RSA, CA accused of sending 'stupid' e-mails

RSA, CA accused of sending 'stupid' e-mails

Summary: Computer security specialists RSA and Computer Associates have been called "stupid" for sending e-mails containing "masked" links, which are often used in phishing attacks.Mikko Hyppönen, director of antivirus research at F-Secure, said it was "stupid" for security companies to send e-mails containing links that point to a different location to the one they purport to point to, which is a technique commonly used by phishers.

SHARE:
Computer security specialists RSA and Computer Associates have been called "stupid" for sending e-mails containing "masked" links, which are often used in phishing attacks.

Mikko Hyppönen, director of antivirus research at F-Secure, said it was "stupid" for security companies to send e-mails containing links that point to a different location to the one they purport to point to, which is a technique commonly used by phishers.

In the F-Secure Web log, Hyppönen criticised CA for sending an e-mail containing information about an "important update" with a link that seemed to connect to "supportconnect.ca.com" but actually went to a different address with additional information tagged to the URL. Just days earlier, Hyppönen had lashed out at RSA for using the same technique when inviting delegates to a security conference in Europe.

"How a security company sends out messages like this is beyond me. What's the point in trying to educate users about phishing scams and how they work if the same tricks are being used by the good guys," said Hyppönen.

James Turner, a security analyst at Frost & Sullivan Australia, said using masked links was "not the [most clever]" move and suggested that the problem could have arisen because of a "disconnect" between IT security and marketing.

"Phishing has certainly underscored that this is a risky area. I don't think this is the cleverest thing and it is a trickly situation -- this is one of those disconnects between marketing and IT," said Turner.

Neil Campbell, national security manager of IT services company Dimension Data, pointed out that modern antispam software often characterises e-mails with masked links as potential spam, which could mean the messages are filtered out before they reach their intended recipient.

"Once you start exhibiting characteristics of spam you are going to start falling foul of spam filters -- are these e-mails going to be put into junk e-mail folders," said Campbell, who said he would be unlikely to click on a masked link. "If I had an e-mail purporting to be from a company but the link went off to a company I had never heard of I would be unlikely to click on it".

Neither Computer Associates or RSA were available for comment.

Topics: Collaboration, Malware, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion