.

Advice from Microsoft

<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Aug 29, 2008 7:03 am

Advice from Microsoft

I think I'm confused. just received this advice in an email from Mircosoft:
IMPORTANT:  Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.


How does moving from a culture of blindly clicking on links to blindly cut&pasting said links help protect against phishing??? Oh, and the 'as described above? is a long and confusing URL....

Please help, my head hurts....
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Aug 29, 2008 7:19 am

Re: Advice from Microsoft

Haha... nice...

I would guess they're thinking is that a lot of links are typically similar to "hey, come over to www.ebay.com and give us your login!"
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Fri Aug 29, 2008 8:30 am

Re: Advice from Microsoft

I think you are right there Bill. That may very well be the thought process behind it. Though, wouldn't it make more sense to not go there in the first place? Good defense is always trumped by dumb user.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

mad_irish

User avatar

Newbie
Newbie

Posts: 17

Joined: Thu Aug 14, 2008 7:45 am

Post Fri Aug 29, 2008 8:42 am

Re: Advice from Microsoft

What's even scarier is that tactic fails to prevent many common phishing tactics.  For instance, using a domain name that looks like the target in specific fonts (substituting 1's for lower case L's for instance) or misspelled domain names.  Not to mention that if a link spans multiple lines and it's sometimes tough for users to cut and paste the whole thing.  Microsoft needs to do their security reading (http://people.seas.harvard.edu/~rachna/ ... _works.pdf) first before issuing statements like this :(
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Aug 29, 2008 10:01 am

Re: Advice from Microsoft

sgt_mjc wrote:Though, wouldn't it make more sense to not go there in the first place?


Exactly what makes this "advice" funny :)

RR - can you forward that email over to me?
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Fri Aug 29, 2008 10:08 am

Re: Advice from Microsoft

I am sure it will all be fixed once IE8 goes gold :D
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Aug 29, 2008 10:51 am

Re: Advice from Microsoft

BillV wrote:RR - can you forward that email over to me?


check your inbox :)

Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software