Re: Let's talk about phishing - "Look at this"

avillanueva · ‎Feb 04, 2022

I see this often enough to want to fix it. While we do have steps in place spot internal vs external emails, the generic-ness of the system generated emails causes people to question clicking on that link and I do not blame them. Any thoughts on how we can improve this? It we train our users to expect these types of emails, it would not be hard for someone to exploit in a phishing attack.

HelesicPetr · ‎Feb 07, 2022

Hi @avillanueva

I would definitely try to find a way how to change the mail layout sent from Windchill if there is just a link "Look at this".

For example add a company logo, and explanation that this is from Company system.

In my opinion It is not easy, because there is not supported way how to do so.

the class which controls sending the email from is

com.ptc.windchill.enterprise.team.commands.TeamCommands

And it is located in a wncWeb.jar file. so customization of that class is complicated.

In other hand email layouts from workflow template notification is possible to customize.

https://www.ptc.com/en/support/article/cs43584

It would be nice to modify the email layout as workflow template notification that is not just a link with/without some simple message from user.

BestRegards

PetrH

rhart · ‎Mar 08, 2022

Any emails which follow a friendly familiar format are an easy potential exploit because we're less likely to inspect the URL of emails we see every day.

There's various third party software for your email server which seems expensive with no real insurance, see URL Analysis Rewriting, or Time of Click URL Protection Rewriting, or Real-time URL Analysis Rewriting.

MS Outlook seems to have these features built-in with Defender for Office 365 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide

rleir · ‎Aug 23, 2023

@HelesicPetr @rhart @avillanueva @

Let's figure out how the templates work .

In src/com/ptc/windchill/enterprise/team/teamResource.java:
emailPage.jsp and email.jsp
@RBEntry("Look at this")
public static final String PRIVATE_CONSTANT_32 = "EMAIL_PAGE";

So, in an email template "EMAIL_PAGE" gets replaced by "Look at this" (but maybe this can also be configured to some other phrase in the language translation files??)

These seem to be the only templates using the phrase:
codebase/netmarkets/jsp/team/emailPage_step.jsp: emailBody = teamRb.getString("EMAIL_PAGE");
codebase/netmarkets/jsp/document/emailPage_step.jsp: emailBody = teamRb.getString("EMAIL_PAGE");

Help page for the user, but it does not help the admin:
https://support.ptc.com/help/windchill/r12.1.2.0/en/index.html#page/Windchill_Help_Center/navigation/NavPageEmail.html

How can we change this so the emails don't look so spammy? It would be good if we could have a popup saying 'CTRL-click to follow the link'. And use a link type which requires this.

HelesicPetr · ‎Aug 24, 2023

Hi @rleir

So based on your information, you can modify the JSP pages with own HTML table tags to format email body as you need.

but the jsp pages are little bit complicated but it is possible to put there logo, with additional information that email is from company system.

During upgrade/update process you will never know if the jsp page is changed and you would need to care about the change each time you install CPS package.

PetrH

rleir · ‎Aug 24, 2023

Yes, source code control and configuration management is needed. This is a complex issue. The wtSafeArea and wtCustom directories are a step in the right direction, but I see a need to have a git client in the Windchill server to help manage local mods. Considerable care is needed when installing CPS packages and merging this with local mods.

AndyHermanson · ‎Aug 24, 2023

Why would you need to have a git client on the Windchill server? Any mods you make locally to test something should then be loaded back in your source control after they have been verified to work. You would then push those mods back out from source after you merged the new changes. Maybe I am missing something else.

avillanueva · ‎Aug 24, 2023

Source code control is gonna be super easy, barely an inconvenience. Any file modified first gets copied to wtSafeArea/ptcOrig in its relative folder. Your modified file goes in wtSafeArea/siteMod in its relative folder there. With CPS update, they list in readme which files are updated so you can check against one's you've changed. Looking into this from the jsp you've provided, there are 3 actions related. From Members page and Quick Links, it uses jsp/team jsp files but only QuickLinks includes the dreaded "Look at this" link. The document action has "email document" action.

All changes can be accomplished in the JSP files. The JSP page is collecting input to trigger the action so it should be possible to alter the input to influence the resulting email (which should get processed somewhere else). It also should be possible to allow for user to alter the "Look at this" default text to something else. This would randomize it enough to not look like phishing. I would suggest using name/number of the object page they are on to provide the default url text but allow user's to change it (but most people likely won't).

I'll take a crack at this and post a solution. I would note that "Use my own Mail Client" option shows the full URL, ugly, but it looks less like phishing.

rleir · ‎Sep 20, 2023

A,

You say 'all changes can be accomplished in the JSP files' but we found a need for changes in a Java file src/com/ptc/windchill/enterprise/team/teamResource.java (above). We also compiled this 'manually'. Is there an easier way? (Sure, it can be saved in wtSafeArea/siteMod. But also in git please)

HelesicPetr · ‎Sep 20, 2023

Hi @rleir

What do you need to change in the teamResoursejava?

You can get the link in the jsp page and you can manipulate with the result link as you need in the jsp.

PS> I don't think so there is easier way.

PetrH

rleir · ‎Sep 19, 2023

Petr:

You say "put there logo, with additional information that email is from company system".

Thanks! but how?

cheers -- Rick

HelesicPetr · ‎Sep 19, 2023

Hi @rleir

You can modify your email notification and use HTML tags to format your email

in your case you should care about codebase/netmarkets/jsp/document/emailPage_step.jsp

jsp page can be formatted by HTML tags so try it.

following example is for Notification robot with Windchill logo and table formatting.

.folder location> ..Windchill\codebase\templates\pdmlink\workNotification\NotificationRobot.html

<html>
<head>
   <META NAME="Author" CONTENT="Dave Hoplin">
</head>

<body>

<SCRIPT LANGUAGE=Windchill>
<!--
wt.htmlutil.HtmlUtil createBase
-->
</SCRIPT>

<table style="border:2px ridge black;" cellpadding="3" cellspacing="0">
  <tr bgcolor="#000000" style="border:2px solid black;">
	<td colspan="2" >
      <font color="#FFFFFF" face="Arial, Helvetica, sans-serif">
		<img src="http://serverName.com/Windchill/netmarkets/images/logoWC.png">
      </font>
    </td>
    <td colspan="1" >
      <font color="#FFFFFF" face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=PROC_NOTIF resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
  </tr>
  <tr>
    <td align="right" valign="top" nowrap>
      <font face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=PROC resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
    <td align="left" valign="top" colspan="2">
      <font face="Arial, Helvetica, sans-serif">
      <SCRIPT LANGUAGE=Windchill>
      <!--
      processName
      -->
      </SCRIPT>
      </font>
    </td>
  </tr>
  <tr>
    <td align="right" valign="top" nowrap>
      <font face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=PROC_DESC resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
    <td align="left" valign="top" colspan="2">
      <font face="Arial, Helvetica, sans-serif">
	  <SCRIPT LANGUAGE=Windchill>
	  <!--
	  processDescription
	  -->
	  </SCRIPT>
      </font>
    </td>
  </tr>
  <tr>
    <td align="right" valign="top" nowrap>
      <font face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=ACT_NAME resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
    <td align="left" valign="top" colspan="2">
      <font face="Arial, Helvetica, sans-serif">
	  <SCRIPT LANGUAGE=Windchill>
	  <!--
	  activityName
	  -->
	  </SCRIPT>
      </font>
    </td>
  </tr>
  <tr>
    <td align="right" valign="top" nowrap>
      <font face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=ACT_DESC resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
    <td align="left" valign="top" colspan="2">
      <font face="Arial, Helvetica, sans-serif">
	  <SCRIPT LANGUAGE=Windchill>
	  <!--
	  activityDescription
	  -->
	  </SCRIPT>
      </font>
    </td>
  </tr>
  <tr>
    <td align="right" valign="top" nowrap>
      <font face="Arial, Helvetica, sans-serif">
      <b>
      <SCRIPT language=Windchill>getLocalizedMessage resourceKey=SUB_OBJ resourceClass=wt.workflow.work.workResource</SCRIPT>
      </b>
      </font>
    </td>
    <td align="left" valign="top" colspan="2">
      <font face="Arial, Helvetica, sans-serif">
      <SCRIPT LANGUAGE=Windchill>
	  <!--
	  primaryBusinessObjectLink
	  -->
	  </SCRIPT>
      </font>
    </td>
  </tr>
  <tr>
     <td colspan="3">
       <hr size="1" color="#40637A">
			<SCRIPT LANGUAGE=Windchill>
			projectLinkAttributes
			</SCRIPT>	   
     </td>
  </tr>

<tr colspan="3" style="border:2px ridge black;">
    <td colspan="3">
      <font face="Arial, Helvetica, sans-serif">
      <SCRIPT LANGUAGE=Windchill>
      <!--
      messageText
      -->
      </SCRIPT>
      </font>
    </td>
  </tr>
</table>
</body>
</html>

PetrH