Recently there have a been a spate of hack-attacks that, thankfully, have not affected me. However, I awoke this morning to find one that did… the KFC Colonel's Club… so yet another Big Company has failed in its duty to protect its consumers' personal data.
Although (at the time of publishing) there is no mention of this on the website (either the main page, or the Colonel's Club sub-site, nor on their social media feeds) the incident is widely reported by the media… including curiously the Daily Mirror which reported it four days before KFC deigned to contact us.
But this brings me to my main gripe: we are constantly being told not to click dubious looking links, or to trust emails from unexpected sources…
Dubious-looking Email Header?
So how much trust should we place in an email that comes from:
colonelsclub.com@cmail2.com
and with a return-path as
TheColonelsClub-ykjjtkc1hduhditthl1r@cmail2.com
Dubious-looking URL?
But there is more… the email helpfully contains a link to kfc.co.uk to enable us to change your password… but the actual URL in the email is
http://kfcuk.cmail2.com/t/r-e-ykjjtkc-hduhditthl-j !!!
Internet Security 101
Yes, I'm internet-savvy to know how to check URLs… but how is someone less savvy supposed to differentiate between important messages, and phishing messages, when (supposedly) reputable companies such as KFC send messages that tick all the warnings?
Please KFC: next time you send out an email, make sure it comes from a KFC server… and make sure any URLs are unambiguously KFC related. In the UK that means using the kfc.co.uk domain-name.