Email and Web Security in General

Post date: May 10, 2012 3:33:48 PM

Ok, so this needs to be said...

I received an email from my insurance company the other day... and it

just bugged me....

It read:

Is this email really from Us? How can you be sure? To help you fight

fraud and verify the legitimacy of our emails, we're adding a

personalized stamp to our emails (see top right corner of this page).

The stamp is called the Security Zone, and it includes your first

name, last name and the last four digits of your number. (Note:

slightly modified example... just to give an idea of it...)

Anyway, what is completely wrong about this email is not that they are

trying to fight fraud, but that they are going about it all wrong...

The absolute best way of doing it should have been something like:

Dear subscriber, we are endeavoring to fight fraud, and we will be

making our email notifications to you much more secure in nature. What

we will do: We will not provide links to our website through our email

notifications. We will not send you misleading information, and we

will never ask you to send us your member numbers, address change

information, name or social via email.

What we will do is this; anytime there is something that is important,

we will send you a notification that says... go to our website at: w w

w . insurance here . c o m. Please type that into your browser, or use

your existing book marks. Go to our message center and click on ....

That would be so much more secure than all the things they are trying

to do now...

Just venting here... You can agree or not, doesn't really matter...

but email today is so untrustworthy... it drives me bonkers over some

of the stuff I get...

With address masking through html, almost anyone can be fooled into

clicking a link that steals far too much from the average email/web

user... The only way to get this under control is to follow some

simple steps...

1) if you don't know who the email is from.. delete it, don't open it.

2) if you know who it is, and you are referred to a site... open a

browser and type the URL in manually.

3) if you don't feel like typing it in to a browser manually, then you

simply aren't all that interested in it anyway... so follow step 1 and

delete it.

That is truly the only way to be secure...