
Enhanced Analysis of GRIZZLY STEPPE Activity [pdf] - CarolineW
https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf
======
CarolineW
From page 53:

    
    
        > Organizations should ensure that they have
        > disabled HTML from being used in emails, as
        > well as disabling links.  Everything should
        > be forced to plain text.
    

Well, that ship has sailed ...

Further, a comment on twitter[0]:

    
    
        > ... webmail UX robbed users of clues as to
        > links' effects or origin. Then we blame them
        > for not learning.
    

How can we become serious about security?

\--------

[0]
[https://twitter.com/sergeybratus/status/830864841866874881](https://twitter.com/sergeybratus/status/830864841866874881)

