***:

** **** ** *********** ** *** how ********* ************ **** ****** *** that **** **** ******** ***** *** attachments in ****** ** ** ********.
Tradeoff ******* *** ********
** ******** ** *********'* ******** ********, links ** ****** *** *********** **********. ***** is * **** ** ***** *********** beyond **** *** ** ***** ** copied *** ****** **** ** *****. Links ***** ****** *** ************* ** concisely ***** **** ***********.
The ****
*** **** ** ******** ***** ** emails ** **** *** **** *** not ** **** ** ******** ** be. *** *******, **** ** * link **** ******* ** ** ** a **** ** ****** ******** *** what **** ** ****** *** *******, or ** ***********:

*******, *** **** ******** **** ** a ***** **** ********** ** **** a **** ****, **** *** ****** site ***** ** **** **** * TMZ ********* ****** ****:

** ********, *** **** ******** **** that **** *** ****** ***** *** clicked **, ***** ***** ****** **** the ***** ******* *** ***** (*** potentially **** *** ********* **** *** exercise *********** ** ******** ******* *****):

Some ******** ***** ** ******* **** *****
**** ***** ******* **** ******* ** expand ******* ******* ** *** ********** data ** *** ******, ** *****-** address. ***** **** ** *** * perfect ********* **** *** ******* ** legitimate, ********** ****** ***** **** *****-** addresses **** **** ****** ******* (*** to *********, ** *** ** **** to **** ** ******* * ***** domain ******** ** *** ******). ** the ***** ******* ***** ** *** see **** **** ***** ** ***** has ********** *********** *** ********* ** the ****: *** *****-**: ******.

****** ******** * **** ** ** email, ***** **** ** ** ****** the **** **** ** *** ****. From **** *** *** ***** ********* if ** **** ** * ****** *** would ******, **** ** *** ******* below **** * ******* ***** *****:

*********, **** **** ***** **** ********** and ******** ** ** ********** **** "Canada ***** ******":

****, ****** **** ****** ******** ***** in ******, **** ****, *** **** open **** ** * "*******" ******* window ** *** (*.*.: ********* **** in ******, ******* **** ** ******). This **** ******* ** ******** *** ability *** ********** ***** ** *** access ** ***** ******* ****, ** to *** ********** *******.
Vote / ****

Comments (24)
John Bazyk
IPVMU Certified | 01/09/18 03:24pm
I check the sender address before I click on links. Just because it says "PayPal" in the email header doesn't mean it's from PayPal. When you see the full email address you can tell pretty quickly if the email links are safe or not. I also don't click on links from automated emails or mass emails, not because I'm afraid of spam I just don't want to get on a retargeting list.
Create New Topic
Tony Warren
Uh, I clicked on a link in an email to get to this story...is that bad?
Create New Topic
Undisclosed Integrator #1
Your survey is missing an option, "It depends". Links provide vital references where it is applicable. Its true you should not click on links you do not feel certain about. It does not mean you cannot click on a link. Just be wary of seeing the URL before you click to assess whether it is going to the place you think it is going to. Just to add. Hikvisions' list of do's/dont's seems correct I expect they have some sort of detailed training behind each and every point that articulates what that means.
Create New Topic
John Honovich
Bigger picture, Hikvision would do better answering real, direct, harder questions about their own cyberecurity, e.g., Dear Hikvision's Chuck Davis, What Is The ONVIF Security Problem?
It is unfortunate that Chuck Davis is showing more concern about generic cybersecurity practices (with blog posts over and over and over again) but little about Hikvision's own cybersecurity.
Create New Topic
Tony Warren
Blanket statement. ya, that makes total sense. How about just check the link and be smarter about your decisions to click it or not. They are not that hard to figure out. If it looks sketchy, don't click it.......easy as that.
Create New Topic
Undisclosed End User #2
There was a Krebs article where he suggests pretty much what Hikvision is stating here. He warns against clicking on any links in emails, regardless of if you know the sender or not. I was recently sent an email from "Paypal" stating my account had some unauthorized activity, and I needed to verify my identity through a click-through link in the email. In all honesty, it looked 100% legit - even showing the lock symbol for a secured and certified webpage. But I chose to instead go to Paypal's main site through a different browser window, and logged in that way. Needless to say, the email I got was phishing scam. That was the first time I've come across something that well-made, including an SSL certification. I have no doubt it has fooled many before me, and will continue to fool many more. Hikvision's approach may be a little heavy-handed here, and is probably not necessary for most on this site, but as general announcement for some of their customers (the default name and password, port-forwarding, etc crowd) it may be something they should be thinking about.
Create New Topic
Undisclosed #3
This just in... Hikvision’s Chuck Davis announces a crackdown on Nigerian 419 Scammers.
An excerpt from Davis’ announcement read, “If you get an email from a Nigerian prince asking you for your banking information, don’t do it, it’s probably a scam.”
Nigerian Prince Adegbite Adewunmi Sijuade could not be reached for comment, but an official from his office stated “I mean, his highness already has enough trouble getting people to respond to his emails in the first place, we really don’t need the Chinese government making matters worse.”
Create New Topic
Randy Lines
"Never" is a strong word. If you asked for something from a family member and received the requested link is different than Paypal requesting you to log in.
Awareness and common sense based on articles like this (and from Chuck Davis) will get you to "close". To get to "never" will make you extremely slow .... like saying if you never want to get hit by a car ... don't go outside.
rbl
Create New Topic
Undisclosed Manufacturer #4
How will you reset your password in Dropbox, Facebook, Google, Salesforce.com, or almost any other website/application in the world?
Create New Topic
Undisclosed Distributor #5
Create New Topic
Undisclosed #3
Create New Topic
Tony Warren
Create New Topic
Rich Moore
Still better than Knightscope
Create New Topic
Jon Dillabaugh
01/09/18 08:31pm
Why not right click and copy the link, then paste it into a text editor (notepad, etc) and look at the raw URL? That way, you can tell the difference between:
https://paypal.com.securityhelp.ru
https://www.paypal.com/security
DON’T CLICK ABOVE!!!! Lol
Create New Topic
Undisclosed Distributor #5
A very simple trick to be aware of is URL masking, where a seemingly legit link is posted "in the clear" like these (hover over each to see what's hidden):
https://paypal.com/really-a-bad-link
https://paypal.com/pretend-good-link
Create New Topic
Undisclosed Distributor #5
Well, the hover function doesn't seem to work ... they're both actually good links. My point is that you can make a link look good upon a cursory glance when its really not.
Create New Topic
Michael Gonzalez
01/10/18 12:43am
I think they meant to say never to click on links in any of their emails, since they're investing all of their money in damage control rather than fixing the problems with their security. Good advice, but I never click on Hik messages anyway...
Create New Topic
Chad Rohde
It took a security lab to figure this out?
I don't think this is a "cybersecurity attack". More like trolling for the sick and elderly.
Create New Topic