Summary and Suggestion

• We can expect that other portals will implement the same bad idea. Information from CERT indicates that this is the case.

• Many non-tech users would click on such a link in an approproately designed Email. This would take them to a deceptive or hostile site.

• It would not be difficult to provide plugins for email client programs to search and destroy double URL links. This defense is not currently available.

• In most email clients such a link would be clearly visible. Warning users to look suspisciously at long links will diminish risk.

It might be a good idea to circulate a memo describing double address links and advising them not to click on them.

If you get an email with a double link please forward a copy to James Nickson.