Download presentation
Presentation is loading. Please wait.
Published byMeagan Peters Modified over 8 years ago
1
Don’t click on that! Kevin Hill
2
Spam: Unwanted commercial email ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged to hide actual accounts sending the email. Phishing: email pretending to be from someone else you trust ◦ Deceptive ◦ Designed to look like legitimate email from a trusted source. ◦ Banks, ISPs, corporate IT departments.
3
We use block lists to block emails from known spam sending servers. Many sites now using Sender Reputation systems. Spam reports from Fermilab = bad reputation scores.
4
Look at the “Full Headers” Why “Full Headers”? ◦ Email has envelope From and To addresses, just like old timey postal mail. ◦ The headers your mail client shows are equivalent to addresses at the top of a physical letter. ◦ All servers add a “Received:” header. Only headers added by local or trusted upstream servers are trustworthy. ◦ Don’t trust those either.
5
Never, ever send usernames and passwords via email. Don’t enter your username and passwords into a web form/application you don’t recognize/expect to use. Don’t forward your fnal.gov email to another site and then report messages from it as spam.
6
HTML links have two parts: a display part and a URL “click here” => http://example.com/nextpage.hmtl http://example.com/nextpage.hmtl Don’t assume a link that looks like a URL actually links to that URL “http://www.fnal.gov/computing” => http://www.example.com/hacked_app/scam_ me.php “http://www.fnal.gov/computing http://www.example.com/hacked_app/scam_ me.php
7
URLs can be prefixed with a username/password. http://www.fnal.gov:computing.email.login@ example.com/hackme.html is a valid URL, but doesn’t go where you might think at first glance. http://www.fnal.gov:computing.email.login@ example.com/hackme.html Read emails in plain text instead of html when you can.
8
Holding the pointer over a URL should show where its actually linking in the status line. Latest versions of browser more clearly show if an SSL link is really registered to that domain. Beware of fake SSL certs! Hard to be 100% sure. Use good judgment.
9
Look at mouse-over’s in your mail client to see where a link is really pointing. Better to type in URLs then to click on untrustworthy links, but don’t mistype! Save bookmarks to important pages. Use bookmarks when you get an email requesting you do something at a particular site.
10
Emails about Fermilab systems will not come from non-fnal.gov addresses. Real Fermilab web forms/apps will not be hosted on non-fnal.gov websites. Outsourcing/Cloud based hosting makes things complicated.
11
Messages available at http://home.fnal.gov/~kevinh/SNP/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.