[unisog] Email clients enabling Phishing links: the new enemy
chris at eng.gla.ac.uk
Tue Jul 8 15:48:24 GMT 2008
Randy Marchany wrote:
| How are you guy dealing with this scenario?
(1) Attempting to educate users not to click links in unexpected emails
(2) Not including links in our own emails, at least where sensitive info
(ie. password) will be asked for. Instead, we give written instructions
like "goto the campus homepage, then click IT Services, then...etc".
Clearly, (2) does not in itself make anyone any safer. But it avoids
undoing the good work achived by (1).
Not ideal. I fully agree this is a problem area!
And Paul FM wrote:
| Unfortunately, the more you protect users - the less
| prepared they will be when that protection fails.
So true. Best to strike a balance.
| If you want to avoid sending links - why not an message system where it
| simply sends them an e-mail that they have something new on the messaging
| system and they have ONE url (which they have bookmarked and is not
The bookmarks idea is interesting. For ages, our general anti-phishing
advice has said:
"Don't click on links in emails, and instead carefully type the URL of
your bank etc, by hand. Or better still, use your bookmarks facility".
so you could be in deep trouble after browsing a compromised website etc.
I'd be interested in any thoughts on how much of a risk this really is.
IT Security, Computing Service
University of Glasgow, charity number SC004401
More information about the unisog