Imagine you are at work. You are rattling through your email. And in your inbox, sitting quietly, is a message with the word “sexy” in the title…
Do you open it? (probably not, as you wouldn’t likely be a reader of Naked Security)
But what about others in your organisation? Do you think they might be tempted?
More than 6100 government workers in Taiwan’s New Taipei faced this exact scenario. According to Time.com, they each received an email message with the following subject line:
"Justin Lee's sex videos, download it, quick"
For those, like me, who aren’t aware, Justin Lee is hailed by many as one of Taiwan’s richest playboys.
He has recently been in the press for leaked videos and photos of him engaged in “private” activities with models and celebrities.
A quick search on Google for the phrase “Justin Lee Taiwan” finds a myriad of images:
And earlier this month, 12 people were arrested for reportedly distributing dirty videos and images starring Justin Lee.
The recent fevered focus on Justin Lee makes him the perfect lure for a regional email campaign attempting to ensnare clicks from unwary recipients.
But the email wasn’t malicious or even a targeted spam campaign: it was actually sent by the local government to the 6000+ employees with the aim of testing their computer security behaviour.
Would recipients try to open it? Or would they do the right thing and delete it or report it as spam?
Time.com reports that one in six employees, or almost 1000 recipients, tried to open the link. Once clicked, they were told to report to their manager and made to attend a two-hour course in data security.
Eeek, there must have a few head-in-hand moments…
The thing is, not everyone thinks that this sort of test is fair.
Should everyone who uses a computer today be aware that opening unsolicited emails with provocative subject lines is likely to have negative consequences? I think so, but then I work in the field and live and breathe this stuff every day, so I am certainly not impartial.
I cannot help but think that if the modern computer user is not aware of what lurks behind such emails, perhaps tactics like the one employed by this municipal government group is just what is needed to drive home the point of computer security.
man shocked at computer, courtesy of Shutterstock