https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18576#M855 <P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/542297379">@Jesse_Mundis</a>&nbsp;wrote:<P>&nbsp;</P><P>What say you all?</P><HR /></BLOCKQUOTE><P>You never know where a link will take you, regardless of what it's worded as. Most attacks on organizations' IT Infrastructures begin with end- users inadvertently introducing malware onto systems by clicking on links.</P><P>&nbsp;</P><P>Let's assume you receive an email supposed to have come from the bank you have an account with, and stating: <FONT color="#0000FF">Your credit card XXXX-XXXX-XXXX-5420 was just used to make an online purchase of 2500 USD.&nbsp; (If you didn't make this purchase, <A href="https://community.isc2.org/t5/forums/replypage/board-id/tech-talk/message-id/847" target="_blank" rel="noopener">click here</A> to notify us)</FONT></P><P>&nbsp;</P><P>In such a situation, you should react by immediately checking your account balance to see if there have been any deductions, calling the bank to ascertain the same, and taking further actions. You definitely should not click on the link...</P><P>&nbsp;</P><P>&nbsp;</P><P>From an IT Security perspective, you should inform end-users to avoid opening links, and also take measures to ensure that the impact of them doing so is limited, such as disabling links on an email gateway, securing all end-points with a protection system, etc. --- unless your organization is willing to rely solely on&nbsp;<A href="https://www.linkedin.com/pulse/weakest-link-shannon-d-cruz/" target="_blank" rel="noopener">its employees' judgement in such matters</A>...</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 01 Feb 2019 11:34:46 GMT Shannon 2019-02-01T11:34:46Z https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18497#M847 <P>Looking for opinions, or even better, research, from the community.</P><P>&nbsp;</P><P>In an email answer-back for account creation, you frequently have an opt-in link to confirm it was really the controller of the email address signing up for a service.</P><P>&nbsp;</P><P>But in the case of a typo, or malicious sign-up, I've seen both "If you didn't create this account, just ignore this email" and I've seen "If you didn't create this account, click *this* link to let us know."</P><P>&nbsp;</P><P>In the negative case, which is more common?&nbsp; I'm of the opinion that "click this link to deny" just trains users to click on links in emails they aren't expecting, which is good for phishers, but bad for us. I prefer the "just ignore this email" approach, as more secure.</P><P>&nbsp;</P><P>But having a discussion with a coworker, they said that "click this link to disavow" is a common pattern.</P><P>&nbsp;</P><P>What say you all?</P> Mon, 09 Oct 2023 09:06:03 GMT https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18497#M847 Jesse_Mundis 2023-10-09T09:06:03Z https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18529#M850 <P>&nbsp;</P><P>&nbsp;</P><P>This is the “Inevitability of ‘the Click’”&nbsp; ... nature of humans<img id="smileylol" class="emoticon emoticon-smileylol" src="https://community.isc2.org/i/smilies/16x16_smiley-lol.png" alt="Smiley LOL" title="Smiley LOL" /></P><P><BR />The nitty-gritty is an enterprise must assume endpoints and servers are going to be compromised by this kind of traps. The enterprise should be surprised when endpoints and servers are not compromised. Organizations must layer its defenses so that the endpoints most likely to be compromised first are not the most critical ones.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 31 Jan 2019 14:17:30 GMT https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18529#M850 iluom 2019-01-31T14:17:30Z https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18576#M855 <P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/542297379">@Jesse_Mundis</a>&nbsp;wrote:<P>&nbsp;</P><P>What say you all?</P><HR /></BLOCKQUOTE><P>You never know where a link will take you, regardless of what it's worded as. Most attacks on organizations' IT Infrastructures begin with end- users inadvertently introducing malware onto systems by clicking on links.</P><P>&nbsp;</P><P>Let's assume you receive an email supposed to have come from the bank you have an account with, and stating: <FONT color="#0000FF">Your credit card XXXX-XXXX-XXXX-5420 was just used to make an online purchase of 2500 USD.&nbsp; (If you didn't make this purchase, <A href="https://community.isc2.org/t5/forums/replypage/board-id/tech-talk/message-id/847" target="_blank" rel="noopener">click here</A> to notify us)</FONT></P><P>&nbsp;</P><P>In such a situation, you should react by immediately checking your account balance to see if there have been any deductions, calling the bank to ascertain the same, and taking further actions. You definitely should not click on the link...</P><P>&nbsp;</P><P>&nbsp;</P><P>From an IT Security perspective, you should inform end-users to avoid opening links, and also take measures to ensure that the impact of them doing so is limited, such as disabling links on an email gateway, securing all end-points with a protection system, etc. --- unless your organization is willing to rely solely on&nbsp;<A href="https://www.linkedin.com/pulse/weakest-link-shannon-d-cruz/" target="_blank" rel="noopener">its employees' judgement in such matters</A>...</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 01 Feb 2019 11:34:46 GMT https://community.isc2.org/t5/Tech-Talk/Are-quot-disavow-quot-links-in-email-confirmation-a-good-or-bad/m-p/18576#M855 Shannon 2019-02-01T11:34:46Z