My Friend Sent Me This Link

I just received an e-mail from my best friend with an embedded link. The link seems meaningless and not something my friend would send. However, it comes from a trusted source which is my friend’s e-mail account. The link must be safe or else my buddy would not send it … wrong … you are letting your altar-ego prevail. Go back to my last post on “To Click or Not To Click” to understand rule number one, do not click on any links without due diligence.

You cannot trust an e-mail that comes from your friend as I can spoof (pretend to be your buddy) an e-mail account in 30 secs using good old telnet … it is not rocket science for a techie. Another reason is that malware (infection) on your friend’s computer can blast out e-mails using their address book or their e-mail account password was compromised.

What can I do? Do I throw my computer away and abandon the social media world and go back to pen and paper and snail mail? No, but you need to be vigilant and careful. Generally, I avoid any e-mail that only contains a link. I want personal salutations or contextual information about an event that only my friend and I would know. For example:

Hey Kim,
 
Thanks for the beers and laughs! Here are a few pics:
www.flickr.com/kimandpierre
 
Cheers,
Pierre

Other things that I will look for or do:

  • hover over the link (covered in last post);
  • verify country that the link is pointing to;
  • check to see if the distribution list contains a trusted circle of friends. People generally do not blast e-mails to different circles of friends. They send to either family, buddies, or work colleagues but do not send to all or intermix contacts. My family does not need to know my hockey buddies or their contact info. This could be a sign that malware is randomly selecting contacts from your address book;
  • the link is meaningful to you … ie. you are married and your friend sends a dating site link – NOT meaningful in your case – well maybe if your relationship is going south;
  • if you are really good, check out the mail headers to see what IP address the e-mail came from, what is the location of origin. This may show that the e-mail was spoofed. In the case of malware, this does not work. This covers the spoofing case only;
  • contact the originator to determine whether they sent the e-mail. A quick reply works easily and fast; and
  • google search the TLD domain (see last post for TLD determination) with McAfee site advisor installed. Site advisor will provide the reputation of the sites.

When in doubt, follow your heart and squash your altar-ego temptation. Safe browsing and e-mail reading!

Add to DeliciousAdd to DiggAdd to FaceBookAdd to Twitter

About the author

kim.edwards - Kim Edwards owns and operates an information and network security consulting company which provides security services to both public and private sector clients. With over 18 years experience in networking security and telecommunications, Kim excels at leadership, design, threat management, and architecture. His recent work covers advanced research and security assessments and impacts for enterprise-type networks such as the Canadian House of Commons, Communications Security Establishment and Nortel. Kim has earned an MSc in Electrical Engineering from Queen's, specializing in cryptography with a BSc from the Royal Military College of Canada.

Do you have something to say?

Your email is never published nor shared.
Required fields are marked *

WP-SpamFree by Pole Position Marketing