The WorldStart newsletter is delivered via email, and replies to it arrive in one of several inboxes that I monitor each day. When a response is called for, I reply, in an often vain attempt to answer readers’ questions. Some of the replies to the newsletter are, to say the least, interesting, some a little disturbing, but most are just straightforward questions. Some, however, contain more personal information than they probably should. For example, one from a reader interested in making a purchase from WorldStart, included the reader’s full name, along with his credit card number, and its expiration date.
A recent message that I found particularly alarming was an announcement that the individual who sent the email, was about to go on vacation. He included the date of his return and contact information for a surrogate, as he would be unavailable to answer his own email. Since there was no apparent reason for WorldStart to be aware of his plans, I assume this was a blanket email sent to everyone in his address book. When this arrived, I happened to have a little time on my hands and decided to spend a few minutes trying to learn more about the sender. Armed with only his email address, in roughly ten minutes, I was able to discover his full name, his wife’s name, their home address, and some basic personal information. Given more time, this could have been cross-checked and verified, and more information could easily have been obtained.
So now, I had this gentleman’s name, his home address, his wife’s name, and their vacation plans. And I was a complete stranger. It should also be noted that I’m someone with limited computer skills. Someone more skilled and with more malicious intent, might have pursued this in depth, and used it as an opportunity to take advantage of the situation. What I did was reply to his message, informing him of the hazards of sending this kind of information by email.
The risk of personal exposure on the internet, through Facebook or other social media is frequently discussed (and just as frequently ignored). It was in fact, a news story on that subject I’d seen the night before I received this email that probably heightened my own awareness. However, probably because email is a more selective method of communication, many who would never consider posting personal information on the web, are often less careful in email.
The bottom line is, before hitting the Send button, make sure that the recipients you’ve selected are the ones to which you actually want your message delivered. And this doesn’t just apply to security issues, as anyone can confirm, who has inadvertently sent something embarrassing to a boss, coworker, or family member.
If you’d like more information on Computer Security, you should take a look at the WorldStart Internet Security Survival Guide.