Educause Security Discussion mailing list archives
Re: URL switching in e-mails
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Tue, 3 Jan 2006 15:03:18 -0500
Here is a sample of what we do: The XX-XU-modified: line is added: X-CU-modified: BADURL http://61.156.7.140/www.marklebank.com/login.htm deactivated And the link is commented out: <!-- <a href="http://61.156.7.140/www.marklebank.com/login.htm"> -->Renew now<!-- </a> The email looks the same, but you cannot click on the bad link by accident. Joel Rosenblatt Reply-To: <iBanking () markle com> From: "iBanking () markle com"<iBanking () markle com> Subject: Renew your Online Banking information on Markle Bank Date: Tue, 3 Jan 2006 15:26:42 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server1517.dnslive.net X-AntiAbuse: Original Domain - columbia.edu X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - markle.com X-Source: X-Source-Args: X-Source-Dir: To: undisclosed-recipients:; X-CU-modified: BADURL http://61.156.7.140/www.marklebank.com/login.htm deactivated Content-Disposition: inline X-Scanned-By: MIMEDefang 2.48 on 128.59.28.164 <FONT face=Arial size=2> Dear Markle Bank Customer,<BR> <DIV> </DIV> <DIV> This is your official notification from Markle Bank that the service(s) listed below<BR> will be deactivated and deleted if not renewed immediately. Previous notifications have<BR> been sent to the Access<i>Online</i> Contact assigned to this account. As the Primary Contact, you<BR> must renew the service(s) listed below or it will be deactivated and deleted. <!-- <a href="http://61.156.7.140/www.marklebank.com/login.htm"> -->Renew now<!-- </a> --></DIV> <DIV><BR> SERVICE : Markle Bank <EM></EM>Access<i>Online.</i> with Bill Payment.<BR> EXPIRATION: January 1, 2006</DIV> <DIV> </DIV> <DIV><BR> Thank you,</DIV> <DIV> </DIV> <DIV> Markle Bank Online Banking Support, N.A.</DIV> <DIV> </DIV> <DIV><BR> *****************************************************************************<BR> IMPORTANT CUSTOMER SUPPORT INFORMATION<BR> *****************************************************************************</DIV> <DIV> </DIV> <DIV> Please do not reply to this message. For any inquiries, contact Customer Service.</DIV> <DIV> </DIV> <DIV> Document Reference: (92051208).</DIV> <DIV> </DIV> <DIV> Markle Bank, N.A. Member FDIC. Equal Housing Lender.<BR> Copyright ) 2005 Markle Bank, N.A. All rights reserved.</DIV> --On Tuesday, January 03, 2006 2:04 PM -0500 Justin Sipher <jsipher () skidmore edu> wrote:
All, Happy New Year. I am curious to know how others deal with this e- mail related issue. As a part of our process to protect our user community we do a variety of things from a SPAM and A/V perspective. One thing we do is look for "bait-and-switch" URL swapping which is all too often used for Phishing. What I mean is when in a HTML based e-mail is says one URL but the associated hyperlink is to a different URL. Our current approach is to insert text into the body of the messages to alert our user to this discrepancy. The text we insert looks like this (with fictional URL's in this case).
Joel Rosenblatt, Senior Security Officer & Windows Specialist, CUIT Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel - You can't spell seCUrITy without CUIT
Current thread:
- URL switching in e-mails Justin Sipher (Jan 03)
- <Possible follow-ups>
- Re: URL switching in e-mails Ken Connelly (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Joel Rosenblatt (Jan 03)
- Re: URL switching in e-mails David Gillett (Jan 03)
- Re: URL switching in e-mails Justin Sipher (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Cal Frye (Jan 04)