Home / Blog
Written by: 2/20/2012 7:42 AM
I had an interesting exchange with my boss just this morning. I’d asked for a blog topic and he forwarded me an email to use for inspiration. This morning, when I opened his email, entitled “Six Steps to Stronger Information Security”, something seemed wrong. The great big “Click here to Download” link felt…off.
I dithered and second-guessed and then, against my better judgment, I clicked to download. And, nothing really happened, except that I squealed a little and closed the window when I realized this was not a legitimate email. Turns out, my supervisor sent it to me as an example of 1) how social engineers are tricking people with emails about information security and 2) what NOT to do when you receive a spam email.
Social engineers are smart enough to know that the word is out. People are becoming more and more savvy about which emails are safe and which are not. Spam folders are filtering away more and more spam before email users even see it. And information security, social engineering awareness, and network lock-down are hot topics that everyone is aware of—from the lowest mailroom guy to the top-floor executive. And so, just like any shady opportunist, they have found ways to use our (justifiable) paranoia and need to feel safe to their advantage.
Lessons learned today:
1) Beware of any email from an unfamiliar source (even if it’s been forwarded to you by someone you trust). Don't be like me; ask the person if you are confused or unsure.
2) And once again, trust your instincts. If it seems weird, it probably is.