« Nobody can save your butt but you | Main | How "green" are e-books? »
Sunday
Jun062010

Data and Darwin 2

DateSunday, June 6, 2010 at 09:10AM

At the end of last week I sent the warning below to our staff with the subject heading "TERMINATION OF YOUR EMAIL ACCOUNT is spam/spoofing."  A phishing e-mail was making the rounds here in the district, and I was getting the usual assortment of "Is this for real?" kinds of questions.

Hi everyone,

This old chestnut is making the rounds again. It is definitely not from our department. As always, be highly suspicious of any email that asks you for personal information!

Doug  




---------- Forwarded message ----------
From: WEBMAIL TECHNICAL SUPPORT UNIT 2010 <yranto5@bellsouth.net>
Date: Fri, Jun 4, 2010 at 5:00 AM
Subject: TERMINATION OF YOUR EMAIL ACCOUNT
To:

We are currently carrying out an upgrade on our system due to the fact that it has come to our notice that one or more of our subscribers are introducing a very strong virus into our system and it is affecting our network. We are trying to find out the specific email Account.

For this reason all subscribers are to provide their USER NAME AND PASSWORD for us to verify and have them cleared against this virus. Failure to comply will lead to the termination of your Account in the next 48 hours.

Required Information:
FULL EMAIL ADDRESS:
USERNAME:
PASSWORD:

Hoping to serve you better.
Sincerely,
Technical Support Unit
********************************************************************************************
This is an Administrative Message your webmail server. It is not spam. From time to time, mail server will send you such messages in order to communicate important information about your subscription.

********************************************************************************************

And guess what happened?

Yup, over a half dozen staff members dutifully filled in their email addresses, usernames and passwords and sent them to me.

Sigh.

I am seriously looking for an effective means of alerting staff about the dangers of spoofing. Anything that has worked for you in the past?

Image from <http://technosmart.info/how-to-education/what-is-email-spoofing/>

AuthorDoug Johnson | Comment9 Comments |

EmailEmail Article to Friend

Reader Comments (9)

How about an email game--with money attached.

Bonus points for good email format, etc...

Lose money for phishing, hitting replay all, sending emails with cat pictures, etc...

You could add a "like" or "dislike" button on the bottom of all emails and keep score somehow.

June 7, 2010 | Unregistered CommenterBrandt Schneider

No.

Last week a Chinese spammer nailed one of our teachers by phishing and turned her machine into a spambot host. Our domain was globally blacklisted within hours, and it took our director the better part of the weekend to get us up & running again.

We have tried to get this message out multiple times after each phishing incident, successful or not. We wind up preaching to the choir, the ones who actually read their emails from Technology.

Hm, maybe we should print the alerts on boxes of chalk, or the toilet paper.

June 7, 2010 | Unregistered CommenterBill Storm

Really? My god it isn't 2001 anymore. How do people still fall for this stuff?

June 7, 2010 | Unregistered CommenterNathan Mielke

The only thing that occasionally works with my staff is to place whatever is of most importance into the subject link --
because they are notorious for skimming email content or not reading it at all.

It is not that they don't care which bothers me -- it is the fact that they are not even aware there is something to care about.

When you receive answers to your question, please let me know.

June 7, 2010 | Unregistered CommenterJennifer Wagner

Nothing worse than people not reading the email that are sent out to them. It is easy to see why so many people fall victim to phishing scams.

June 7, 2010 | Unregistered CommenterLake of the Ozarks Real Estate

For the half-dozen, what if you suspended their e-mail access until they had a sit-down with you? Follow up with a general note to all staff saying, "I suspended 6 staff e-mail accounts last week because the individuals couldn't tell a phishing scam from a genuine e-mail. Are you next? If you're worried, contact me (or come to our next training at...)."

In other words, treat it as if it were a genuing phishing message and have some negative consequences accrue?

This may be too draconian. It beats the public stocks, however!

June 7, 2010 | Unregistered CommenterScott McLeod

The tip about putting short messagesin the subject is a great one. I don't feel that people just don't care not care about tech issues, they are just overwhelmed with the volume of messages coming in each day. Sometimes they miss big ones.

June 7, 2010 | Unregistered CommenterTerry Roe

Uh-oh....

June 7, 2010 | Unregistered CommenterMichael Doyle

Hi Brandt,

Interesting idea. I don't hold out much hope of those who need the game to learn would understand the rules. Call me a cynic!

Doug

Hi Bill,

I know librarian who affixed her newsletter to the back of bathroom stall doors. Something to read... Maybe I can try that!

Doug


Hi Nathan,

Maybe these are the same people who don't use seat belts and smoke? We gotta let natural selection do its work!

Doug

Thanks, Jennifer. Good advice. When you discover the answer to this problem YOU let ME know!

Doug

Hi Scott,

Maybe six months before I retire! Your idea might work OK if you never let on that you weren't the original spammer.

Doug

Hi Terry,

Good point about being overwhelmed. I feel that way myself sometimes!

Doug

June 14, 2010 | Registered CommenterDoug Johnson

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.