Educause Security Discussion mailing list archives

Re: Phishing Links

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 7 Jul 2010 16:21:38 -0400

Hi,

One of my pet expressions is You can't stop stupid, but you can slow it down --- I have found that one of the best ways to slow it down is through education ..but remember, you need to take a lesion from the advertising people .. one ad, no matter how good, will not sell your widgets .. you need to repeat the message- the same goes for security education .. develop a campaign and then rinse and repeat.


My 2 cents

Joel

--On Wednesday, July 07, 2010 11:48 AM -0700 Eric Case <eric () ERICCASE COM> wrote:

James,



You can train your users not send links or text that will become link but
you cannot stop links from showing up in their email.  I think it is better
to train users how to deal with the links they get.

-Eric





Eric Case, CISSP

eric (at) ericcase (dot) com

http://www.linkedin.com/in/ericcase

(520) 344-CISO (2476)





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05
Sent: Wednesday, July 07, 2010 11:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing Links



It is hard to educate some users on the difference between legitimate and
phony web links in email, and it is easy enough to fake a website.  For that
reason I would like to propose that no official college communication is
sent with an active link in it.

Problems,

Some clients while trying to be helpful make links clickable that I do not
want clickable.

Links can be inserted as a picture, but not all clients show pictures by
default.

We can give directions to a website, in order to check your mail go to our
homepage, click on login and select webmail, but some users cannot/will not
follow those instructions.



Would this solution cause more harm than good?



What are your thoughts/rules?



IITS will never ask you for your password.  Never email your password to
anyone.



James Farr

Information Security Officer

Instructional Technologist

Utica College

jfarr () utica edu

315-223-2386




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

Current thread:

Phishing Links James Farr '05 (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
  - Re: Phishing Links Basgen, Brian (Jul 07)
    - Re: Phishing Links James Farr '05 (Jul 07)
    - Re: Phishing Links Jeff Kell (Jul 07)
- Re: Phishing Links Justin Azoff (Jul 07)
  - Re: Phishing Links David Escalante (Jul 07)
- Re: Phishing Links Eric Case (Jul 07)
  - Re: Phishing Links Joel Rosenblatt (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
  - Re: Phishing Links Pete Hickey (Jul 07)
    - Re: Phishing Links Martin Manjak (Jul 07)
    - Re: Phishing Links Ben Woelk (Jul 07)
    - Re: Phishing Links Martin Manjak (Jul 20)
    - Windows 0-day David Opitz (Jul 21)
    - Re: Windows 0-day Greg Williams (Jul 21)
    - Re: Windows 0-day Greg Williams (Jul 27)
  - Re: Phishing Links Ben Woelk (Jul 07)
    - Re: Phishing Links Flynn, Gary - flynngn (Jul 07)

(Thread continues...)