03-08-2007, 02:20 AM
|
|
Executive Editor, Android Thoughts
Join Date: Aug 2006
Posts: 3,233
|
|
The Top 25 Most Common Mistakes in Email Security
"Someone recently pointed me to this article which describes the 25 Common Email Security mistakes people make.... It's an interesting read and one section really did make me smile! About making people aware that when they receive email from unknown sources...
- You have not won the Irish Lotto, the Yahoo Lottery, or any other big cash prize.
- There is no actual Nigerian King or Prince trying to send you $10 million.
- Your Bank Account Details do not need to be reconfirmed immediately.
- You do not have an unclaimed inheritance.
- You never actually sent that "Returned Mail".
- The News Headline email is not just someone informing you about the daily news.
- You have not won an Ipod Nano."
Jason Langridge points out a very useful article that I enjoyed reading through. If there is one rule I could make others obey it would surely be "Never trust the From: line"! Clients at the Hosting company I consult for continually have issues with that one simple rule, most often complaining to us that "Someone has hacked my account" when they get returned mail or get spam from themselves. Oh how I wish people would spend some time and learn how to talk to a SMTP server - then they'd see just how easy it is to change the "From" line!
__________________
Dr. Jon Westfall, MCSE, MS-MVP
Executive Editor - Android Thoughts
News Editor - Windows Phone Thoughts
|
| |
|
|
|
03-08-2007, 04:11 AM
|
|
Editor Emeritus
Join Date: Sep 2006
Posts: 3,060
|
|
I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?
__________________
Old Market Researchers never die...they just get broken down by age and sex.
|
| |
|
|
|
03-08-2007, 04:42 AM
|
|
Sage
Join Date: Mar 2005
Posts: 800
|
|
call me crazy, but I acutally enjoy those spam sometimes. They're actually comical to read. Lol!
|
| |
|
|
|
03-08-2007, 04:46 AM
|
|
Ponderer
Join Date: Mar 2002
Posts: 110
|
|
Funny :lol: And the absolute truth!!!!!! I think that we have all recieved those e-mails.
|
| |
|
|
|
03-08-2007, 06:27 AM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Quote:
|
Originally Posted by Patrick Y.
call me crazy, but I acutally enjoy those spam sometimes. They're actually comical to read. Lol!
|
Well, okay, I receive hundreds a day. You're welcome to take a good portion of it for bedtime reading. 
|
| |
|
|
|
03-08-2007, 06:31 AM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Quote:
|
Originally Posted by Brad Adrian
I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?
|
Plain old HTML. They simply wrap the seemingly legitimate address in a fake one, like so:
http://www.pocketpcthoughts.com/
|
| |
|
|
|
03-08-2007, 05:51 PM
|
|
Executive Editor, Android Thoughts
Join Date: Aug 2006
Posts: 3,233
|
|
Quote:
|
Originally Posted by Darius Wey
Quote:
|
Originally Posted by Brad Adrian
I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?
|
Plain old HTML. They simply wrap the seemingly legitimate address in a fake one, like so:
http://www.pocketpcthoughts.com/ |
Another old trick is the @ symbol or user credentials in the URL string. An old method of allowing a person to specify access credentials inline with the URL was http://username [email protected] (This allowed you to jump past pesky login pop-ups). However, this can be used with sites that don't require authentication in the following ways:
http://www.microsoft.com:[email protected]
or
http://[email protected]/
those both don't take you remotely near microsoft.com, but look like they will.
__________________
Dr. Jon Westfall, MCSE, MS-MVP
Executive Editor - Android Thoughts
News Editor - Windows Phone Thoughts
|
| |
|
|
|
03-08-2007, 07:53 PM
|
|
Thinker
Join Date: Jun 2003
Posts: 455
|
|
All good tips. I noticed that the article assumes the user is using Outlook for e-mail (based on the commands and backup tools he references), but says nothing about Outlook's status as most-hackable e-mail program. I would have expected a mention of other e-mail apps that are a bit more secure.
__________________
Steven Lyle Jordan: Original SF so good, Fox would never put in on the air. |
| |
|
|
|
|
|
|
Linear Mode
