21 Temmuz 2006 Cuma

Why I/T Needs QA

Some of you know I work for a bank (actually, now all of you do). Well, I received a phishing e-mail for a competitor at one of my e-mail addresses. Since I am not a customer of that bank, I knew immediately that it must be a fake looking to lure me to a fake site to harvest my identity. I decided, in the interest of being a good citizen and member of the banking community, I would alert the I/T staff of that bank. I went to their website, which referred me to a phone number, whose recorded message told me to forward the phishing e-mail in question to a yahoo e-mail account. Okay, no problem. I immediately did so. I then immediately got back an "e-mail will not be delivered" response from Yahoo. Why? Because, according to their policies, Yahoo will not accept ANY e-mails that might include a phishing attempt, in a (laudable) attempt to protect their customers.

So, this bank tried to protect their customers with this e-mail address, but never bothered to test it out to see if the e-mail address actually would ACCEPT phishing e-mails. i.e. Their I/T department will remain blissfully unaware. This is why you need a Q/A person or department to save smart people from themselves.

In the end, I e-mailed the address directly with this info. We'll see if they really care about their customers, or if it is all just a good front to make people think they are responsive. Luckily, it does not appear to be a bank working in any region where my readers live or work.

Hiç yorum yok:

Yorum Gönder