Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Bill Gates email has a string of variants, some going back several years and a few brandnew ones just going out in the wild, according to Sophos, Inc., a security and anti-viruscompany based in Lynnfield, Mass. One variant of the email chain letter claims that Gates,chairman of Microsoft Corp., is teaming up with British Airways to give away free planetickets to anyone who forwards the email to 10 or more people. A more recent variant claimsthat Gates himself will pay $245 for every person you forward it to.
"It's obviously just nonsense," says Chris Belthoff, a senior security analyst withSophos. "Even though they seem benign, the downside of these hoaxes is that they're aproductivity issue, and a network and bandwidth issue. They end up being the bane of most ITmanagers."
Dan Woolley, a vice president at network security company SilentRunner, says no matter howlong hoaxes have been around, people keep falling for them -- and they continue to be an ITproblem.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i ''What's so funny is that there are still so many people who will send this around,'' saysWoolley. ''I got one on my home system from a top-level security guy. He sent it to 30 or 40people. People are just gullible. I don't understand why they fall for it, but they do.''
And Woolley adds that they're sending them around to a lot of people.
''You open up your mailbox and think, 'Well, let me send this one to 15 or 20 people.', saysWoolley. ''That affects productivity, especially when people start responding to it.''
Stopping these hoaxes from wasting time and network space is a matter of employee education,says Tony Magallanez, a systems engineer at F-Secure Inc., a data security and anti-viruscompany.
''It's an ongoing process,'' he says. ''Human education is always an ongoing process. Peoplein the workplace are learning that these are hoaxes and they're unreliable.''
But analysts generally agree that it's IT's responsibility to make sure employees arelearning these lessons -- about hoaxes, email fraud, identity theft or spam.
''Educate people that any email that encourages forwarding is not legitimate,'' says Sophos'Belthoff. ''It's either a hoax, or a virus or both... The biggest key is user education. ITdepartments need to take an active role in somehow ensuring that there is education. In theend, it will only make their jobs easier.''