Big Dan
EQ Forum Moderator
"Never click links in emails" is sage advice we all hear frequently from the security conscious but it just doesn't work out that way. The whole internet works on the basis of linking from page to page the act of clicking on a link is so ingrained in surfers that we click links without second thought.
I frequently see legitimate emails with links for me to update my account or payment information. If internet marketers or companies we deal with don't follow security advice and pepper us with links the next time it might be a phishing email with a mock site stealing the information.
The problem is I really don't see an easy way to overcome our predisposition to linking in emails. Ideally the company would write "Please login to Pogo's website to update your credit card details" people on a whole are lazy and likely won't actually go up to the address bar and type in pogo.com and go through the process of logging in.
Perhaps middle ground would be to email the customer with a link to the site's main page advising them that there is something which needs their attention then once logged in a notification system would direct them where to go. That's still a long trail of breadcrumbs for most people to follow.
1&1 a hosting & domain registrar who's business practices I generally despise does something good with email notices. Anything they email you gets copied into a 'customer messaging center' of sorts. When you login it's right there on top of your dashboard waiting for you to click through. It's not perfect but I've trained myself to delete any email I get from them and just login to the site to see what they want.
What's the answer? A 3rd party authentication system, no links in business correspondence at all, or should the onus be put on already overburdened email providers to block phishing emails?
I frequently see legitimate emails with links for me to update my account or payment information. If internet marketers or companies we deal with don't follow security advice and pepper us with links the next time it might be a phishing email with a mock site stealing the information.
The problem is I really don't see an easy way to overcome our predisposition to linking in emails. Ideally the company would write "Please login to Pogo's website to update your credit card details" people on a whole are lazy and likely won't actually go up to the address bar and type in pogo.com and go through the process of logging in.
Perhaps middle ground would be to email the customer with a link to the site's main page advising them that there is something which needs their attention then once logged in a notification system would direct them where to go. That's still a long trail of breadcrumbs for most people to follow.
1&1 a hosting & domain registrar who's business practices I generally despise does something good with email notices. Anything they email you gets copied into a 'customer messaging center' of sorts. When you login it's right there on top of your dashboard waiting for you to click through. It's not perfect but I've trained myself to delete any email I get from them and just login to the site to see what they want.
What's the answer? A 3rd party authentication system, no links in business correspondence at all, or should the onus be put on already overburdened email providers to block phishing emails?