Welcome to the SecAware blog

I spy with my beady eye ...

29 Apr 2010

ISACA phish ... or is it?

Here's an extract from an email purporting to have come from ISACA:

Problem viewing this email? Click here http://isaca.informz.net/z/cjUucD9taT03ODMzNDAmcD0xJnU9MTAyMDE2NDE5OCZsaT0zMDAxODgz/index.html for our online version.
April 28, 2010
In This Issue:
http://isaca.informz.net/isaca/data/images/bullet3.gif ISACA Database Change
http://isaca.informz.net/isaca/data/images/bullet3.gif CRISC Grandfathering Program Now Open
http://isaca.informz.net/isaca/data/images/bullet3.gif Top Eight Tips for Forensics
http://isaca.informz.net/isaca/data/images/bullet3.gif New Blog to Debut on Revamped Web Site
http://isaca.informz.net/isaca/data/images/bullet3.gif Read About the Latest Changes in Oracle E-Business and ERP
http://isaca.informz.net/isaca/data/images/bullet3.gif Finding Career Variety and Stability Through Certification
http://isaca.informz.net/isaca/data/images/bullet3.gif Enhanced Chapter Integration on New Web Site

Notice that all the links don't point to ISACA's website, but to a third party, informz.net. Now I don't know who informz.net are - most likely a marketing company tracking clicks from the ISACA email but frankly I don't care. ISACA seems oblivious to the fact that it looks very similar to a million phishing emails in my deleted folder, which is exactly where this one is headed.

Come on ISACA, get with it! We expect leadership by example!

[PS Hopefully I have managed to prevent the blogging software interpreting the link text as active URLs. Please don't fix and click those links just to satisfy your curiosity. That's like kicking a bomb to see if it's armed ...]

No comments:

Post a Comment