Further compounding the problem, pretty much every browser has built-in FTP client capabilities invoked at the simple click of a link. Just by opening this link, ftp://10.10.10.10/test.html, for example, IE, Firefox and Mozilla browsers will dutifully fetch the test.html file, render its HTML and run any of its scripts (based on the browser's script configuration settings). So, to answer your question directly, FTP links can indeed be more effective in phishing emails because they receive less scrutiny from most organizations. Make sure to carefully inspect FTP URLs, or even block FTP access, if it is not required in your organization.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.