Credit card numbers of Argos customers were exposed in emails sent to them.

An email snafu by an online catalogue company is a good example of why both inbound and outbound electronic correspondence should be filtered not only to ensure that nasty payloads aren’t delivered to an organization but also to prevent sensitive information from being exposed to unsavory elements.

The email blunder involved a company called Argos. It is a multi-channel retailer, based in the United Kingdom, of merchandise for the home. During its last financial year, it had more than $6.4 billion in sales, 26 percent of it from the Internet.

After a probe by PC Pro magazine, it was discovered that the High Street retailer was sending out the credit card numbers of their online customers in plaintext emails confirming purchases. Should the emails be intercepted in transit or otherwise hijacked, the credit card information could be used for fraudulent charges.

What’s worse, the emails also contain an Internet link, or URL, that contains the recipient’s name, address and credit card details. If the customer clicks on the link, the URL containing the personal information would become part of the customer’s browser history, where it could be vulnerable to cyber snoopers. Moreover, the URL would be stored in the service logs of whomever is providing the customer with Internet service–his or her employer or ISP–as well as in Argos’s web analytics software which captures URLs used to access its Web site.

Two victims of the security lapse by Argos were cited by PC pro. Paul Lomax, chief technology officer at Dennis Publishing, and Tony Graham, reader of the publication. Both reported their credit card details stolen after receiving the vulnerable emails from the retailer.

Graham discovered the gaff when searching through his email for the last four digits of his credit card number. When he checked a message from Argos that appeared in the search results, he was puzzled. No credit card numbers appeared in the text of the correspondence. It was only when he opened up the source code behind the email that he discovered the URL bursting with personal and sensitive information.

Continue reading Solid email security requires inbound and outbound filtering

We’ve heard the stories before. A person in a leadership position in the community sends an email which evokes feelings or images of racial stereotyping. Last February it was the Mayor of Los Alamitos, California, who sent an email with images of watermelons on the front lawn of the White House right around Easter time.

You’d think people would learn that by sending emails to a company wide distribution list, or even to an internal department, that it does not make that email protected from being passed to the outside world.

So it has happened again. This time it was a Florida teacher at a middle school in Pensacola who has now found herself the subject of much scrutiny and contempt for a recently released email that she wrote to the assistant principal. The subject line read “I HAVE HAD IT” and in her email she referred to the janitor of her classroom as “the N” and also as “Miss Maid”.

Jennifer Dickens, who is white and age 46, used the racial slur when she complained about the quality of the janitor’s work in her classroom. The janitor is black.

Continue reading Florida Teacher Disciplined for Racial Email