Educause Security Discussion mailing list archives
Re: Phishing Links
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 7 Jul 2010 16:21:38 -0400
Hi,One of my pet expressions is You can't stop stupid, but you can slow it down --- I have found that one of the best ways to slow it down is through education .. but remember, you need to take a lesion from the advertising people .. one ad, no matter how good, will not sell your widgets .. you need to repeat the message - the same goes for security education .. develop a campaign and then rinse and repeat.
My 2 cents Joel --On Wednesday, July 07, 2010 11:48 AM -0700 Eric Case <eric () ERICCASE COM> wrote:
James, You can train your users not send links or text that will become link but you cannot stop links from showing up in their email. I think it is better to train users how to deal with the links they get. -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase (520) 344-CISO (2476) From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05 Sent: Wednesday, July 07, 2010 11:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Phishing Links It is hard to educate some users on the difference between legitimate and phony web links in email, and it is easy enough to fake a website. For that reason I would like to propose that no official college communication is sent with an active link in it. Problems, Some clients while trying to be helpful make links clickable that I do not want clickable. Links can be inserted as a picture, but not all clients show pictures by default. We can give directions to a website, in order to check your mail go to our homepage, click on login and select webmail, but some users cannot/will not follow those instructions. Would this solution cause more harm than good? What are your thoughts/rules? IITS will never ask you for your password. Never email your password to anyone. James Farr Information Security Officer Instructional Technologist Utica College jfarr () utica edu 315-223-2386
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Phishing Links James Farr '05 (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Basgen, Brian (Jul 07)
- Re: Phishing Links James Farr '05 (Jul 07)
- Re: Phishing Links Jeff Kell (Jul 07)
- Re: Phishing Links Basgen, Brian (Jul 07)
- Re: Phishing Links Justin Azoff (Jul 07)
- Re: Phishing Links David Escalante (Jul 07)
- Re: Phishing Links Eric Case (Jul 07)
- Re: Phishing Links Joel Rosenblatt (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 20)
- Windows 0-day David Opitz (Jul 21)
- Re: Windows 0-day Greg Williams (Jul 21)
- Re: Windows 0-day Greg Williams (Jul 27)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)