Educause Security Discussion mailing list archives
Re: URL switching in e-mails
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Tue, 3 Jan 2006 13:44:27 -0600
* We'll drop messages containing viral code. * We'll replace entire message parts with "dangerous" extensions with a text explanation and link. * We'll quarantine messages that score sufficiently high on the spam-o-meter. * But we don't muck with content within a message part. - ken Justin Sipher wrote:
All, Happy New Year. I am curious to know how others deal with this e- mail related issue. As a part of our process to protect our user community we do a variety of things from a SPAM and A/V perspective. One thing we do is look for "bait-and-switch" URL swapping which is all too often used for Phishing. What I mean is when in a HTML based e-mail is says one URL but the associated hyperlink is to a different URL. Our current approach is to insert text into the body of the messages to alert our user to this discrepancy. The text we insert looks like this (with fictional URL's in this case).MailScanner has detected a possible fraud attempt from "www.bogus.com" claiming to be http://www.real-url.comWe are now getting some push back from users claiming that this inserted text makes it "beyond difficult" to read the messages clearly. (please don't laugh) So, I am asking all of you if you do similar things or even if you do different things? I would be curious to know what is the "standard" practice within Higher Ed if there is one. What is happening is that there are legitimate organizations using this technique as a part of mass e-mails as I believe it is doing a simple redirect to the actual URL after it inventories the fact that the link was clicked on. Legitimate examples I have seen of this technique are in the University Business daily e-newsletter, propaganda from Palm, the Chronicle of HE/Gartner Symposium announcement, and even an e-mail from EDUCAUSE. Anyone else looking out for this practice and if so, how are you addressing it? Thanks, ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 It's much more important to know what you don't know than what you do know!
Current thread:
- URL switching in e-mails Justin Sipher (Jan 03)
- <Possible follow-ups>
- Re: URL switching in e-mails Ken Connelly (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Joel Rosenblatt (Jan 03)
- Re: URL switching in e-mails David Gillett (Jan 03)
- Re: URL switching in e-mails Justin Sipher (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Cal Frye (Jan 04)