Educause Security Discussion mailing list archives
Re: URL switching in e-mails
From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 3 Jan 2006 12:48:28 -0800
Does your detector distinguish between "URLs" that are misleading, and text links? i.e.: OK: <a href="http://www.goodguy.com>Good Guy Site</a> Not OK: <a href="http://www.badguy.com>http://www.goodguy.com</a> David Gillett
-----Original Message----- From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] Sent: Tuesday, January 03, 2006 11:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] URL switching in e-mails All, Happy New Year. I am curious to know how others deal with this e- mail related issue. As a part of our process to protect our user community we do a variety of things from a SPAM and A/V perspective. One thing we do is look for "bait-and-switch" URL swapping which is all too often used for Phishing. What I mean is when in a HTML based e-mail is says one URL but the associated hyperlink is to a different URL. Our current approach is to insert text into the body of the messages to alert our user to this discrepancy. The text we insert looks like this (with fictional URL's in this case).MailScanner has detected a possible fraud attempt from "www.bogus.com" claiming to be http://www.real-url.comWe are now getting some push back from users claiming that this inserted text makes it "beyond difficult" to read the messages clearly. (please don't laugh) So, I am asking all of you if you do similar things or even if you do different things? I would be curious to know what is the "standard" practice within Higher Ed if there is one. What is happening is that there are legitimate organizations using this technique as a part of mass e-mails as I believe it is doing a simple redirect to the actual URL after it inventories the fact that the link was clicked on. Legitimate examples I have seen of this technique are in the University Business daily e-newsletter, propaganda from Palm, the Chronicle of HE/Gartner Symposium announcement, and even an e-mail from EDUCAUSE. Anyone else looking out for this practice and if so, how are you addressing it? Thanks, ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________
Current thread:
- URL switching in e-mails Justin Sipher (Jan 03)
- <Possible follow-ups>
- Re: URL switching in e-mails Ken Connelly (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Joel Rosenblatt (Jan 03)
- Re: URL switching in e-mails David Gillett (Jan 03)
- Re: URL switching in e-mails Justin Sipher (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Cal Frye (Jan 04)