A friend sent me this about E-mail Security

The true state of security :)

The true state of security 🙂

So a friend sent this to me awhile ago. I figured it would be great for the New Year

They say a picture is worth a thousand words.

Advertisements

Stupidity in strange places

I just took my car in for repair at the dealer for some warranty work. My dealership does a lot of on-line stuff. They even have an open wireless network and workstations to use while waiting for car work to be done. So I received the following E-mail from them:

Customer No. #######
Your vehicle is complete and ready for pick up. Please look over the
attached invoice and call with any questions. If the invoice is correct,
you can reply with a credit card number and expiration date. I will run
the credit card number to help speed up the delivery process.
Thank You for Your Business. Jane Doe ###-###-#### ext ###

The biggest issue is the word “Reply” there is no link in the E-mail to go to a secure payment page. Have you ever looked over a dealership invoice? There is a lot of personal information on it about you and your car.

So I went to the dealership and talked to the manager. I was very happy that he listened to me and sent out some e-mails. The first was to stop using above text on invoices. The second was to ask his internal people if I was correct and what is PCI. Does anyone know if this would break PCI compliance?