Re: Phishing Links

[Ben Woelk <fbwis () RIT EDU>]

Although it may be more secure, I don't believe this would be accepted by most college departments. They would see this 
as a barrier to communications, not an enabler.

The other issue is that the mail client may automatically convert the URL to a link.

Ben Woelk '07
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
Ross 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at http://rit.facebook.com/profile.php?id=6017464645

Follow us on Twitter: http://twitter.com/RIT_InfoSec


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James 
Farr '05
Sent: Wednesday, July 07, 2010 2:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing Links

It is hard to educate some users on the difference between legitimate and phony web links in email, and it is easy 
enough to fake a website.  For that reason I would like to propose that no official college communication is sent with 
an active link in it.
Problems,
Some clients while trying to be helpful make links clickable that I do not want clickable.
Links can be inserted as a picture, but not all clients show pictures by default.
We can give directions to a website, in order to check your mail go to our homepage, click on login and select webmail, 
but some users cannot/will not follow those instructions.

Would this solution cause more harm than good?

What are your thoughts/rules?

IITS will never ask you for your password.  Never email your password to anyone.

James Farr
Information Security Officer
Instructional Technologist
Utica College
jfarr () utica edu<mailto:jfarr () utica edu>
315-223-2386