Conversation

There is a phishing attempt happening where a return address looks like it's a PayPal source, with a DocuSign document included for you to use to hand some gangster on the internet your data. DO NOT MESS WITH THAT THING!

Never click on links in emails. Go to the website yourself and check. Of course, there was nothing up.

[Also, you probably shouldn't open any email when you are using most, if not all, versions of the Windows operating system. If you're like most users of those rusty sieves, you probably know this, but you're already thinking of excuses for why you will anyway.]

This is not because of DocuSign, typically. And it wouldn't matter if it was. Never click on links in email that you didn't expect. Your antenna should be fully extended at all times. Even if you recognize the return address. Those are spoofed all the time.

To add to our viewing pleasure, all common email is sent in plaintext, fully readable by anyone with access to it at a data center. That would be all of the data center employees. I did this. Yes I did. If your email was having problems, I read some of your email to fix those problems. Getting your email working again was critical infrastructure work.

Employees can read unencrypted email. Even disgruntled ones!

Now ponder fully unencrypted text message you use because the insecure app came bundled with your phone.

Get Signal.

Seriously think about encryption.

Don't touch suspect emails!

Fun fact: The word "encryption" is a poor translation of the phrase "You're our only hope."