Re: Phishing Links

[Eric Case <eric () ERICCASE COM>]

James,

 

You can train your users not send links or text that will become link but
you cannot stop links from showing up in their email.  I think it is better
to train users how to deal with the links they get.

-Eric

 

 

Eric Case, CISSP

eric (at) ericcase (dot) com

http://www.linkedin.com/in/ericcase

(520) 344-CISO (2476)

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05
Sent: Wednesday, July 07, 2010 11:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing Links

 

It is hard to educate some users on the difference between legitimate and
phony web links in email, and it is easy enough to fake a website.  For that
reason I would like to propose that no official college communication is
sent with an active link in it.

Problems,

Some clients while trying to be helpful make links clickable that I do not
want clickable.

Links can be inserted as a picture, but not all clients show pictures by
default.

We can give directions to a website, in order to check your mail go to our
homepage, click on login and select webmail, but some users cannot/will not
follow those instructions.

 

Would this solution cause more harm than good?

 

What are your thoughts/rules?

 

IITS will never ask you for your password.  Never email your password to
anyone.

 

James Farr

Information Security Officer

Instructional Technologist

Utica College

jfarr () utica edu

315-223-2386

Attachment: smime.p7s
Description: