Re: e-mail security.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01Dec2018 13:23, home user <mattison.computer@xxxxxxxxx> wrote:
Today, I received a message claiming to be from "noreply@xxxxxxxxxxxxx". Never heard of them. The message tells me to click a link in the message to view an encrypted message. Now I know that clicking links in e-mail is risky. How do I safely determine if this is genuine and safe without clicking that link?
1: You've never heard of them. This is usually an indication that it is bogus.
2: Look at your message headers. Is the To: address to your real email address, with your full and correct name? If not, also suspicious.
3: _Mouse over_ the link. Is it the same domain as the From:? If not, sus again.
4: Are you expecting an encrypted message from someone you've never heard of? I've never received one, and if I did I would expect it to be encrypted _to me_ i.e. GPG encrypted with _my_ public key. The key take here is that to retrieve it I don't have to go anywhere: I have the message in the email and I have my personal private key to hand. You can't "go to a web site" to fetch an encrypted message, because said site doesn't have any of _your_ private information.
However, you can bet that such a site will _ask_ for your personal imformation: that is usually the point, to get information that can then be used for fraud or identity theft.
5: Look at the headers, particularly the Received: headers. How did this message reach you? Note that any of these may be forged, but those for you and/or your immediate ISP will be real, and will show the immediate source.
6: Look at the spelling/grammar. Is it at all dodgy? If so, almost always sus. Corporate communications, especially automated ones, are usually well prepared before getting to run.
7: Is there a good rationale for viewing this message? Just "you have a message" doesn't reach that bar for me. 

8: You can fetch the target page with curl or wget. Example:

 wget -S -O - 'paste URL here between single quotes'

Depending on your knowledge, this may be revealing or not.
Phishing sites are usually set up to closely resemble the organisation they are pretending to be. But there are often signs of forgery.
I had a look at "whois encrypt.barracudanetworks.com". No record. barracuda.com at least has a whois record. This isn't very definitive.
Myself, I would not trust this. I've received quite a few resembling what you describe. 

Cheers,
Cameron Simpson <cs@xxxxxxxxxx>
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux