Tuesday, December 18, 2007

Phishing - or not?

Like most people, I get a TON of spam and phishing messages. So I almost deleted this one without reading it - and then realized it's legitimate. This is a horrible example of a company training its customers to be susceptible to phishing attacks, as well as viruses, etc.

For your protection, the content of this message has been sent securely by Aetna using encryption technology. For more information about Aetna's use of encryption please visit this website http://www.aetna.com/aboutaetna/safeguard_data.htm.

Steps to open your secure message:
1. Please double click on the attachment labeled securedoc.html to begin the process of decrypting your message.
2. When you open the attachment you will see Aetna's secure envelope. This envelope contains your encrypted message. There are two ways of opening the envelope.

Preferred method:

By clicking the "open" button you will be offered the opportunity to download a small application (applet) that will enable you to open the message directly on your computer (c: drive). By choosing this option and selecting "always" any future messages that you receive from Aetna will be opened on your computer without further installation. This method may take a few extra minutes initially (depending on your machine and the speed of your connection to the internet), but overall will result in faster / more efficient message retrieval.

Alternate method:

If you cannot, or choose not to download the application click on the link labeled "here". This option will allow you to open the secure email without having to download anything to your computer, but may result in slower retrieval of your secure message.

Saving your message:
The securedoc.html that you clicked to begin the process actually retrieves a key from Aetna which is used to open (or decrypt) your message. The key will expire in 90 days. If you would like to save your message for later review, you should save a copy of the unencrypted message.
How you save email will vary depending on your email service. If you are unsure, please use the help function of your email service and look for topics like: saving, saving messages, storing messages.

If you experience any problems, please contact 1-800-237-7476, option 4 (Secure Email) during normal business hours; 8AM to 6PM E.S.T.

More details of Aetna's "secure" email system can be found here.

BTW, the reason they contacted me is I complained their customer web site doesn't work well with Firefox.

Aetna, you should be ashamed of yourself!

P.S. In case all that isn't enough, the "secure" email system doesn't actually encrypt the message - it just obfuscates it. I tried taking the HTML file and copying it to another system, and it opened and displayed the message immediately.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home