[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] how do i respond to a message like this

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] how do i respond to a message like this
From: Henry Bremridge <henry.bremridge@xxxxxxxxx>
Date: Thu, 19 Mar 2009 07:04:10 +0000
Mail-followup-to: list@xxxxxxxxxxxxx

On Thu, Mar 19, 2009 at 12:53:44AM +0000, Dave Foxcroft wrote:
> Paul Sutton wrote:
> > Hi
> >
> > I was sent this message earlier by the guy at the rugby club who is in
> > charge of the clubs IT system,  I deleted it, but it seems i got sent it
> > again as someone has now sent it to everyone in their address book,  and
> > i got it again,
> >
> > <snip>
> >
> > Just wondered if you could suggest something please.  if we make it
> > sound partly technical then it may at least sound good.
> >
> > lol
> >
> > Paul
> >
> >   
> dont do anything ... just ignore it and delete!
> 
Speak to him, failing which write to him and explain:

1. He is distributing spam which reflects poorly on him / the club

2. In a worse case scenario that any of the following could happen

        - All legitimate email from him is automatically marked as spam
        - Any personal information on his harddrive could be in someone else's hands
        - A paedophile could be using his computer to store images as part of a bot 
net (unlikely but ..)

3. He should update his antivirus procedures
        - Don't open attachments in outlook express
        - Treat html email with care and preferably read all email in plain text.
        - Type in web addresses with care: particularly for banks.
        - Install all critical updates for windows
        - Install all critical updates for Microsoft Office (it was a separate 
website)
        - Update antivirus
        - Install antispyware
        - Activate firewall

        
http://www.hsbcprivatebank.com/services/online-security-steps-you-can-take.html
        http://www.thephone.coop/support/internet/security.html (seems better)

4. Then explain how GNU/Linux makes all this easier and cheaper.

All of this assumes that the IT guy did actually send the spam and that the email 
was not forged. 

If the email was forged then why not give a talk on security to the rugby club when 
everyone is pissed off at the email and:
- Explain how to fake an email address (and how to protect yourself, using gpg / 
smime)
- To create a phishing email (and how to spot them: turn off html)
- Explain how drive by attacks work and how to minimise them
        
http://www.saferinternet.org/ww/en/pub/insafe/safety_issues/faqs/drive_by_viruses.htm

        
-- 
Henry
Photocopies or faxes of my signature are not binding. 
This email has been signed with an electronic signature in accordance with 
subsection 7(3) of the Electronic Communications Act 2000.
Digital Key Signature: GPG RSA 0xFB447AA1 
Thu Mar 19 07:02:18 GMT 2009

Attachment: signature.asc
Description: Digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

References:
- [LUG] how do i respond to a message like this
  - From: Paul Sutton
- Re: [LUG] how do i respond to a message like this
  - From: Dave Foxcroft

Prev by Date: Re: [LUG] how do i respond to a message like this
Next by Date: Re: [LUG] how do i respond to a message like this
Previous by thread: Re: [LUG] how do i respond to a message like this
Next by thread: Re: [LUG] how do i respond to a message like this
Index(es):
- Date
- Thread