Thursday, August 9, 2007

Disregard any pop-up security windows you receive

I received this in my mail today:

Dear Electronic Crimes Task Force Member,

CSO magazine is conducting a survey in cooperation with the U.S. Secret Service and CERT Coordination Center, the 2007 eCrime Watch. The purpose of this project is to uncover electronic crime trends.

CSO magazine’s sister company, IDG Research Services, has been commissioned to help us collect your feedback. Please click on the following URL to begin the survey or copy and paste the URL into your browser:


Disregard any pop-up security windows you receive. (Emphasis mine)

Please be assured that any information you provide is confidential and your responses will be used only in combination with those of other survey respondents. This survey should take no more than 10 minutes of your time. If you have any questions about this survey please contact IDG Research Services at or ATSAIC ----------, USSS, San Francisco Field Office 415/-------.

Thank you in advance for your help.
Of course my first thought, was that this was a phishing attack. I couldn't imagine CSO and the ECTF telling me to "Disregard any pop-up security windows you receive."

Imagine my surprise and relief, when I went to the site and there were no warnings. So, they got it right, the SSL certificate was correct and unexpired ... but everyone is so accustomed to that not being the case, that as a matter of course they included the disregard pop-ups message. Is our infrastructure broken or what?

No comments: