Hikvision Declares 'Never Click On Links In Emails'

I check the sender address before I click on links. Just because it says "PayPal" in the email header doesn't mean it's from PayPal. When you see the full email address you can tell pretty quickly if the email links are safe or not. I also don't click on links from automated emails or mass emails, not because I'm afraid of spam I just don't want to get on a retargeting list. 

Uh, I clicked on a link in an email to get to this story...is that bad?

Your survey is missing an option, "It depends".  Links provide vital references where it is applicable. Its true you should not click on links you do not feel certain about.  It does not mean you cannot click on a link.  Just be wary of seeing the URL before you click to assess whether it is going to the place you think it is going to.  Just to add. Hikvisions' list of do's/dont's seems correct I expect they have some sort of detailed training behind each and every point that articulates what that means.

Bigger picture, Hikvision would do better answering real, direct, harder questions about their own cyberecurity, e.g., Dear Hikvision's Chuck Davis, What Is The ONVIF Security Problem?

It is unfortunate that Chuck Davis is showing more concern about generic cybersecurity practices (with blog posts over and over and over again) but little about Hikvision's own cybersecurity.

There was a Krebs article where he suggests pretty much what Hikvision is stating here. He warns against clicking on any links in emails, regardless of if you know the sender or not. I was recently sent an email from "Paypal" stating my account had some unauthorized activity, and I needed to verify my identity through a click-through link in the email. In all honesty, it looked 100% legit - even showing the lock symbol for a secured and certified webpage. But I chose to instead go to Paypal's main site through a different browser window, and logged in that way. Needless to say, the email I got was phishing scam. That was the first time I've come across something that well-made, including an SSL certification. I have no doubt it has fooled many before me, and will continue to fool many more. Hikvision's approach may be a little heavy-handed here, and is probably not necessary for most on this site, but as general announcement for some of their customers (the default name and password, port-forwarding, etc crowd) it may be something they should be thinking about.  

"Never" is a strong word. If you asked for something from a family member and received the requested link is different than Paypal requesting you to log in.

Awareness and common sense based on articles like this (and from Chuck Davis) will get you to "close".  To get to "never" will make you extremely slow .... like saying if you never  want to get hit by a car ... don't go outside.

rbl

A very simple trick to be aware of is URL masking, where a seemingly legit link is posted "in the clear" like these (hover over each to see what's hidden):

https://paypal.com/really-a-bad-link

https://paypal.com/pretend-good-link

I think they meant to say never to click on links in any of their emails, since they're investing all of their money in damage control rather than fixing the problems with their security. Good advice, but I never click on Hik messages anyway...