STOP. SENDING. SURVEYS. FROM.
-
There is another element to this that companies don't seem to consider:
If you use third party services for surveys, marketing etc, and you tell customers that yes, they are legitimate, not to worry. What's stopping a scammer from copying these emails and sending them from servicenames similar to the legitimate third party vendor?
I've tried to get this through to companies like, for instance, my bank, with little success.
Before I finally managed to "opt out" of the last of their marketing / promotional email, I would get two kinds of messages from them:
1) Regular reminders of secure practice, and how you can't trust who an email comes from, and you should therefore never, ever click a link in an email claiming to be from them.
2) Constant spam for their products and services, all replete with links to follow to get them. These mails all came through outside agencies, from Mailchimp or similar, and with all the links going through a click tracker in some random advertising company's domain.
I couldn't even get their two departments to talk to each other about this.
-
STOP. SENDING. SURVEYS. FROM. THIRD. PARTY. SERVICES.
It looks sus as ducks having something from randomsurvey.co.uk come through on behalf of YourCompany with every domain/link in the email having no obvious link to it. Rarely is there a single link to the company domain, with everything pointing to the that of the commissioned survey provider.
To me it sets off every damn alarm bell for a phishing attempt. Expecting customers to use it encourages unsafe practices.
@babe disagree. I would rather pay a payments company than your own website I can't audit and I'd rather do surveys at a known survey site than through your domain.
Trust within a domain matters.
#sysadmin #cybersecurity -
R relay@relay.infosec.exchange shared this topic
