Email and Web Security in General

posted May 10, 2012, 8:33 AM by Unknown user

Ok, so this needs to be said...

I received an email from my insurance company the other day... and it
just bugged me....

It read:
Is this email really from Us? How can you be sure? To help you fight
fraud and verify the legitimacy of our emails, we're adding a
personalized stamp to our emails (see top right corner of this page).
The stamp is called the Security Zone, and it includes your first
name, last name and the last four digits of your number. (Note:
slightly modified example... just to give an idea of it...)

Anyway, what is completely wrong about this email is not that they are
trying to fight fraud, but that they are going about it all wrong...
The absolute best way of doing it should have been something like:
Dear subscriber, we are endeavoring to fight fraud, and we will be
making our email notifications to you much more secure in nature. What
we will do: We will not provide links to our website through our email
notifications. We will not send you misleading information, and we
will never ask you to send us your member numbers, address change
information, name or social via email.
What we will do is this; anytime there is something that is important,
we will send you a notification that says... go to our website at: w w
w . insurance here . c o m. Please type that into your browser, or use
your existing book marks. Go to our message center and click on ....

That would be so much more secure than all the things they are trying
to do now...

Just venting here... You can agree or not, doesn't really matter...
but email today is so untrustworthy... it drives me bonkers over some
of the stuff I get...
With address masking through html, almost anyone can be fooled into
clicking a link that steals far too much from the average email/web
user... The only way to get this under control is to follow some
simple steps...

1) if you don't know who the email is from.. delete it, don't open it.
2) if you know who it is, and you are referred to a site... open a
browser and type the URL in manually.
3) if you don't feel like typing it in to a browser manually, then you
simply aren't all that interested in it anyway... so follow step 1 and
delete it.

That is truly the only way to be secure...