Last April, we advocated pranking employees as a means of teaching IT security. The idea is simple: send a spoof email, based on the attacks hackers use, but instead of sending a virus, you attach a warning telling your employees not to be so darn gullible.
We'd like to think we had something to do with Fordham's epic spoof email prank on its student body, though to be fair, this is a pretty common trick for security firms. Plus, we wouldn't be so rude as to send out the fake virus during finals week, even if it was the last day.
Fordham Fakes Phishing
The prank pulled off by Fordham's IT department was doubly genius, as it spoofed a current phishing scam that has been plaguing court systems across the country for the last few months.
According to Above the Law, at 1:25 p.m on Monday, the school sent their own version of the fake "Notice to appear" emails, which read:
Dear Sir or Madame
This notice to appear in court is to advise that you are required to appear at the New York Municipal Court on May 29, 2014 for the hearing of your case.
Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above. Attendance is compulsory.
The copy of the court notice is attached to this letter, please, download and read it thoroughly.
Clerk to the Court, New York Municipal Court, New York.
The attachment, a .html file, was a webpage warning students about the dangers of opening attachments from strangers. Unfortunately, according to the ATL tipster, many students were unable to open the attachments on their mobile phones, which led to panicked calls to the IT department and in some cases, the court clerk's office.
What Went Wrong?
Well, the timing certainly could've been better -- though it was the last day of finals (H/T to the ATL commenter who linked to the school's academic calendar), who knows how many students had take home finals, rescheduled tests, or perhaps an afternoon exam. Students are already freaked out during finals periods -- wait at least 48 hours before you give them another shock to their system.
Also, if the point was to teach the students a lesson, the IT department probably should've tested the fake attachment first. We're increasingly becoming a mobile-first society, especially for trivial matters like email. Pranks should take this into account. (Next time, try responsive design.)
Was This a Good Idea?
If it isn't obvious by now, I'm a huge fan of these pranks. ATL was less impressed, mostly because of the timing.
As we argued before, nothing kills office productivity like an unusable computer, and imagine how these students would have felt if they had clicked on an actual spoof email and lost their outlines and notes. IT pranks are a great idea if done correctly.
Genius or demented? Tweet your thoughts to @FindLawLP.
- Ransomware Goes Mobile, Holds Phones Hostage for $300 (FindLaw's Technologist Blog)
- Security Warning: Stop Using Internet Explorer (FindLaw's Technologist Blog)
- Questioning Casebook Rentals? You're Asking the Wrong Question (FindLaw's Greedy Associates Blog)