Like we really needed this.

Hacker’s Blog

February 18, 2006

Security Awareness and Spear Phishing

Filed under: Security — Hacker @ 4:50 pm

Sometimes I am drawn into irony like a gawker to a highway accident. I know I should just focus on the road and keep moving, but I just can’t help to stop and look. Today’s ironic  accident was my employer’s quarterly security awareness newsletter. I’m sure they tried really hard, but the system just conspired against them.

The newsletter is a pdf, which one has to download from the intranet. To advertise its availability, they sent out an HTML formatted email with a link to the intranet page where the pdf could be obtained. In a newsletter article about Spear Phishing it says:

Don’t click on Web links within e-mail messages.
It is far safer to note the address
and retype it yourself in your browser
address window.

But wait, didn’t you just set me up to do that by sending me the HTML email? Why not use plain text, which even if linkified by the email client, is exactly as displayed.

Of course I had to hack the original email to change the underlying URL to point to this blog. I then sent that out to internally. Odds are, if you are reading this, it is because you clicked on that link.


• • •

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Like we really needed this.