White papers

“Think don’t link!”

Email users need to take this simple message to heart because of the rise of phishing emails. 

If you receive an email out of the blue that appears to come from your bank, a trusted supplier or some other authority, advising you to click a link and visit their website to update your personal details, DON’T CLICK THE LINK!

Phisher emails contain special hyperlinks that actually send you to fake websites designed to fool you into thinking you are visiting legitimate sites. The fakes look completely authentic down to the same text, layout, graphics and colors. Due to browser bugs, the address bar may even appear to display a legitimate website address e.g. http://www.ebay.com/ or http://www.Barclays.com/ on your screen. 

Phishers encourage you to access special webpages to update or confirm your personal details such as your name, address, credit card or bank account numbers, email address and so on. The fake websites may show the padlock or key symbols for https encryption, just like the real ones, but this is no protection: any information you type-in is encrypted then sent directly to the fraudsters.

Don’t get caught by the phishers. Don’t trust emails that seem to come from a trusted source such as your bank, asking you to enter personal details. Think about it: would they really be asking you for personal information like this? Check directly with them before you submit any sensitive information, and even then be wary.

We offer four free poster images to download, reinforcing the simple “Think don’t link!” anti-phisher message . NoticeBored Classic covers phishing and other email and Internet security risks in more detail through the regular security awareness materials. Click here for more NoticeBored Classic samples.

Hinson Tip

If you want to confirm the true address of the webpage you are looking at, type the following simple Javascript code into the address bar of your browser to display the true URL in a pop-up box:

javascript:alert("True root URL = " + location.protocol +"//" + location.hostname + "/");

By the way, if you save this code as a favorite in Internet Explorer’s “links” folder, it will be ready to click whenever you feel the need to check exactly what page you are looking at. To do this:

• First select (with the cursor) and copy (control-C) the Javascript code shown above. 
• Then create a new favorite in “Links” from any page. Call it something like “Confirm”.
• Now right-click the new favorites link and select “Properties” at the bottom of the pull-down menu. 
• In the address box, in place of the URL to the page you originally linked, paste (control-V) the Javascript code exactly as shown above.
• Click OK and then confirm (twice!) that this means using Javascript code which “does not have a registered program” (you can easily verify the Javascript code to make sure there is nothing untoward going on here - if you are truly paranoid, do not accept the Javascript, put up your lead shielding and go back into your cave).
• Now click the link to see it work, and gasp in wonderment. As if by magic, it tells you the true location for whatever page you are viewing, regardless of what appears to be the page’s URL in Internet Explorer’s address box. Tell your friends and family about this little trick - help spread the word.  Phishers who use tricks to conceal the page URL will be put out of business and the world will be a better place for the honorable, righteous and upstanding members of society that visit NoticeBored.com.
• Be aware that browser security is an oxymoron. It is conceivable that phishers may be able to find a way to alter the location.protocol and location.hostname parameters used in the Javascript ... in which case maybe I’ll join you in that cave after all ...