Security Tip: Don?t Click on Links, and Don?t Send Them Either!

By now, many of this blog’s readers have already heard me tell them why it is bad to click on links in email. Without going in to detail, it is because links can very easily be forged in email, just like they can on a web site.
Here’s an example: Where do you think this link will take you? Go ahead and try, it’s safe (I promise).

https://www.paypal.com

Did you click it yet? If so, you found out that it did not take you to PayPal at all! Instead, you ended up at Paradigm Consulting’s web site. How is this possible? HTML, the language that all web sites and pages are made of, allows you to make links, and you can label them however you like. So a link may look like one thing, but go to another. This is the same technique used by spammers and phishers millions of times a day to get people to go to sites that they think are Paypal, or eBay, or their bank, or some other legitimate site, but really aren’t.
What does this have to do with email? Just about every email client out there now supports HTML formatting in email, and that includes links.
Because I am trying to train people to get out of the habit of clicking on links, I generally do not send links in an email unless it is part of an ongoing discussion or thread, and links are expected. It is just too easy to get people to click on links to malicious web sites these days, and the simple act of opening a web site may be enough to infect your computer with malware if you do not have adequate protection on your system.
What can you do to make your system more secure?
For starters, disable HTML email in your mail client. Make sure that your mail program doesn’t even show you HTML mail, which will tremendously increase its security.
To Configure Outlook 2003 To Display all Mail as Plain Text


To turn on the Read all standard mail in plain text option in Outlook 2003, follow these steps:

  1. Start Outlook 2003.
  2. On the Tools menu, click Options.
  3. On the Preferences tab, in the E-mail area, click E-mail Options.
  4. In the Message handling area, click to select the Read all standard mail in plain text check box.
    Note By default, the Read all standard mail in plain text option is turned off.

The next step is to start being part of the solution and stop sending HTML emails.

  1. Start Outlook 2003.
  2. On the Tools menu, click Options.
  3. Click the Mail Format tab.
  4. Choose “Plain Text” from the selection drop-down menu at the top of the box.

To Configure Outlook 2007 Display All Mail as Plain Text
To turn on the Read all standard mail in plain text option in Outlook 2007, follow these steps:

  1. Start Outlook 2007.
  2. On the Tools menu, click Trust Center, and then click E-mail Security.
  3. Under Read as Plain Text, click to select the Read all standard mail in plain text check box.
  4. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

When the Read all standard mail in plain text option is turned on, you receive the following notification on the InfoBar at the top of the e-mail message:

This message was converted to plain text.
The next step is to start being part of the solution and stop sending HTML emails.

  1. Start Outlook 2007.
  2. On the Tools menu, click Options.
  3. Click the Mail Format tab.
  4. Choose “Plain Text” from the selection drop-down menu at the top of the box.

To Configure Mozilla Thunderbird To Display All Mail as Plain Text

  1. Click View | Message Body As and select Plain Text.

If you set it to Plain Text it will display a plain text message as is, and transparently convert a HTML message to a plain text message. This doesn’t just interpret it as plain text, it temporarily gets rid of all of the HTML tags (including scripting, which makes things dangerous) so that you don’t see what looks like code.
The next step is to start being part of the solution and stop sending HTML emails.

  1. Click Tools | Account Settings
  2. For each account listed (you may have only one), select Composition & Addressing and uncheck the Compose messages in HTML format checkbox for each account.

References:
How to view all e-mail messages in plain text format
Plain Text Email: Thunderbird

Leave a Reply