Skip to main content
avillanueva
23-Emerald I
avillanueva23-Emerald I
23-Emerald I
February 4, 2022
Question

Let's talk about phishing - "Look at this"

  • February 4, 2022
  • 2 replies
  • 3351 views

I see this often enough to want to fix it. While we do have steps in place spot internal vs external emails, the generic-ness of the system generated emails causes people to question clicking on that link and I do not blame them. Any thoughts on how we can improve this?  It we train our users to expect these types of emails, it would not be hard for someone to exploit in a phishing attack.

 

avillanueva_0-1643991360419.png

 

2 replies

HelesicPetr
22-Sapphire II
HelesicPetr22-Sapphire II
22-Sapphire II
February 7, 2022

Hi @avillanueva 

I would definitely try to find a way how to change the mail layout sent from Windchill HelesicPetr_0-1644225511843.png if there is just a link "Look at this".

For example add a company logo, and explanation that this is from Company system.

 

In my opinion It is not easy, because there is not supported way how to do so. 

the class which controls sending the email from is 

com.ptc.windchill.enterprise.team.commands.TeamCommands

And it is located in a wncWeb.jar file. so customization of that class is complicated.

 

In other hand email layouts from workflow template notification is possible to customize.

https://www.ptc.com/en/support/article/cs43584

 

It would be nice to modify the email layout as workflow template notification that is not just a link with/without some simple message from user. 

 

BestRegards

PetrH

R
rhart16-Pearl
16-Pearl
March 8, 2022

Any emails which follow a friendly familiar format are an easy potential exploit because we're less likely to inspect the URL of emails we see every day.

There's various third party software for your email server which seems expensive with no real insurance, see URL Analysis Rewriting, or Time of Click URL Protection Rewriting, or Real-time URL Analysis Rewriting.

MS Outlook seems to have these features built-in with Defender for Office 365 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide

 

R
rleir17-Peridot
17-Peridot
August 23, 2023

@HelesicPetr @rhart @avillanueva @

 

Let's figure out how the templates work .


In src/com/ptc/windchill/enterprise/team/teamResource.java:
emailPage.jsp and email.jsp
@RBEntry("Look at this")
public static final String PRIVATE_CONSTANT_32 = "EMAIL_PAGE";

 

So, in an email template "EMAIL_PAGE" gets replaced by "Look at this" (but maybe this can also be configured to some other phrase in the language translation files??)

 

These seem to be the only templates using the phrase:
codebase/netmarkets/jsp/team/emailPage_step.jsp: emailBody = teamRb.getString("EMAIL_PAGE");
codebase/netmarkets/jsp/document/emailPage_step.jsp: emailBody = teamRb.getString("EMAIL_PAGE");

 

Help page for the user, but it does not help the admin:
https://support.ptc.com/help/windchill/r12.1.2.0/en/index.html#page/Windchill_Help_Center/navigation/NavPageEmail.html

 

How can we change this so the emails don't look so spammy? It would be good if we could have a popup saying 'CTRL-click to follow the link'. And use a link type which requires this. 

    HelesicPetr
    22-Sapphire II
    HelesicPetr22-Sapphire II
    22-Sapphire II
    August 24, 2023

    Hi @rleir 

    So based on your information, you can modify the JSP pages with own HTML table tags to format email body as you need. 

    but the jsp pages are little bit complicated but it is possible to put there logo, with additional information that email is from company system. 

     

    During upgrade/update process you will never know if the jsp page is changed and you would need to care about the change each time you install CPS package.

     

    PetrH

      Terms & ConditionsAccessibility statement