Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Olympic Clicks

Published: 2008-08-07
Last Updated: 2008-08-07 21:05:09 UTC
by Mark Hofman (Version: 1)
0 comment(s)

You don’t have to be the oracle at Delphi to be able to predict that the next few weeks are going to be rife with attempts to phish, SPAM and scam with an Olympic theme. 

With the Olympics starting tomorrow our users are going to start receiving themed emails with something extra.  They will start receiving emails similar to the cnn.com top ten emails Daniel wrote about, but also messages from “news services”, storm with Olympic themed subjects, messages from Visa as Olympic sponsor, etc.  They will all ask the recipient to click.  So it is probably a good idea to remind your users of the dangers of the almighty click.

Now whilst 15 lashes with the cane for the first person to introduce nasties might sound like a great idea, in most countries this is frowned upon.  Likewise the advice of “don’t click anything” is also likely to be ignored. So we will have to come up with some ideas that will help prevent people from becomming victims.  Lets arm them with some rules of clicking safely.

Don’t click any links when
:

  • the email was sent by someone you do not know.
  • the email was sent by someone you might know, but whose name and email address do not match.  e.g sender: John Smith <Shjdyu@yahoo.com>  or Albert Einstein <stacyB@hotmail.com>
  • if the email asks you to click a link to “verify” personal details. e.g. “please click the link below to verify your account details”.
  • the link looks funny.  e.g. http://123.123.123.123/dhjeuaUhskw/special_surprise or www.notquite-the-banks-name.com
  • the web page says you have
    • “won a laptop, click here to claim”,
    • “a /spyware, click here to download a program to fix it”,
    • “been selected as our lucky winner for .....”

If you have passed all of the above tests and you succumb to the urge to click, then before you click ask yourself some additional questions:

  • How certain am I that the email was sent by the sender?
  • Does the link match what I would expect it to be?  e.g.  www.xyzstore.com rather than www.xyzzstore.com
  • When you hover the cursor over the link, where does the browser say it will take you?  e.g. Hover your mouse over the following link http://www.xyzstore.com  would this link take you somewhere “special”.

So these are some of the examples I could think off to help educate my users.  If you have some that I can add, please send them in.

As for system admins and security folks, in the next three weeks you might want to make sure that your AV is up to date.  Your SPAM engines are working properly, web traffic is filtered and you watch your logs for connections to weird places.  Keeping in mind that until August 24 some parts of China are not going to be weird places.   You might even consider doing what I have done at a few sites, which is to whitelist the official Olympic sites and block the rest. 

Just to get into the spirit of things,  Go Aussie Go! (and Kiwi’s too).  ;-)

Cheers

Mark H - Shearwater

Keywords:
0 comment(s)
Diary Archives