JDPFu.com 2025

Scenario

We all get emails asking us to do something. Sometimes the email includes a link to a specific web site to help you complete the task. Well, unless you only see plain text email messages, no RTF, no HTML, then you can’t trust that the URL you click is really where you are being taken. If there are any miss-spellings or simple grammar issues, ignore the email.

Simple Solution

Don’t click links provided in emails. Rather, manually go the the website. Use your password manager, like KeePass, to open the correct page and enter your login credentials. Or you could type the known URL, just don’t click the URL in the email. Simple enough?

You know this stuff. You know not to click. But it takes just 1 small mistake to be p’wned and you may not realize it for a few days, if ever.

Examples

Hak5.org forums were hacked in 2009. When the maintainers realized it, they sent an email warning everyone and suggesting that you never use the same password on multiple websites. Good advice. If you use a password manager, like KeePass, you never need to worry about reusing the same password. Just use the Generate button to create a strong password for each website you visit.

Web site administrators are being targeted now to gain access to the servers by people who want more bot controllers in their bot network. I’ve used cPanel before at a hosting provider and it would be easy for that page to be cloned, yet still appear to work. The cloner can grab the login credentials and pass them on to the real cPanel page. When you run a web site, the management of that website often bounces between lots of unrelated web servers that you aren’t used to seeing, adding to the confusion. Even Yahoo hosting was targeted, so I can’t believe that some very popular, yet cheap, providers aren’t also.

I get spam emails that are usually sent from small business servers all the time. These servers could be misconfigured to allow email relaying or compromised by some other method. Regardless, sending an email to the administrator never seems to help.

During holidays, we all get Holiday eCards asking us to click on a URL. I’ve gotten 3 called ICQ Greeting Cards this week. The link in all three of those emails was to some nasty software, for sure. Don’t click. They even had safe links included in the email to the real ICQ site to earn my trust.

Be careful out there, especially if you are an administrator for others or public facing internet services. I expect to be hacked at some point. I have been hacked – over 10 years ago. Hopefully, being hacked again won’t happen for some time.