Modern "letters of happiness" or "Managers believe in angels"
The article is devoted to one of the problems of Information Security - the fight against successive mailings, which are also called “letters of happiness” in honor of the handwritten progenitors. The first such messages called “heavenly” or “holy letters” (Himmelsbriefe) appeared in the Middle Ages. However, we will not be distracted from the topic, and consider the threat of “letters of happiness” from the point of view of Information Security:
Many understand that the distribution of data creates a parasitic load on corporate equipment and communication channels. This is actually the case, however, it is not the greatest danger: the creation of such a chain is one of the mechanisms for obtaining a database of reliable addresses by spammers. An even greater danger lies in the “flare” of the staff structure of enterprises, which allows attackers to use this information for a variety of purposes. And the biggest danger, in general at first glance, is invisible - it is social engineering, to identify potentially unreliable and easily influenced by outside employees. Having received the similar list, malefactors can use this information in the most various purposes.
For example , the most primitive:
- the user is sent a link to the WEB-page with the “joke”, which is actually a viral software (“Trojan horse”). It is not uncommon for a letter to indicate a recommendation to disable antiviruses while viewing a page.
- if the software installation was successful, then an attacker can gain access not only to the infected PC but to the entire corporate network. Forgetfulness of users in relation to the requirement for the mandatory shutdown of their personal computers also plays into the hands of intruders.
')
In general, it should be borne in mind that the participation of employees in such mailings is a direct reputational risk for the company, and it is the greater, the higher the position of the participant.
Now we understand well how much more dangerous the modern “letter of happiness” of our paper ancestor is.
Is there an understanding to the users? Who in December 2010 believes in angels?
LUKOIL and GAZPROM are leading. Well, still - a huge branch network and an excess of free time create ideal conditions for such mailings. I will not publish your full name and contact information, and will confine myself to posts so as not to increase reputational risks.
1st place Gazprom:
2nd place Lukoil
3rd place Schlumberger Drilling & Measurements
4.SK Ingosstrakh
5. X5 Retail Group NV
6. LLC Medkom-MP
7th VTB24
8 Bosco Management Company LLC
9 CIUS Siberia
10. Baker Hughes Centrilift Measure and Compare Unmatched design, service and support
SIBUR LLC
WFT Technologies
Post of Russia
SibUgleMetTrans LLC
URALHIM-TRANS LLC
Slavia Brand Trading LLC
METRO Cash & Carry
OJSC Bank OTKRITIE
in fact, the list is huge and I chose the most “distinguished” companies.
... with faith in the heart, this newsletter is sent from March 28, 2007 from Moscow to London, regardless of job, nationality or material status ...
The main thing is to BELIEVE !!!
I believe…
And you?
Finance department
BOSCO Management Company Co.Ltd.
Bosco di Ciliegi, 17, Vetoshnyj lane, Moscow, Russia.
Comrades !!! I will not apologize because I am sending you happiness
Read the correspondence below, how many people and companies have already bypassed this letter !!! This is very cool
Positive attitude, fulfillment of desires, faith in yourself
HAPPY NEW YEAR!!!
Respectfully,
Chief Specialist of the Methodology Department
and client strategies
Problem Asset Management
VTB 24 (CJSC)
I'd like to believe in a miracle)))
Please do not interrupt the chain, the text at the bottom.
Storekeeper
Schlumberger Drilling & Measurements
You need to filter the content of the letter:
Letter body:
May God grant you all good health ...
True or not, but I want to be fulfilled:
It walked all over Kazakhstan.
This morning God opened a window in heaven and asked me: today, what is your greatest desire?
That was my answer: Oh God, look good to those who are reading this letter now, his family and friends, because they deserve it. And I love them very much. The love of God is like an ocean.
You can see the beginning, but never the end.
Now this letter will begin its action ...
Those who doubt should know that the one who sent you this letter was surprised that his wish was fulfilled in a short time. Let's see if this is true.
It is true that there are angels,
but sometimes they have no wings, and we call them friends.
Send this letter to your friends and you will get a surprise tonight before 11:11:
the news you want to hear. It is not joke.
Someone will call you to tell what you expect to hear ... or one angel will bring you news in a dream. Do not break this chain. Send this letter to at least the 10th people you consider to be angels.
PS I worked after 1 minute !!!
and it is very desirable to conduct explanatory work on informing users about the seriousness of the problems associated with modern letters of happiness.
contact me - I will send you the body of letters of happiness for the "work" with the staff. In general, it is strongly recommended to reconsider their actions in relation to information security risks. You need urgent and tough measures.
upon receipt of such a letter:
1. forward it to your information security / IT service
2. Report to your correspondent who sent this letter about the danger and the inadmissibility of sending such letters.
3. delete the letter
Perhaps the question arises - who am I? I am the Head of the Information Security Department in a large Russian company, on whose mail filters these letters of happiness “settled”. After reviewing the contents, I estimated the scale of the problem and considered that only such a publication could attract enough attention to the problem.
Panchenko A. A. The escaping text: prophecy and magic writing
Panchenko A. A. Christ and Skopchestvo: Folklore and Traditional
culture of Russian mystical sects. - M .: OGI, 2002, p. 341-353.
Panchenko A. A. “Magical Letters”: Towards the Study of Religious Folklore // Eve. Almanac. Issue 4. Anthropology of religiosity. - SPb, 1998 - pp. 175-216
The hidden danger of “letters of happiness” and similar sequential mailings
Many understand that the distribution of data creates a parasitic load on corporate equipment and communication channels. This is actually the case, however, it is not the greatest danger: the creation of such a chain is one of the mechanisms for obtaining a database of reliable addresses by spammers. An even greater danger lies in the “flare” of the staff structure of enterprises, which allows attackers to use this information for a variety of purposes. And the biggest danger, in general at first glance, is invisible - it is social engineering, to identify potentially unreliable and easily influenced by outside employees. Having received the similar list, malefactors can use this information in the most various purposes.
For example , the most primitive:
- the user is sent a link to the WEB-page with the “joke”, which is actually a viral software (“Trojan horse”). It is not uncommon for a letter to indicate a recommendation to disable antiviruses while viewing a page.
- if the software installation was successful, then an attacker can gain access not only to the infected PC but to the entire corporate network. Forgetfulness of users in relation to the requirement for the mandatory shutdown of their personal computers also plays into the hands of intruders.
')
In general, it should be borne in mind that the participation of employees in such mailings is a direct reputational risk for the company, and it is the greater, the higher the position of the participant.
Now we understand well how much more dangerous the modern “letter of happiness” of our paper ancestor is.
Is there an understanding to the users? Who in December 2010 believes in angels?
TOP companies whose employees are actively forwarding another letter of happiness.
LUKOIL and GAZPROM are leading. Well, still - a huge branch network and an excess of free time create ideal conditions for such mailings. I will not publish your full name and contact information, and will confine myself to posts so as not to increase reputational risks.
1st place Gazprom:
- Deputy Head of the Development and Training Department of the Human Resources Department
- Assistant Director of Geology and Development
- Far Eastern Branch of GAZFLOT LLC Chief Drilling Engineer
- Head of HR Department
- Head of documentation support department
- Head of the Department of NGOs
- Leading engineer
- Leading Specialist for Civil Defense and Emergencies
- Leading Specialist of Retail Sales Planning and Accounting. OJSC Gazpromneft-Ural
- Leading Specialist of Planovo - Budget Department of GAZPROMNEFT-URAL OJSC
- Specialist of the documentation support department of GAZPROMNEFT-URAL OJSC
- Specialist of the department of accounting for the sale of goods and services of OAO "GAZPROMNEFT-URAL"
- Specialist of the fuel procurement department of GAZPROMNEFT-URAL OJSC
2nd place Lukoil
- Secretary of the Vice-President of GTU OAO LUKOIL
- Department of accounting for borrowed funds, settlements with shareholders and employees of the Company
- goods expert of the Usinsk oil depot of the Northern branch of OOO LUKOIL-Severo-Zapadnefteprodukt
- Economist of the Department of control of tender activities and information technology support of the Office of the organization and support of tender activities
- Department of coordination of trade and procurement
3rd place Schlumberger Drilling & Measurements
- Storekeeper
- HSE Specialist
- D & M Logistics & Procurement Coordinator
- Recruiting & Staffing Coordinator
- RYN HSE Coordinator
- SLR ATL Okha Dispatcher
- SLB WS Coordinator
- General Field Engineer
- Sakhalin Local Transportation & Logistics Specialist
- Logistics Specialist Smith International CIS A Schlumberger Company
4.SK Ingosstrakh
- Customer Service Administrator
- Director ext. of Ingosstrakh IJSC in Novorossiysk
- Head of Retail Insurance Department, Ingosstrakh Insurance Company, Stavropol
- Chief Specialist of Ingosstrakh Insurance Company Branch in Cherkessk
- Head of Agency Sales Department of Ingosstrakh Insurance Company in Krasnodar
- Foreign Exchange Control Department, Business Operations Support Department.
- Leading Specialist, Operations Department, Ingosstrakh Insurance Company Branch in Krasnodar
- Branch of Ingosstrakh IJSC in Irkutsk Active Sales Department (parks) Expert Category 2
- Expert of the 1st category of the branch of Ingosstrakh IJSC
5. X5 Retail Group NV
- Personnel Manager of the Krasnodar Hypermarket Personnel Department, Tsentralny Branch
- Hypermarket "Birlovo Pole" Human Resources, Branch "Central"
- Payroll Manager Payroll Department (Retail, Manufacturing, Logistics) Remuneration and Benefits Division Personnel Services Directorate
- Marketing Manager of the Supermarket Format Central Branch
- Remuneration Specialist
6. LLC Medkom-MP
- Supervisor Medkom-MP LLC
- Financial analyst on the calculation of wages, LLC "Medcom-MP"
- Human resources department inspector
- Supervisor of the department of single retail MO
- LLC "Medcom-MP" in Surgut
- Branch "Medcom-MP" in Perm
7th VTB24
- Chief Specialist of the Department of Methodology and Client Strategies of the Office for Work with Problem Assets of VTB 24 (CJSC)
- Department of accounting for intrabank operations Head office, Moscow, st. Myasnitskaya d.35
- Chief Specialist of the Department of Accounting for intrabank transactions
- Chief Specialist of the Department of Methodology and Client Strategies of the Office for Work with Problem Assets, VTB 24 (CJSC)
8 Bosco Management Company LLC
- BOSCO Management Company Co.Ltd.Bosco di Ciliegi, 17, Vetoshnyj lane, Moscow, Russia.
- Translator
- Assistant Executive Director
9 CIUS Siberia
- Deputy Director for Economics and Finance
- Expert of the Department for Organizational Development and Human Resources of JSC “CIUS UES”
10. Baker Hughes Centrilift Measure and Compare Unmatched design, service and support
- MFG Manager Production
- Supply chain
- Cross Product Line Customer Service
Other
SIBUR LLC
- Management of Plastics and Organic Synthesis
WFT Technologies
- Field Frac Engineer
- HR Specialist
Post of Russia
- Directorate for Commercial Operations of the Federal State Unitary Enterprise "Russian Post" 131000, Moscow, Warsaw highway, 37
- Directorate for Commercial Operations
SibUgleMetTrans LLC
- manager of contract and commercial work
- manager of the department of contractual and commercial transportation work in universal rolling stock
URALHIM-TRANS LLC
- Lead Operations Manager for the Commercial Division of the Railway Transportation Service
- Leading Specialist of the Planning and Analytical Department
- Leading Specialist of the Planning and Analytical Department
Slavia Brand Trading LLC
- VIP Account Manager
- Development Assistant
- network client manager
METRO Cash & Carry
- Junior Category Manager Processed Meat
- Category manager assistant SPIRITS
OJSC Bank OTKRITIE
- Chief Specialist, Retail Lending Department, Novgorodsky Operations Office
- Assistant Manager of the Operational Office "Novgorodsky"
in fact, the list is huge and I chose the most “distinguished” companies.
Some comments sent by users
... with faith in the heart, this newsletter is sent from March 28, 2007 from Moscow to London, regardless of job, nationality or material status ...
The main thing is to BELIEVE !!!
I believe…
And you?
Finance department
BOSCO Management Company Co.Ltd.
Bosco di Ciliegi, 17, Vetoshnyj lane, Moscow, Russia.
Comrades !!! I will not apologize because I am sending you happiness
Read the correspondence below, how many people and companies have already bypassed this letter !!! This is very cool
Positive attitude, fulfillment of desires, faith in yourself
HAPPY NEW YEAR!!!
Respectfully,
Chief Specialist of the Methodology Department
and client strategies
Problem Asset Management
VTB 24 (CJSC)
I'd like to believe in a miracle)))
Please do not interrupt the chain, the text at the bottom.
Storekeeper
Schlumberger Drilling & Measurements
What to do?
If you are an information security officer or other IT professional dealing with information security in a company
You need to filter the content of the letter:
Letter body:
May God grant you all good health ...
True or not, but I want to be fulfilled:
It walked all over Kazakhstan.
This morning God opened a window in heaven and asked me: today, what is your greatest desire?
That was my answer: Oh God, look good to those who are reading this letter now, his family and friends, because they deserve it. And I love them very much. The love of God is like an ocean.
You can see the beginning, but never the end.
Now this letter will begin its action ...
Those who doubt should know that the one who sent you this letter was surprised that his wish was fulfilled in a short time. Let's see if this is true.
It is true that there are angels,
but sometimes they have no wings, and we call them friends.
Send this letter to your friends and you will get a surprise tonight before 11:11:
the news you want to hear. It is not joke.
Someone will call you to tell what you expect to hear ... or one angel will bring you news in a dream. Do not break this chain. Send this letter to at least the 10th people you consider to be angels.
PS I worked after 1 minute !!!
and it is very desirable to conduct explanatory work on informing users about the seriousness of the problems associated with modern letters of happiness.
If you are an IB / UB employee or are in charge of a company that is on the above list
contact me - I will send you the body of letters of happiness for the "work" with the staff. In general, it is strongly recommended to reconsider their actions in relation to information security risks. You need urgent and tough measures.
If you are a user
remember the simple rules:upon receipt of such a letter:
1. forward it to your information security / IT service
2. Report to your correspondent who sent this letter about the danger and the inadmissibility of sending such letters.
3. delete the letter
Perhaps the question arises - who am I? I am the Head of the Information Security Department in a large Russian company, on whose mail filters these letters of happiness “settled”. After reviewing the contents, I estimated the scale of the problem and considered that only such a publication could attract enough attention to the problem.
Literature:
Panchenko A. A. The escaping text: prophecy and magic writing
Panchenko A. A. Christ and Skopchestvo: Folklore and Traditional
culture of Russian mystical sects. - M .: OGI, 2002, p. 341-353.
Panchenko A. A. “Magical Letters”: Towards the Study of Religious Folklore // Eve. Almanac. Issue 4. Anthropology of religiosity. - SPb, 1998 - pp. 175-216
Source: https://habr.com/ru/post/110761/
All Articles