Saturday, August 09, 2008

is sympatico training their users to be victims?

sympatico, for those of you who don't know, is one of the largest (maybe the largest) ISPs in canada, owned and operated by bell canada (virtually our sole major telecom up here in the great white north)... i happen to be a sympatico subscriber, as i imagine many canadians are, so obviously i get to see all the various emails they send out... most of it is junk, complete rubbish that i have no interest in receiving telling me about products/services they're offering that i have no interest in using let alone paying for... unfortunately i can't very well block email from my ISP because someday far in the future they may possibly send me an email that's actually important... i don't think it's happened yet, but i can't rule out the possibility that it might happen in the future so i'm stuck weeding through mandatory spam...

i've been a sympatico subscriber for many years now, however, so this really isn't news... i've become largely numb to their marketing messages but there was one this past week that set off all sorts of alarms - it promises to enter the user into a draw for various valuable prizes if they'll download and run some executable that's described as internet check-up software... it's like something out of a malware spreader's social engineering playbook... even thunderbird thought it was a scam...


the completely wild thing is that all links point to sympatico/bell, it appears to be a genuine (if ill conceived) offer... i thought for sure the email was only pretending to be from sympatico, that while many of it's URLs might point to actual sympatico content there would still be one key url pointing to malicious content, but i was wrong... even the link to the software itself is theirs...

it seems to me that this highlights a need for adaptation from a group you normally wouldn't think would be particularly impacted by security threats: marketing departments... they need to change the way they market wares in order for their marketing message to not appear nefarious, but at the same time the black hats are going to continue to adopt any new marketing styles that marketing professionals come up with in order for their social engineering to appear legitimate... it's a strange concept to imagine that marketing needs to stay one step ahead of the bad guys, but at the end of the day i suspect that security threats (of all things) are going to change the face of marketing on the internet...

(and no, i'm not going to install the checkup software even though it appears to be legit - the whole thing just creeps me out too much)

0 comments: