So after having my email account hijacked, and in the process of preparing a lesson on internet safety for church on Sunday, one of my coworkers came up to me today to ask about an email she'd received, with an executable attachment and the instructions that the IT department was updating some software and needed her to run the attachment. (My first thoughts were "yeah, right... what's the scam?")
Looking at it, the message appeared to be from "someone" in the IT department, granted someone that I've never heard of, and considering that we have a standing policy that only IT is allowed to install software on anyone's computer, I didn't have any reason to be concerned.
Here's where it gets stoopid: it was not a phishing expedition, no email was being spoofed. It was a legitimate request from the IT department!!! Needless to say, I called the help desk to see what they could tell me; I then sent back a few comments about how inappropriate the email was, and received a response DEFENDING the practice!
Fortunately, our CIO backed me up.
And to get really stooopid: our office manager clicked on the emailed application without even considering that the message should be investigated.
3 comments:
Job security.
As long as I don't get the rest of the department upset with me...
I really worry that I'd be one of the people who would just click without thinking about it. Just btw.
Post a Comment