Today I noticed something strange.
I got an email containing a link that redirects to another site than the text says. In (Simple) HTML, the review is visible when hovering over the link. However, in plaintext, in 3 out of 4 mails only the a.com was shown a.com
This makes me a bit worried however, since I only noticed the redirection once another client answered, that probably had HTML view turned on.
If I switch the view of the message body to Simple HTML, I need to check if the link matches the location visually, which I want to avoid, because that might be error-prone. I do know that I could configure my Thunderbird to simply show me puny-code, but then one unaware click in the wrong moment could be fatal.
What are security-wise recent best practices to both protect yourself from clicking malicious links as well as detecting that someone has sent such a malicious link?
Specifically, is there a way to always get shown a.com
in plaintext, but with the displayed part only marked as the link's location, whenever the link's text part displays an URL?
http://dlvr.it/RzGYlm
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment