With plain text, the user would have to go through the process of either typing in the link or copying and pasting. This will reduce the likelihood of potentially dangerous scripts or links being sent in the body of the email, and also will reduce the likelihood of a user just clicking something without thinking about it. Everything should be forced to plain text. “Organizations should ensure that they have disabled HTML from being used in emails, as well as disabling links. Even the federal government’s top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email: Returning email to its origins in plain text may seem radical, but it provides radically better security. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary – and serious – danger, because a webpage (or an email) can easily show one thing but do another. Simply put, safe email is plain-text email – showing only the plain words of the message exactly as they arrived, without embedded links or images. It’s not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. The real issue is that today’s web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. But as security experts who study malware techniques, we believe that thinking chases the wrong problem. To fix it, then, users should just stop clicking on the wrong thing. Most people tend to think that it’s users’ fault when they fall for phishing scams: Someone just clicked on the wrong thing. Any one of the endless stream of innocent-looking emails you receive throughout the day could be trying to con you into handing over your login credentials and give criminals control of your confidential data or your identity. It’s troubling to think that at any moment you might open an email that looks like it comes from your employer, a relative or your bank, only to fall for a phishing scam.
0 Comments
Leave a Reply. |