Spam may be annoying, but it should not be considered an IT security threat. Some vendors, such as McAfee and Symantec, characterize spam and phishing as security threats. And they are, in the same sense that leaving a bicycle unattended with no lock leaves one vulnerable to theft.
But how could anyone who has lived on Planet Earth for the last five years possibly fall for spam or phishing? A Gartner study found about three million Americans were victims of phishing in 2007, meaning nearly 99 per cent of Americans weren’t. So this is one study that confirms about one in 100 people are gullible.
Some treats from my inbox include one from an e-mail with a Taiwanese country code, signed by “Mr. Martin Chitty,” with “Dear Winner” in the subject line telling me I won 250,000 Euros in the SPNL Sweepstakes e-Lottery. All I have to do is supply my full name, address and telephone number to collect it. There are several clues that this is phishing, six of which are in the previous sentence. Clue 7 is the fact that I never played this lottery and Clue 8 is the fact that I got this message at work.
Then there’s the e-mail from a live.com address (asking me to reply to a Gmail address) claiming to be from a Dutch bank, telling me I won a million Euros in a part of a “promotionional” program. Whoa! Almost fell for that one.
The truth is, spam should be considered as threatening as a guy who stands outside your office wearing a ski mask asking each worker for their contact info. Anyone who answers an e-mail at work purporting to be from their bank deserves to be bilked of their cash.
SonicWall has a half decent quiz on its Web site, which tests your ability to tell whether a message is spam.
Notice I did not say spam does not waste a lot of people’s time. But let’s stop pretending it’s a security problem when other issues (such as unencrypted Wi-Fi networks) actually do cause security breaches. If you read this entire article, you are eligible to win a prize.
To be eligible, please send your name, address, credit card number and security code to firstname.lastname@example.org