Re: Phishing Links

[Pete Hickey <pete () SHADOWS UOTTAWA CA>]

I gave up.  You can't fight it.  The worst here was a time we...
because of a possible 'incident'... we wanted everyone to change
a password (legacy... we can't force change passwords on that
system)  The PR people actually wanted to send out an email saying
due to xxxxx we are requiring everyone to change passwords.  Click
here to change yours.

Yeah!

When the 'make it easy for the user at all costs' mindset is
around, it's a tough fight.  (I did win that one by putting
their message alongside a phishing one).  More abstract than
that just would not work.


On Wed, Jul 07, 2010 at 02:05:41PM -0400, James Farr '05 wrote:
> It is hard to educate some users on the difference between legitimate and
> phony web links in email, and it is easy enough to fake a website.  For that
> reason I would like to propose that no official college communication is
> sent with an active link in it.
>
> Problems,
>
> Some clients while trying to be helpful make links clickable that I do not
> want clickable.
>
> Links can be inserted as a picture, but not all clients show pictures by
> default.
>
> We can give directions to a website, in order to check your mail go to our
> homepage, click on login and select webmail, but some users cannot/will not
> follow those instructions.
>
>  
>
> Would this solution cause more harm than good?
>
>  
>
> What are your thoughts/rules?
>
>  
>
> IITS will never ask you for your password.  Never email your password to
> anyone.
>
>  
>
> James Farr
>
> Information Security Officer
>
> Instructional Technologist
>
> Utica College
>
>  <mailto:jfarr () utica edu> jfarr () utica edu
>
> 315-223-2386
>
>  
>
>  

-- 
Pete Hickey                         
The University of Ottawa            "Everyone knows someone 
Ottawa, Ontario                      who knows someone else"
Canada