Comment Making Spotting Phishing E-mails Easier. (Score 1) 317
Some suggestions to make spotting phishing
e-mail easier:
1) When an e-mail includes a web link, the e-mail software should display the actual link address in the e-mail (as part of the display).
For instance, I got a fake Royal Bank e-mail, that displayed visually the text: "https://www1.royalbank.com/english/netaction/sgne .html"
But when you view the message source, you see the link is actually: "http://www.mppagog-barlin.de/updating/w/https/www 1.royalbank.com/cgi-bin/rbaccess/rbannxcgi"
One look at the link, and I knew it was bogus!
I'm amazed that e-mail software doesn't do such an obvious step. You could go further and display a warning when the anchor text is a web address, but doesn't match the actual link address.
2) Keep a list of common businesses that are likely to be spoofed (ie finacial organizations), and whenever the e-mail mentions one, add to the message at top a warning banner like: "financial organizations never ask for personal info by e-mail. If this message does, it is likely fake. Contact your organization by phone to check." etc.
Ryan
e-mail easier:
1) When an e-mail includes a web link, the e-mail software should display the actual link address in the e-mail (as part of the display).
For instance, I got a fake Royal Bank e-mail, that displayed visually the text: "https://www1.royalbank.com/english/netaction/sgn
But when you view the message source, you see the link is actually: "http://www.mppagog-barlin.de/updating/w/https/ww
One look at the link, and I knew it was bogus!
I'm amazed that e-mail software doesn't do such an obvious step. You could go further and display a warning when the anchor text is a web address, but doesn't match the actual link address.
2) Keep a list of common businesses that are likely to be spoofed (ie finacial organizations), and whenever the e-mail mentions one, add to the message at top a warning banner like: "financial organizations never ask for personal info by e-mail. If this message does, it is likely fake. Contact your organization by phone to check." etc.
Ryan
