VeriSign Phishing?

I’ve recently read reports that phishing email traffic now exceeds virus email traffic.

I conducted a survey of my work email in box upon returning from vacation and found 74 percent of the messages were legit, 18 percent were spam, 6 percent were phishing attempts, and 2 percent were viruses.

One of the suspected phishing attempts was this message from Verisign, a company that focuses on internet security services.

—–Original Message—–
From: [email protected]
Sent: Thursday, April 28, 2005 3:56 PM
To: Pearce, Jason
Subject: Reminder…VeriSign Requests Your Feedback

This is a reminder about the VeriSign customer relationship program. You should have recently received an invitation to participate.

This program is designed to help VeriSign better understand your needs and concerns, drive those concerns throughout VeriSign, and deliver genuine value to enhance our business relationship.

We know your time is valuable — but we do hope that you choose to participate.

Please click on the hyperlink below and follow the instructions to complete the survey. Your survey will go directly to Walker Information who will process and analyze the data.

We look forward to hearing from you and greatly appreciate your feedback.

https://survey.walkerinfo.com/

(If you have any problems using this link or address, please contact [email protected])

If you feel you have received notice of this opportunity in error, please respond to this email and simply place the word “DROP” in the Subject box.

The sender of this message is @walkerinfo.com, the URL is walkerinfo.com, yet it is supposedly a VeriSign survey.

Though I assume VeriSign has outsourced the survey process to Walker Information, how is one to know? This could be a classic phishing attempt for me to reveal a bunch of information about Lambda Chi Alpha or me individually. Or, it could be a legitimate survey from a company I trust.

It’s a shame that phishing attempts have brought me to globally and promptly delete any request for information that shows up in my in box, but it has.

Lambda Chi Alpha has the same problem. We use different third-parties and domains to send out HTML email newsletters, to process conference registrations, and to accept online payments. As users become more aware of phishing, how can they trust that Lambda Chi Alpha is the source of the content if it doesn’t come from us?

They can’t and they shouldn’t.

A security company like VeriSign should recognize this problem and integrate all third-party services into their own domain and communications. And so should Lambda Chi. I’ve got my work cut out for me.