[hypeatei]

> Before clicking on an advertisement, check the URL to make sure the site is authentic

Yeah, good luck doing that with all the various tracking links that mask the actual domain. Sometimes I try to click on links from legit account related emails that are blocked by UBO for being part of a tracker/ad network.

[NegativeK]

I hear this advice from other infosec people constantly, and it's starting to grate. In one breath we tell users "attackers are professionals who are doing this eight hours a day; they're probably going to trick you", and in another we're trying to get users -- who are busy doing their jobs -- to recognize the difference between an I or an l, or maybe go do a domain history lookup to see if businessandsons.com is some new knockoff of businessllc.com, or maybe figure out how to parse whatever the email reputation filter mangled the domain into.

I know perfect is the enemy of good and defense in depth and etc, etc, but this advice just seems crap.