I check the sender address before I click on links. Just because it says "PayPal" in the email header doesn't mean it's from PayPal. When you see the full email address you can tell pretty quickly if the email links are safe or not. I also don't click on links from automated emails or mass emails, not because I'm afraid of spam I just don't want to get on a retargeting list.
Hikvision Declares 'Never Click On Links In Emails'
Published Jan 09, 2018 15:18 PM
Hikvision is stepping up its cybersecurity efforts with a clear recommendation - to never click on links in emails:
It is a surprising change since Hikvision has relied on links in their 'Special Bulletin' emails in responding to their own numerous cybersecurity vulnerabilities, such as:
And:
***:
** **** ** *********** ** *** how ********* ************ **** ****** *** that **** **** ******** ***** *** attachments in ****** ** ** ********.
Tradeoff ******* *** ********
** ******** ** *********'* ******** ********, links ** ****** *** *********** **********. ***** is * **** ** ***** *********** beyond **** *** ** ***** ** copied *** ****** **** ** *****. Links ***** ****** *** ************* ** concisely ***** **** ***********.
The ****
*** **** ** ******** ***** ** emails ** **** *** **** *** not ** **** ** ******** ** be. *** *******, **** ** * link **** ******* ** ** ** a **** ** ****** ******** *** what **** ** ****** *** *******, or ** ***********:
*******, *** **** ******** **** ** a ***** **** ********** ** **** a **** ****, **** *** ****** site ***** ** **** **** * TMZ ********* ****** ****:
** ********, *** **** ******** **** that **** *** ****** ***** *** clicked **, ***** ***** ****** **** the ***** ******* *** ***** (*** potentially **** *** ********* **** *** exercise *********** ** ******** ******* *****):
Some ******** ***** ** ******* **** *****
**** ***** ******* **** ******* ** expand ******* ******* ** *** ********** data ** *** ******, ** *****-** address. ***** **** ** *** * perfect ********* **** *** ******* ** legitimate, ********** ****** ***** **** *****-** addresses **** **** ****** ******* (*** to *********, ** *** ** **** to **** ** ******* * ***** domain ******** ** *** ******). ** the ***** ******* ***** ** *** see **** **** ***** ** ***** has ********** *********** *** ********* ** the ****: *** *****-**: ******.
****** ******** * **** ** ** email, ***** **** ** ** ****** the **** **** ** *** ****. From **** *** *** ***** ********* if ** **** ** * ****** *** would ******, **** ** *** ******* below **** * ******* ***** *****:
*********, **** **** ***** **** ********** and ******** ** ** ********** **** "Canada ***** ******":
****, ****** **** ****** ******** ***** in ******, **** ****, *** **** open **** ** * "*******" ******* window ** *** (*.*.: ********* **** in ******, ******* **** ** ******). This **** ******* ** ******** *** ability *** ********** ***** ** *** access ** ***** ******* ****, ** to *** ********** *******.
Vote / ****
Comments (24)
John Bazyk
Jan 09, 2018
Campbell Chang
Jan 09, 2018Additionally, you can check the email headers (in Outlook) by opening up the email in a new window and clicking the little arrow in the bottom right of Tags.
This will provide you with a lot more information on where the email has come from
If a legit looking email comes in (from your bank or whatnot) then looking at the headers will quickly tell you if the email is bogus or not.
Tony Warren
Jan 09, 2018Uh, I clicked on a link in an email to get to this story...is that bad?
U
Undisclosed #6
Jan 10, 2018Uh, I clicked on a link in an email to get to this story...is that bad?
No, but we have noticed some recent suspicious activity on your account, so we need you to verify just the last 9 digits of your SS#:__________ ;)
UI
Undisclosed Integrator #1
Jan 09, 2018Your survey is missing an option, "It depends". Links provide vital references where it is applicable. Its true you should not click on links you do not feel certain about. It does not mean you cannot click on a link. Just be wary of seeing the URL before you click to assess whether it is going to the place you think it is going to. Just to add. Hikvisions' list of do's/dont's seems correct I expect they have some sort of detailed training behind each and every point that articulates what that means.
JH
John Honovich
Jan 09, 2018I agree with you, generally, that clicking on links in emails depends on conditions / analysis of the email itself.
However, Hikvision's quote/statement is "Never click on links in emails". It would be logically contradictory to reply to a 'never' statement with 'it depends' because never is an absolute, i.e., not ever.
JH
John Honovich
Jan 09, 2018Bigger picture, Hikvision would do better answering real, direct, harder questions about their own cyberecurity, e.g., Dear Hikvision's Chuck Davis, What Is The ONVIF Security Problem?
It is unfortunate that Chuck Davis is showing more concern about generic cybersecurity practices (with blog posts over and over and over again) but little about Hikvision's own cybersecurity.
Tony Warren
Jan 09, 2018Blanket statement. ya, that makes total sense. How about just check the link and be smarter about your decisions to click it or not. They are not that hard to figure out. If it looks sketchy, don't click it.......easy as that.
UE
Undisclosed End User #2
Jan 09, 2018There was a Krebs article where he suggests pretty much what Hikvision is stating here. He warns against clicking on any links in emails, regardless of if you know the sender or not. I was recently sent an email from "Paypal" stating my account had some unauthorized activity, and I needed to verify my identity through a click-through link in the email. In all honesty, it looked 100% legit - even showing the lock symbol for a secured and certified webpage. But I chose to instead go to Paypal's main site through a different browser window, and logged in that way. Needless to say, the email I got was phishing scam. That was the first time I've come across something that well-made, including an SSL certification. I have no doubt it has fooled many before me, and will continue to fool many more. Hikvision's approach may be a little heavy-handed here, and is probably not necessary for most on this site, but as general announcement for some of their customers (the default name and password, port-forwarding, etc crowd) it may be something they should be thinking about.
U
Undisclosed #3
Jan 09, 2018This just in... Hikvision’s Chuck Davis announces a crackdown on Nigerian 419 Scammers.
An excerpt from Davis’ announcement read, “If you get an email from a Nigerian prince asking you for your banking information, don’t do it, it’s probably a scam.”
Nigerian Prince Adegbite Adewunmi Sijuade could not be reached for comment, but an official from his office stated “I mean, his highness already has enough trouble getting people to respond to his emails in the first place, we really don’t need the Chinese government making matters worse.”
RL
Randy Lines
Jan 09, 2018"Never" is a strong word. If you asked for something from a family member and received the requested link is different than Paypal requesting you to log in.
Awareness and common sense based on articles like this (and from Chuck Davis) will get you to "close". To get to "never" will make you extremely slow .... like saying if you never want to get hit by a car ... don't go outside.
rbl
UM
Undisclosed Manufacturer #4
Jan 09, 2018How will you reset your password in Dropbox, Facebook, Google, Salesforce.com, or almost any other website/application in the world?
UD
Undisclosed Distributor #5
Jan 09, 2018
U
Undisclosed #3
Jan 09, 2018
Tony Warren
Jan 09, 2018
Rich Moore
Jan 09, 2018Still better than Knightscope
RL
Randy Lines
Jan 09, 2018We are getting off topic here a bit ;) Part of the reason our industry is accused of being old and behind the time (not entirely without justification) is that we are often a bit quick to dismiss innovation. Knightscope has had a tough run and I am certainly not ready to rent one however I am a cheerleader for any and all attempts to innovate. There are a few others coming on line .. each building off the other. We fell way behind on the IT evolution ... let's not repeat on the robot evolution :)
rbl
Jon Dillabaugh
Jan 09, 2018Why not right click and copy the link, then paste it into a text editor (notepad, etc) and look at the raw URL? That way, you can tell the difference between:
https://paypal.com.securityhelp.ru
https://www.paypal.com/security
DON’T CLICK ABOVE!!!! Lol
UD
Undisclosed Distributor #5
Jan 09, 2018A very simple trick to be aware of is URL masking, where a seemingly legit link is posted "in the clear" like these (hover over each to see what's hidden):
https://paypal.com/really-a-bad-link
https://paypal.com/pretend-good-link
Jon Dillabaugh
Jan 09, 2018That's why I said right click and "copy address", then past it in a text editor.
Mark Espenschied
Jan 11, 2018Jon, it is often the case that you are too smart and practical for the discussion.
UD
Undisclosed Distributor #5
Jan 09, 2018Well, the hover function doesn't seem to work ... they're both actually good links. My point is that you can make a link look good upon a cursory glance when its really not.
Michael Gonzalez
Jan 10, 2018I think they meant to say never to click on links in any of their emails, since they're investing all of their money in damage control rather than fixing the problems with their security. Good advice, but I never click on Hik messages anyway...
CR
Chad Rohde
Jan 10, 2018It took a security lab to figure this out?
I don't think this is a "cybersecurity attack". More like trolling for the sick and elderly.