Versions Compared

Old Version 2

changes.mady.by.user Brian Reynolds

Saved on

compared with

New Version Current

changes.mady.by.user Brian Reynolds

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Due to ongoing IT security education and training over the last few years, our vigilance as a community has increased tremendously.  This is, of course, a positive development.  One side-effect, however, is that the very same vigilance and wariness so encouraged by that training can sometimes lead us to mistrust legitimate emails.

Phishing emails try (among other things) to trick us into clicking a link and visiting a malicious website and are .  They represent a very real threat.  However, sometimes we receive emails from legitimate sources (sometimes third parties contracted by the university) that urge us to click a legitimate link.

...

First, apply your own common sense, intuition, and previously received IT security training in evaluating the trustworthiness of the received email.  If, after doing so, you still feel there's a strong chance the email is legitimate, there is one additional technique that can be used to analyze and verify the link you're being asked to click before actually doing so. . .

Only After Careful Examination - For Emails You Think Are Likely Legitimate

As an example, we'll be using an actual, legitimate email sent to me asking me to take part in the "UC Cyber Security Awareness Fundamentals" training (screenshot follows further below).  Training emails such as these often illicit worry and concern because the return address on them (noreply@sumtotalsystems.com) is not from a UCSB organization or contractor that is readily recognized.  So, the first impression given by this email may be that it is not legitimate.  And, it should be pointed out that even emails with valid/legitimate return addresses can be malicious (the return address can be spoofed/faked and even non-functional. . .the malicious intent is not that you reply, but that you click a malicious link or open a malicious attachment).

...

2.  Note that at the bottom of your screen/window, the actual destination encoded in the link will appear.  (the way this is displayed on mobile devices varies, but it will likely pop up a question asking if you really want to go to the specified site. . . allowing you to opt out of doing so).

Image RemovedImage Added

Evaluating a Link/Address in Detail

...