-2));
     }
 
-    & .phishing .icon, & .malware .icon {
+    & .phishing .icon, & .malware .icon, & .scam .icon {
         background-image: url(../../../../shared/assets/img/icons/Malware-Site-96.svg);
         margin-left: calc(-1 * var(--sp-2));
         margin-right: calc(-1 * var(--sp-1));
@@ -116,7 +116,7 @@
         background-image: url(../../../../shared/assets/img/icons/Shield-Alert-128.svg);
     }
 
-    & .phishing .icon, & .malware .icon {
+    & .phishing .icon, & .malware .icon, & .scam .icon {
         background-image: url(../../../../shared/assets/img/icons/Malware-Site-128.svg);
     }
 
@@ -166,7 +166,7 @@
         margin-top: calc(-1 * var(--sp-2));
     }
 
-    & .phishing .icon, & .malware .icon {
+    & .phishing .icon, & .malware .icon, & .scam .icon {
         background-image: url(../../../../shared/assets/img/icons/Malware-Site-96.svg);
         margin-left: calc(-1 * var(--sp-2));
         margin-right: calc(-1 * var(--sp-1));

special-pages/pages/special-error/app/hooks/ErrorStrings.jsx

@@ -49,7 +49,7 @@ const reportSiteAnchorTagParams = (urlParam) => {
  * @typedef {import("../../types/special-error.js").SSLInvalidCertificate} SSLInvalidCertificate
  * @typedef {import("../../types/special-error.js").SSLSelfSignedCertificate} SSLSelfSignedCertificate
  * @typedef {import("../../types/special-error.js").SSLWrongHost} SSLWrongHost
- * @typedef {import("../../types/special-error.js").PhishingAndMalware} PhishingAndMalware
+ * @typedef {import("../../types/special-error.js").MaliciousSite} MaliciousSite
  * @typedef {SSLExpiredCertificate|SSLInvalidCertificate|SSLSelfSignedCertificate|SSLWrongHost} SSLError
  */
 
@@ -60,16 +60,15 @@ export function useWarningHeading() {
     const { t } = useTypedTranslation();
     const { kind } = useErrorData();
 
-    if (kind === 'phishing') {
-        return t('phishingPageHeading').replace('{newline}', '\n');
-    }
-
-    if (kind === 'malware') {
-        return t('malwarePageHeading').replace('{newline}', '\n');
-    }
-
-    if (kind === 'ssl') {
-        return t('sslPageHeading');
+    switch(kind) {
+        case 'ssl':
+            return t('sslPageHeading');
+        case 'malware':
+        case 'phishing':
+        case 'scam':
+            const translationKey = /** @type {"malwarePageHeading"|"phishingPageHeading"|"scamPageHeading"} */(`${kind}PageHeading`);
+            return t(translationKey).replace('{newline}', '\n');
+        default:
     }
 
     throw new Error(`Unhandled error kind ${kind}`);
@@ -93,6 +92,11 @@ export function useWarningContent() {
         return [<Trans str={text} values={{ a: helpPageAnchorTagParams }} />];
     }
 
+    if (kind === 'scam') {
+        const text = t('scamWarningText').replace('{newline}', '\n');
+        return [<Trans str={text} values={{ a: helpPageAnchorTagParams }} />];
+    }
+
     if (kind === 'ssl') {
         const { domain } = /** @type {SSLError}} */ (errorData);
         return [<Trans str={t('sslWarningText', { domain })} values="" />];
@@ -109,16 +113,17 @@ export function useAdvancedInfoHeading() {
     const errorData = useErrorData();
     const { kind } = errorData;
 
-    if (kind === 'phishing' || kind === 'malware') {
-        const { url } = /** @type {PhishingAndMalware} */ (errorData);
-        const anchorTagParams = reportSiteAnchorTagParams(url);
-        const translatioKey = kind === 'phishing' ? 'phishingAdvancedInfoHeading' : 'malwareAdvancedInfoHeading';
-
-        return <Trans str={t(translatioKey)} values={{ a: anchorTagParams }} />;
-    }
-
-    if (kind === 'ssl') {
-        return t('sslAdvancedInfoHeading');
+    switch(kind) {
+        case 'ssl':
+            return t('sslAdvancedInfoHeading');
+        case 'malware':
+        case 'phishing':
+        case 'scam':
+            const { url } = /** @type {MaliciousSite} */ (errorData);
+            const anchorTagParams = reportSiteAnchorTagParams(url);
+            const translationKey = /** @type {"malwareAdvancedInfoHeading"|"phishingAdvancedInfoHeading"|"scamAdvancedInfoHeading"} */(`${kind}AdvancedInfoHeading`);
+            return <Trans str={t(translationKey)} values={{ a: anchorTagParams }} />;
+        default:
     }
 
     throw new Error(`Unhandled error kind ${kind}`);
@@ -132,7 +137,7 @@ export function useAdvancedInfoContent() {
     const errorData = useErrorData();
     const { kind } = errorData;
 
-    if (kind === 'phishing' || kind === 'malware') {
+    if (kind === 'malware' || kind === 'phishing' || kind === 'scam') {
         return [];
     }
 

special-pages/pages/special-error/integration-tests/special-error-screenshots.spec.js

@@ -33,4 +33,11 @@ test.describe('screenshots @screenshots', () => {
         await special.openPage({ errorId: 'malware', locale: 'ru' });
         await expect(page).toHaveScreenshot('malware-warning-ru.png', { maxDiffPixels });
     });
+
+    test('Scam warning with advanced info', async ({ page }, workerInfo) => {
+        const special = SpecialErrorPage.create(page, workerInfo);
+        await special.openPage({ errorId: 'scam' });
+        await special.showsAdvancedInfo();
+        await expect(page).toHaveScreenshot('scam-warning-advanced.png', { maxDiffPixels });
+    });
 });

special-pages/pages/special-error/integration-tests/special-error.js

@@ -295,6 +295,27 @@ export class SpecialErrorPage {
         ).toBeVisible();
     }
 
+    async showsScamPage() {
+        const { page } = this;
+
+        await this.showsPageTitle('Warning: Security Risk');
+
+        await expect(page.getByText('Warning: This site may be a security risk', { exact: true })).toBeVisible();
+        await expect(
+            page.getByText(
+                'DuckDuckGo blocked this page because it may be trying to deceive or manipulate you into transferring money, buying counterfeit goods, or installing malware under false pretenses. Learn more',
+                { exact: true },
+            ),
+        ).toBeVisible();
+        await this.showsAdvancedInfo();
+        await expect(
+            page.getByText(
+                'If you believe this website is safe, you can report an error. You can still visit the website at your own risk.',
+                { exact: true },
+            ),
+        ).toBeVisible();
+    }
+
     /**
      * Clicks on advanced link to show expanded info
      *

special-pages/pages/special-error/integration-tests/special-error.spec.js

@@ -60,6 +60,12 @@ test.describe('special-error', () => {
         await special.showsMalwarePage();
     });
 
+    test('shows scam warning', async ({ page }, workerInfo) => {
+        const special = SpecialErrorPage.create(page, workerInfo);
+        await special.openPage({ errorId: 'scam' });
+        await special.showsScamPage();
+    });
+
     test('leaves site', async ({ page }, workerInfo) => {
         const special = SpecialErrorPage.create(page, workerInfo);
         await special.openPage({ errorId: 'ssl.expired' });
@@ -92,6 +98,16 @@ test.describe('special-error', () => {
         await special.opensNewPage('Learn more', expectedURL);
     });
 
+    test('opens scam help page in a new window', async ({ page }, workerInfo) => {
+        const special = SpecialErrorPage.create(page, workerInfo);
+        await special.overrideTestLinks();
+
+        const expectedURL = `${phishingMalwareHelpPageURL}`;
+
+        await special.openPage({ errorId: 'scam' });
+        await special.opensNewPage('Learn more', expectedURL);
+    });
+
     test('opens report form in a new window', async ({ page, browser }, workerInfo) => {
         const special = SpecialErrorPage.create(page, workerInfo);
         await special.overrideTestLinks();

special-pages/pages/special-error/messages/initialSetup.response.json

@@ -25,12 +25,12 @@
       "oneOf": [
         {
           "type": "object",
-          "title": "Phishing and Malware",
+          "title": "Malicious Site",
           "required": ["kind", "url"],
           "properties": {
             "kind": {
               "type": "string",
-              "enum": ["phishing", "malware"]
+              "enum": ["phishing", "malware", "scam"]
             },
             "url": {
               "type": "string"

special-pages/pages/special-error/public/locales/en/special-error.json

@@ -25,14 +25,14 @@
     "title": "Accept Risk and Visit Site",
     "note": "Button shown in an error page that warns users of security risks on a website due to Phishing or Malware issues. The buttons allows the user to visit the website anyway despite the risks."
   },
+  "maliciousSiteTabTitle": {
+    "title": "Warning: Security Risk",
+    "note": "Title shown in the browser window or tab when the current page may be a security risk due to phishing"
+  },
   "malwarePageHeading": {
     "title": "Warning: This site may be a{newline}security risk",
     "note": "Title shown in an error page that warn users of security risks on a website due to malware distribution. The {newline} tag should not be translated. It should be placed within the sentence to avoid having a single word hanging on the last line"
   },
-  "malwareTabTitle": {
-    "title": "Warning: Security Risk",
-    "note": "Title shown in the browser window or tab when the current page may be a security risk due to malware"
-  },
   "malwareWarningText": {
     "title": "DuckDuckGo blocked this page because it may be distributing malware designed to compromise your device or steal your personal information.{newline}<a>Learn more</a>",
     "note": "Error description shown in an error page that warns users of security risks on a website due to malware distribution. The {newline} tag should not be translated. It should be placed before the translated <a>Learn More</a> text."
@@ -45,10 +45,6 @@
     "title": "Warning: This site may be a{newline}security risk",
     "note": "Title shown in an error page that warn users of security risks on a website due to Phishing issues. The {newline} tag should not be translated. It should be placed within the sentence to avoid having a single word hanging on the last line"
   },
-  "phishingTabTitle": {
-    "title": "Warning: Security Risk",
-    "note": "Title shown in the browser window or tab when the current page may be a security risk due to phishing"
-  },
   "phishingWarningText": {
     "title": "This website may be impersonating a legitimate site in order to trick you into providing personal information, such as passwords or credit card numbers.{newline}<a>Learn more</a>",
     "note": "Error description shown in an error page that warns users of security risks on a website due to Phishing issues. The {newline} tag should not be translated. It should be placed before the translated <a>Learn More</a> text."
@@ -57,6 +53,18 @@
     "title": "If you believe this website is safe, you can <a>report an error</a>. You can still visit the website at your own risk.",
     "note": "Title of the Advanced info section shown in an error page that warns users of security risks on a website due to malware distribution."
   },
+  "scamPageHeading": {
+    "title": "Warning: This site may be a{newline}security risk",
+    "note": "Title shown in an error page that warn users of security risks on a website due to suspected scam attempts. The {newline} tag should not be translated. It should be placed within the sentence to avoid having a single word hanging on the last line"
+  },
+  "scamWarningText": {
+    "title": "DuckDuckGo blocked this page because it may be trying to deceive or manipulate you into transferring money, buying counterfeit goods, or installing malware under false pretenses.{newline}<a>Learn more</a>",
+    "note": "Error description shown in an error page that warns users of security risks on a website due to suspected scam attempts. The {newline} tag should not be translated. It should be placed before the translated <a>Learn More</a> text."
+  },
+  "scamAdvancedInfoHeading": {
+    "title": "If you believe this website is safe, you can <a>report an error</a>. You can still visit the website at your own risk.",
+    "note": "Title of the Advanced info section shown in an error page that warns users of security risks on a website due to suspected scam attempts."
+  },
   "sslPageHeading": {
     "title": "Warning: This site may be insecure",
     "note": "Title shown in an error page that warn users of security risks on a website due to SSL issues"

special-pages/pages/special-error/src/sampleData.js

@@ -14,6 +14,13 @@ export const sampleData = {
             url: 'https://privacy-test-pages.site/security/badware/malware.html?query=param&some=other',
         },
     },
+    scam: {
+        name: 'Scam',
+        data: {
+            kind: 'scam',
+            url: 'https://privacy-test-pages.site/security/badware/malware.html?query=param&some=other',
+        }, // TODO: Update with actual test page
+    },
     'ssl.expired': {
         name: 'Expired',
         data: {

special-pages/pages/special-error/types/special-error.ts

@@ -69,19 +69,14 @@ export interface InitialSetupResponse {
   platform: {
     name: "macos" | "windows" | "android" | "ios";
   };
-  errorData:
-    | PhishingAndMalware
-    | SSLExpiredCertificate
-    | SSLInvalidCertificate
-    | SSLSelfSignedCertificate
-    | SSLWrongHost;
+  errorData: MaliciousSite | SSLExpiredCertificate | SSLInvalidCertificate | SSLSelfSignedCertificate | SSLWrongHost;
   /**
    * Optional locale-specific strings
    */
   localeStrings?: string;
 }
-export interface PhishingAndMalware {
-  kind: "phishing" | "malware";
+export interface MaliciousSite {
+  kind: "phishing" | "malware" | "scam";
   url: string;
 }
 export interface SSLExpiredCertificate {