Thursday, 1 November 2007

Unclever but Lucky People!

I just happen to own the domain “Network-UK.com” which I leased several years back as part of a project I was working on, which really didn’t take off the ground. Anyway for several months now I have been receiving misdirected Email to this domain, almost on a daily basis now, Email which appears to be meant for a London based UK employment agency using a similar domain name, addresses for a variety of individual accounts at the domain rather than one. Which in itself is kind of expected, however it’s the content of these misdirected Email which really concerns me. Due to the way forwarding works to my inbox, I can’t instantly tell if an Email was forwarded or not, and on occasion within my preview panel I can see these Email are about wages claims, and often include Full Name and Addresses, Bank Account numbers with Sort Code and bank name, Full Names and Phone numbers, National Insurance numbers, and even on occasion full colour scanned copies of passports! which as we all know is a really unclever to send to anyone over Email.

Out of courtesy and concern I made several efforts to contact the intended email destination company in question, however so far I had no replies. I can’t help but wonder whether they are encouraging their punters to send such sensitive details by Email in the first place, however lucky for those punters it’s me that receives their sensitive details and deletes on receipt. It really goes to show that there are plenty regular people out there who don't know how to be secure using the Internet.

It looks like I am going to have to put an Email auto-reply to all email received to this domain, as I really want to avoid receiving such sensitive details in the first place, however I would be interested if anyone had any advice to offer to me on this one!

1 comment:

Dave Whitelegg CISSP said...

Here’s an example of a recently received Email which made me chuckle. BTW I have fully anonimised the content.

“Dear sir/madam,
I am XXXXX.I am working with XXXX from last 1 year. My XXXX pay roll no: XXXXX, Date of birth XX/XX/XXXX,Mobile no: XXXXXXXXXX.Address: XX XXXXX XXX XXXX.
Today (XX/X/XX) someone fraud with my debit card, they has taken all of my money from my account. So i have closed my bank details where i use to get wages from XXXXXX. My bank details was: Account holder name XXXXX XXXXX XXXX XXXXX XXXX. For this reason if you send my wages in that account then i would not get my wages. I will request you to send my wages to my another bank account. My another bank details: XXXX XXX Bank address: XXXX XXX XX XX XXX Account holder name: MR XX X XXXXX Account number: XXXXXXXX, sort code number: XX-XX-XX. Please send my next wages in this account. Thank you. XXXXX XXXX”