I should not say how I heard this story or who the parties are, but it strikes me as incredible.
A person was targeted for a phishing scam by someone who posed as a particular institution, and immediately contacted the institution to inform them what was going on.
So I call [deleted] to alert them...."Please send out a notice to all your customers informing them of this [attack]," I asked. [An hour later] no notice had been sent out. I called again to ask why. They inform me that management and IT are trying to understand how this happened. "Okay fine, but in the meanwhile send out a notice!" After continued arguing with them, she explains that its good practice not to click on email links, and if anybody calls in to ask about it, a memo has been circulated within [deleted] to explain to people who call in. "But the people who call in already know of the attack, it's the people who don't call in that will be subjected to it," I once again tried to argue. More arguing, and she said she would once again inform management, who already knew anyway, but just to appease me. So now it's...an hour and half past the time I informed them about it (oh, and apparently I was the SECOND call, so they new about it even earlier).
So this conscientious person informed the potential users of the institution, since the institution apparently wasn't in any hurry to do so itself.
Thrown for a (school) loop
-
You know what they say - if you don't own your web presence, you're taking
a huge risk. For example, let's say that you decide to start the Red Green
Compa...
4 years ago
0 comments:
Post a Comment