Given the way so many companies act with the emails they send out, how can we think anything negative about anyone who falls for a phishing scam ?!?!
I may have just had yet another false positive on an email, but I'd rather hundreds of false positives than a single false negative.
Esp when that email is about SSO integration with our AD.
@quixoticgeek I ran a poll about this one and most responses were certain it was phishing, but somehow it was real and BoA is really that clueless.
@th @quixoticgeek Uhg I so utterly despise this antipattern of "you have a confidential message and because we don't trust that you trust your email, we insist you open a link we control, where we can spy on when you read it, retroactively change the contents and claim to have evidence you read something different fron what you read, and delete it out fron under you any time we want".
Not to mention the phishing aspect.
There needs to be regulation to make this practice outright illegal.
Even just strongly worded guidelines against it from trusted security institutions would be a start tho.
@th @quixoticgeek If there's a legal confidentiality requirement, give the user the option at the time of enrollment for online document delivery to affirm that they deem their email confidential delivery and waive any right to challenge that later, and if they don't, have the email always offer opt-in to that later, and the alternative delivery service always offer a saveable PDF and clear instructions to save it.
If not, always email the full contents.
@dalias No security consulant will ever be able to charge as much for saying "your system is secure enough as it is" as for saying "your system needs a lot of security improvements." Especially since they'll be able to reject liability in case they make recommendations that end up not being implemented, no matter whether those are practical or cost-effective.
@jbqueru Not talking about a consultant hired by these clowns but governmental & private orgs that make industry recommendations.