Would you open a sexy email sitting in your business inbox?

Filed Under: Celebrities, Featured, Nude Celebrities, Spam

shock_email_170Imagine you are at work. You are rattling through your email. And in your inbox, sitting quietly, is a message with the word "sexy" in the title...

Do you open it? (probably not, as you wouldn't likely be a reader of Naked Security)

But what about others in your organisation? Do you think they might be tempted?

More than 6100 government workers in Taiwan's New Taipei faced this exact scenario. According to Time.com, they each received an email message with the following subject line:

"Justin Lee's sex videos, download it, quick"

For those, like me, who aren't aware, Justin Lee is hailed by many as one of Taiwan's richest playboys.

He has recently been in the press for leaked videos and photos of him engaged in "private" activities with models and celebrities.

A quick search on Google for the phrase "Justin Lee Taiwan" finds a myriad of images:

Google image search results for 'Justin Lee Taiwa'

And earlier this month, 12 people were arrested for reportedly distributing dirty videos and images starring Justin Lee.

The recent fevered focus on Justin Lee makes him the perfect lure for a regional email campaign attempting to ensnare clicks from unwary recipients.

But the email wasn't malicious or even a targeted spam campaign: it was actually sent by the local government to the 6000+ employees with the aim of testing their computer security behaviour.

Would recipients try to open it? Or would they do the right thing and delete it or report it as spam?

Time.com reports that one in six employees, or almost 1000 recipients, tried to open the link. Once clicked, they were told to report to their manager and made to attend a two-hour course in data security.

Eeek, there must have a few head-in-hand moments...

The thing is, not everyone thinks that this sort of test is fair.

Should everyone who uses a computer today be aware that opening unsolicited emails with provocative subject lines is likely to have negative consequences? I think so, but then I work in the field and live and breathe this stuff every day, so I am certainly not impartial.

I cannot help but think that if the modern computer user is not aware of what lurks behind such emails, perhaps tactics like the one employed by this municipal government group is just what is needed to drive home the point of computer security.

man shocked at computer, courtesy of Shutterstock

, , , , , , ,

You might like

13 Responses to Would you open a sexy email sitting in your business inbox?

  1. Tim · 1120 days ago

    Nothing educates quite like making mistakes.

    By testing staff with these e-mails, you're projecting an attack situation (that they will think is real), but in a safe environment (Your overwatch). So what if they feel a little embarrassed about it? Got to give them some tough love for their own sake!

    If 1/6 of a companies employees are a potential vector for infection, it's your job to lower that risk by the most effective means possible (bar removing all users, of course!)

  2. @CheleBellieBean · 1120 days ago

    Doesn't the fact that one in six employees opened the email say it all? I bet those employees are all a little better educated and a LOT more wary of opening questionable emails now.

    I agree with Time- give them the tough love. Maybe the next test will be to see if one in six employees divulge their passwords or fail to appropriately secure them.

  3. alexanderrogge · 1120 days ago

    If opening a URL in a browser is considered a security risk, it's time to change browsers and maybe the whole operating system. I open suspicious links frequently, especially ones that people say "Don't open or it'll destroy your computer." What nonsense... it's just another spammer trying to collect money from click-through impressions, or a scam intended to collect money from gullible consumers (like the common "free" iPod/iPad scams), a phishing scam for bank details, or cheapo pornography. I scan server links and proceed to block the server names of all sites connected to the scammy URL, including entering information into phishing scam fields and going after the target domains, reporting the potential crime as appropriate and blocking the rest.

    On a corporate/government network, anyone who can install software that can cause a security threat must be an admin with the root password. Everyone else shouldn't be able to install software outside of their personal profiles, which would also prevent the installation of keystroke logging software and other potential threats to data security specific to one machine. New Taipei is blaming users, when it should be looking into its own administrative security configuration.

    • Mark · 1119 days ago

      Your heart is in the right place. But, at the same time, user education is important. If they would click on the link, what else would they do? Even if the PC is protected, and the user is not privileged, that doesn't mean that you should accept them doing whatever they please.

  4. Chris · 1120 days ago

    It's the same principle as a fire practice! Better to remind everyone to wake their dozing colleagues than leave them to fry when the real inferno arrives.

  5. Jane D'oh · 1120 days ago

    1/6 people open those e-mails
    15% voted No

  6. Oleta · 1119 days ago

    There is the other question, which isn't related to security but to employee responsibility: You shouldn't be using company equipment and time to leer at 'sexy' photographs. So, weeding out those who do is definitely a win-win for the company.

  7. CherieCalgary · 1119 days ago

    Seriously, when will people GET that an email address that ends in @corporation is OWNED and MONITORED by said corp!?!

    That corp is also entitled to protect their servers AND reputation.

    Sheesh people! Figure it out!

    • Randy · 1119 days ago

      The company would spoof the email. No mention of the company name at all.

      • Steve · 1117 days ago

        I'm pretty sure that was referring to the email address of the RECIPIENT, not that of the sender. In other words, if your employer gives you an email account, they will have access to its content and activity.

  8. Randy · 1119 days ago

    The word might be spelled S-E-X-Y but I read "Malware".

  9. Derek · 1119 days ago

    If this hadn't been done before, 1/6 is a lower proportion than I would anticipate - the employees are well trained, naturally wary, or the word got round quickly from the 1/6.

  10. Dave Feland · 1118 days ago

    Don't forget those employees are using the government's computers, networks, email, and work time. If they were being fired I'd have a problem with it, but a class on security is very smart.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .