“Reply-All” Email Incident Hits Microsoft
At its peak over 11,500 employees were ensnared in the email chain…
An article review.
When it comes to email awareness we usually focus on threats coming into our mailboxes from the outside world, like phishing scams. A recent incident at Microsoft, however, serves as a reminder that there’s more than phishing to be aware of when it comes to email.
The incident, detailed in an article sent to us by our friend Wes Pollard, involved 11,543 employees at its peak and reportedly “caused chaos” for an entire day. What began as a single message sent to all Microsoft employees registered to the organization’s GitHub account soon spiraled out of control, as other employees made the mistake of replying to everyone in the chain asking to be unsubscribed, or to make jokes.
While this case resolved itself quickly and didn’t result in any lasting damage, it serves as a reminder to always be aware of who you are sending an email to! Auto-completion of addresses in Outlook can make it easy to accidentally fill in the name of a mailing list, or a coworker who was not the intended recipient of the email.
Such incidents can simply be embarrassing, or they could result in confidential information going to one (or more!) incorrect addresses. If all that weren’t bad enough, the article notes how a similar incident in 1997 managed to generate enough traffic to bring down Microsoft’s own Exchange servers, effectively launching a Distributed Denial-of-Service attack on themselves!
Considering how dry awareness training can sometimes be, we think this serves as a humorous way to help show your employees how email related risks can originate from within their own group…as well as from the outside world.
Original article by Matt Weinberger reporting for Business Insider.
Leave a comment
Hiding in a VirtualBox VM, the new Ragnar Locker ransomware is currently undetectable
A Webinar Short Small banks who outsource network supports have a conundrum on their
Another awareness poster for YOUR customers (and users). Now that we have our own em