Bad advice from MWEB

[SabreWolfy]

Bad security advice from MWEB

MWEB sent out a general email today, warning users against phishing attacks (extract below).

Please follow these steps to ensure that you're protected:

If you receive an email requesting you to enter you login details and password, be cautious! MWEB will not request you to enter this information from a link contained in an email, but will direct you to www.mweb.co.za instead.
If you're unsure of whether an email is legitimate or not, click on the link and check the URL in your address bar at the top of your screen. The address should start with: www.mweb.co.za/
If it doesn't start with the above MWEB URL, i.e. www.mweb.co.za/ don't go any further, this is not a legitimate MWEB email - you have been targeted by a Phishing email. Close the page and don't enter any details.
If you receive a Phishing email, please forward the email to [email protected] so that we can take further action.

How can they give the advice that I've put into bold text? If you are suspicious, DELETE THE EMAIL! Don't click the link to go to the site and thereby run JavaScript on the site or accept cookies from it or whatever. I think it is REALLY bad advice to suggest to all users that they should CLICK THE LINK in a suspicious email and then check the URL.

 

[PsyWulf]

ROFL....bad bad monkeys...clearly clickjacking and drive-by exploits are off their radar

 

[Azbubu]

Maybe the email was sent by the phishers.

 

[The_Unbeliever]

ROFL

 

[SabreWolfy]

Maybe the email was sent by the phishers.

ROFL! Maybe. Couldn't say, because I didn't click any of the links to check!

 

[The_Unbeliever]

I've replied to that email. Sender seems to be legitimate as it's [email protected]

Will see what happens.

 

[HavocXphere]

Yeah thats pretty damn weak for an IT company.

Also, if you get a suspicious executable, run it & see whether anything bad happens. /s

 

[acidrain]

I wouldn't consider it bad advice.

Most people lacking IT knowledge dont know you can view the url without clicking. I've told my parents on many occassions if they get emails like that to rather click the link and see the url that way, otherwise i have to spend 3x as long explaining how to see the url without clicking.

Either way, nothing wrong with clicking the link... just dont enter any details should it not begin with the url they stated.

 

[PsyWulf]

Either way, nothing wrong with clicking the link... just dont enter any details should it not begin with the url they stated.

No.no.no.no.no.no.no.no.no

This

and

this

 

[froot]

I've replied to that email. Sender seems to be legitimate as it's [email protected]

Will see what happens.

On the same topic, I can make an email come from your email address, or from [email protected], as you would know.

 

[SabreWolfy]

Also, some URLs are intentionally made to look similar to legitimate ones, such as replacing the letter "l" with the digit "1", etc. so that, to the casual user, the link still looks correct.