Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
Cloudmark researchers recently saw a significant increase in users reporting official LinkedIn e-mails as spam.
"These were not because spammers were trying to take advantage of the publicity around the LinkedIn fail; those e-mails are stopped by our regular filters and never make to the users," writes Cloudmark's Andrew Conway. "No, this was a real e-mail from LinkedIn telling people whose password had been compromised how to protect their account. Over four percent of the people receiving this e-mail, thought it was spam and sent it straight to the bit bucket. If LinkedIn sends out 6.5 million e-mails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised LinkedIn password."
"Conway said that LinkedIn did all the right things to ensure that users would not treat its emails with suspicion," writes Computerworld's Jaikumar Vijayan. "All were addressed to the recipient by name, did not contain any links and were DomainKeys Identified Mail (DKIM) signed to validate their authenticity."
"The incident shows that in times of distress, humans can make poor spam filters," writes Bloomberg's Jordan Robertson. "We’ve been trained to expect fraudulent e-mails after major security breaches, with hackers trying to take advantage of victims’ need for more information. Sometimes, our reflexive impulse to purge unwanted e-mail fires too fast."
"For the last time, people: Change your passwords," writes Betabeat's Kelly Faircloth. "But also maybe LinkedIn might want to throttle back on the non-essential emails, so people stop assuming their messages are worthless?"