Comments on: Not a Very Good Example at All! http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/ Stay safe online with jargon-free security hints, tips and resources Fri, 30 Dec 2011 14:22:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Bill Hely http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/#comment-4591 Bill Hely Mon, 12 Oct 2009 00:55:45 +0000 http://computerandonlinesecurity.com/?p=1073#comment-4591 Hi Giles. And the answer is... <strong> The human brain is the first line of defense; keep it engaged when online.</strong> Sound familiar? Hi Giles.

And the answer is…

The human brain is the first line of defense;
keep it engaged when online.

Sound familiar?

]]> By: Bill Hely http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/#comment-4590 Bill Hely Mon, 12 Oct 2009 00:52:49 +0000 http://computerandonlinesecurity.com/?p=1073#comment-4590 Bill N in UK: Good points Bill. The various "tell-tale" methods can be useful, but unfortunately they aren't always 100% reliable. What you will see in a status bar, if anything, depends on a number of factors, not least of which is how you're viewing the e-mail: e-mail client (which one?) or webmail (which browser?). You have to be particularly careful when viewing HTML in a browser. There is a JavaScript programming command (or more correctly an "event handler") called OnMouseOver, which can allow the programmer to determine what is shown in the status bar when the mouse cursor is hovered over a link. The status bar can be made to read "http://mybank.com" when the link really points to "http://badhacker.com". Again, how and whether this works is dependent on a number of factors. The functioning of JavaScript in HTML e-mail is a case-by-case thing. Whether OnMouseOver works in any e-mail client programs I'm not sure -- haven't tried it in any myself, and anyway there are just so many different variations. In all probability it will work in some and not others. If you really want to see exactly the source of the message and what is programmed to happen behind the scenes, there are two places you can look for more extensive information. The first is the e-mail header data, which is usually not too difficult to access, with the exact method depending on your particular e-mail client program. For example in Microsoft Outlook you can right click on a message in the list of e-mails and select Options from the pop-up. The other place is the code behind the HTML e-mail. Again in Microsoft Outlook, right-click in the body of any HTML e-mail and select View Source from the pop-up. You'll need to understand at least a little HTML to be able to analyze the results. Bill N in UK:

Good points Bill. The various “tell-tale” methods can be useful, but unfortunately they aren’t always 100% reliable. What you will see in a status bar, if anything, depends on a number of factors, not least of which is how you’re viewing the e-mail: e-mail client (which one?) or webmail (which browser?).

You have to be particularly careful when viewing HTML in a browser. There is a JavaScript programming command (or more correctly an “event handler”) called OnMouseOver, which can allow the programmer to determine what is shown in the status bar when the mouse cursor is hovered over a link. The status bar can be made to read “http://mybank.com” when the link really points to “http://badhacker.com”. Again, how and whether this works is dependent on a number of factors. The functioning of JavaScript in HTML e-mail is a case-by-case thing.

Whether OnMouseOver works in any e-mail client programs I’m not sure — haven’t tried it in any myself, and anyway there are just so many different variations. In all probability it will work in some and not others.

If you really want to see exactly the source of the message and what is programmed to happen behind the scenes, there are two places you can look for more extensive information.

The first is the e-mail header data, which is usually not too difficult to access, with the exact method depending on your particular e-mail client program. For example in Microsoft Outlook you can right click on a message in the list of e-mails and select Options from the pop-up.

The other place is the code behind the HTML e-mail. Again in Microsoft Outlook, right-click in the body of any HTML e-mail and select View Source from the pop-up. You’ll need to understand at least a little HTML to be able to analyze the results.

]]> By: Giles http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/#comment-4589 Giles Sun, 11 Oct 2009 21:44:04 +0000 http://computerandonlinesecurity.com/?p=1073#comment-4589 I think most of us know better than to click unknown links but the scams get more and more sophisticated and the danger for me lies in possible lack of concentration leading to a nasty error. Only one answer to that one! I think most of us know better than to click unknown links but the scams
get more and more sophisticated and the danger for me lies in possible lack of concentration leading to a nasty error. Only one answer to that one!

]]> By: Bill N in UK http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/#comment-4588 Bill N in UK Sun, 11 Oct 2009 12:12:17 +0000 http://computerandonlinesecurity.com/?p=1073#comment-4588 One other point : if you float your mouse pointer over any of these 'Click Here' links - or indeed any other link - you will see the actual address to which that link refers, in the Status Bar at the foot of your browser page. This information should give you a clue as to the true identity of the link's target and it is a good idea to get into the habit of monitoring the information in the Status Bar, before clicking the link. If you cannot see the Status Bar, it may have been disabled. You can re-enable it by clicking on the 'View' option in the toolbar at the top of your browser page and clicking on the 'Status Bar' entry, in the drop-down menu. One other point : if you float your mouse pointer over any of these ‘Click Here’ links – or indeed any other link – you will see the actual address to which that link refers, in the Status Bar at the foot of your browser page. This information should give you a clue as to the true identity of the link’s target and it is a good idea to get into the habit of monitoring the information in the Status Bar, before clicking the link.
If you cannot see the Status Bar, it may have been disabled. You can re-enable it by clicking on the ‘View’ option in the toolbar at the top of your browser page and clicking on the ‘Status Bar’ entry, in the drop-down menu.

]]> By: Irene http://computerandonlinesecurity.com/blog/threat-warnings/not-a-very-good-example-at-all/#comment-4586 Irene Sun, 11 Oct 2009 05:36:45 +0000 http://computerandonlinesecurity.com/?p=1073#comment-4586 Absolutely right! I had an experience with PayPal scam - it was a phony email that wanted me to 'click here.' The header of the email, etc., looked identical to PayPal, but there was one little spelling mistake that I picked up on immediately. I contacted them right away and they asked me to send them the letter I received....sure enough it was a scam. I was told back then to never, ever click on any link, or else you'll have loads of trouble to follow. Thanks again for this very important reminder!! Absolutely right! I had an experience with PayPal scam – it was a phony email that wanted me to ‘click here.’ The header of the email, etc., looked identical to PayPal, but there was one little spelling mistake that I picked up on immediately. I contacted them right away and they asked me to send them the letter I received….sure enough it was a scam. I was told back then to never, ever click on any link, or else you’ll have loads of trouble to follow. Thanks again for this very important reminder!!

]]>