Folks, if we have said it once, we say it a million times, please don't ask customers for PII through an email or email link. (Man I feel as if I just punished the twins)
AT&T who is my phone, TV, mobile, and Internet provider decided to send me an email inviting me to join the AT&T U-verse research panel. It was a quick and simple email… went something like this.
Thank you for selecting AT&T U-verse!
As a U-verse customer we are inviting you to join the AT&T U-verse research panel.
U-verse Panel members will have the opportunity to provide insight into U-verse services and products via web based surveys and your feedback will assist AT&T in designing and improving U-verse services.
All responses to surveys will be kept completely confidential and will be used for research purposes only. Participation within this research panel is completely voluntary.
Please take a few minutes to complete the questionnaire by clicking on the link below. Your participation in the U-verse research panel will be greatly appreciated.
http://www.insightexpress.com/ix/EnterPanelist.aspx?m=RANDOM STRING
Thanks for your assistance,
REMOVED TO PROTECT THE INNOCENT
Privacy Statement:
http://att.sbc.com/gen/privacy-policy?pid=RANDOM STRING
Please Note: To ensure delivery of our emails to your inbox, please add M38211att@opinion-central.com
Opt-Out: If you received this email in error or if you wish to unsubscribe please respond to this email with the word remove in the subject line. to your address book. Thank you.
As you hopefully have already surmised in red, the link in this email is NOT pointing to an AT&T website nor does anybody outside of the blog really know what Insight Express is. When you click on their special link, I am then sent to a website that looks like this.
First, your asking me for a piece of information that I normally hold pretty dear to my heart in my household.
Second, can this page look any more like a phishing email? "FOR VALIDATION PURPOSES", simple small box on a large blank page, and CLICK TO CONTINUE in caps.
Finally, doesn't even log me into my account, but some other site/URL that seems to be hosted by again a company that no one knows.
Come on AT&T… While I understand this is you and you were trying to make this easy for me to take your survey, you are confusing people as to whether they should click links and offer up PII via email's or whether they should take the security advise and training to not do such things these days.
Here are some things we well consumers and what you should NOT being doing.
My suggestions and I am opening this up to the readers here. This was a random email to me. I never asked for it nor was I prepared for a survey in email.
If you want me to participate in survey's then do what TIVO did for us years ago.
- Offer the survey in our account updates so that we can decided to participate in them if we want and also be aware that we will see them soon.
- Let us know who and where they will be coming from.
- Use recognizable/branded URL's
- Send the survey's to email accounts we signed up or opted-in to receive them at.
- When you ask me to whitelist a domain so I can get these emails, make sure it's a domain or email address I know or I can trust and not something random like m38211@opinion-central.com
- Instead of making me input my own PII, use a service or software package that will send out a link in the email that contains a random serial number that eventually when I click on it will link to the account number in the back-end you want to associate the survey with.
I know the suggestions can go on and I hope that many others here can offer up some more.
TRUSTe has a nice How To document here about how to differentiate yourself from phishing emails
-Dennis
Don't Just Send, Deliver!
P.S. This email went to my junk folder as a 7.1 out of 5.0
P.S.S. I also sent a note to their reply address about this a few days ago, but no response as of yet.
Last 5 posts by Dennis Dayman
- European Data Protection "Upgrades" - January 30th, 2012
- Return Path acquires OtherInbox - January 10th, 2012
- How NOT to react to spam complaints - January 9th, 2012
- Care2 breach is something to care about - January 3rd, 2012
- The passing of a great mind and great friend - November 17th, 2011
