Print

Print
For a time you could tell users not to click on a link in an email unless it was someone they knew, but with spoofing of email addresses and email accounts being compromised you can't do that anymore.

Another conundrum I see is URL shorting.  I like the idea, especially for really long URL's that span more then one line or on services like Twitter, but unless you use a service to expand the URL, such as LongURL (http://longurl.org/), there's no way to know what or where it'll actually go.

I know that Mail on Mac OS X has the ability for the user to hover over a link in a message, then click a small drop-down arrow that appears and will preview the location. However I'm not certain how this might offer more of a protection then the user actually clicking on the link.

I personally will copy and paste a long link text from the email message body to the browser address bar to be safe, otherwise I'll type the address if short.  However I realize that others may not.


--
Troy Murray
Michigan State University
College of Medicine
Life Science
1355 Bogue St, B-136D 
East Lansing, MI 48824
P: 517-432-2760
F: 517-355-7254
RedHat 5 Certified Technician
RedHat 5 Certified Systems Administrator
HL7 V2.6/2.5 Certified Control Specialist

On Mar 9, 2012, at 10:22 AM, David McFarlane wrote:

Better, just train families and users to *never* click *any* link in *any* message from *anyone*.  Then follow that up by never including links in your own messages, and scolding anyone who sends you a message that contains a link.  That's pretty much my strategy.  I might include links in messages to known tech-savvy recipients who know me and who are expecting such a link from me; for others, on the rare occasions that I include a link, I also tell them to not click on the link that I just posted, but instead to type in the address themselves to their browsers and then follow the path from there.

But then I am not a cyber security expert, so what do I know?

-- dkm


At 3/9/2012 10:06 AM Friday, Loren LaLonde wrote:
To Mr. Oas - Hilarious.

It looks like we'll have to start training our families and users to pay attention to where a link points, and remind them to never click on anything that ends in .exe, .vb*, and all that good stuff too.  This one is particularly authentic looking since they copied the actual UPS copyright content, and the format is pretty similar to the real thing.  Except I've never seen an invoice link, and delivery confirmations always include your address.

I might as well get ready to be on call with the relatives for this one.  Anyone know which virus or exploit they're using so I can have the cleanup instructions handy?

On 3/8/2012 4:00 PM, Jon Galbreath wrote:
Yup, the page itself has links that go to some Java-enabled something or other.  I didn't wait around to see what materialized.  Fortunately Java is so slow there's time to close the page before you find out what's in store.  I'm guessing it's evil.

Jon Galbreath, MCSE
Systems Administrator
International Studies and Programs
Helpdesk: 517-884-2148
Ph: 517-884-2144
<mailto:[log in to unmask]>[log in to unmask]

From: Laurence Bates [<mailto:[log in to unmask]>mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 3:59 PM
To: <mailto:[log in to unmask]>[log in to unmask]
Subject: [MSUNAG] FW: UPS Delivery Notification, Tracking Number B80F119957814DA9

This looks like a particularly dangerous email load - a credible looking web page attachment which offers an executable "invoice"  Unless I am mistaken, this could catch quite a few users.

Laurence

From: UPS Quantum View [mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 1:49 PM
To: <mailto:[log in to unmask]>[log in to unmask]
Subject: UPS Delivery Notification, Tracking Number B80F119957814DA9


You have attached the invoice for your package delivery.

Thank you,
United Parcel Service

*** This is an automatically generated email, please do not reply ***