Welcome to Practical Issues in Information Security. In these pages you will find ideas and tips for your consideration as you work to improve the information security and privacy of your organization. Even though most of the information is focused on the home or personal user and small business, the principles are applicable to larger organizations in most industries..
I received an email earlier today from my bank which proudly announced upcoming changes to their on-line presence. This email spoke about the improved ease of use, and the increased security. Additional features, such as changes to bill pay, were also discussed.
It all sounded very nice.
That is, until I took a quick look at who this email was sent to.
The VP who sent this out put over 1200 email addresses in the CC field of this email. Thirty minutes later, he tried to “Recall” this message. (Recalls only work if the recipient is using the same email system as the sender. In this case, the sender was using Exchange, and I’m not…)
So, now I have over 1200 email addresses available to send spam to.
What’s the problem with this?
- My email address is exposed to over 1200 other folks for them to use as they wish.
- Most spam filters will block a message with over 10-15 recipients in the list. I’m surprised that this went through.
- I work hard to keep that particular address from being available to others. Now at least 1200 other people have access to that one.
- The credibility of the bank has just dropped. If they cannot protect my personal email address, am I to expect them to protect my personal banking info?
Yep, this is a fairly minor situation, but I’m left wondering if I should explore another bank to use…
- Dan
{ 0 comments }
