Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Spam That Delivers a Pink Slip 160

Posted by CowboyNeal from the insult-to-injury dept.
alphadogg wrote in with a Network World story that begins: "Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read 'Urgent — employment issue,' and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information. And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site. Score another one for spammers."
This discussion has been archived. No new comments can be posted.

Spam That Delivers a Pink Slip More

Spam That Delivers a Pink Slip

Comments Filter:

  • Diabolical (Score:3, Insightful)

    by jazman_777 ( 44742 ) on Friday November 03, 2006 @01:49AM (#16699943) Homepage
    Clever, because we all know our soulless corporations would do that.
    • As a side-note, they could also blackmail the users to TELL their employers they were stupid enough to let a keylogger software get installed on their computer (worse if the user did this at the office computer).

      • Re: (Score:3, Funny)

        by inKubus ( 199753 )
        I was going to say... Wouldn't it be ironic if they got laid off because they fell for a fake email that said they were getting laid off?

        • Heh, while some people actually spend money to CURE people of paranoia, it would be (at least) useful to have paranoia CLASSES thought as part of any "PC operator" course ;)

          • Re: (Score:3, Funny)

            by kimvette ( 919543 )
            why bother with that when you can hire a schizo with paranoia issues who also suffers from OCD? Tell him to monitor the firewalls, and that if anyone manages to break in undetected that he'll lose his job. Add in some muzak with subliminal messages chanting "they're breaking in! They're out to get you!" then you'll have your dream tech monitoring your NOC. No need to train anyone to be paranoid, just take a few mentally ill folks off of their brain meds and leverage their condition. You'll save them money o

            • Re: (Score:2)

              by bigberk ( 547360 )
              This isn't as crazy as it sounds. Someone who is trained in monitoring, but who also has OCD, would make a very good nazi security guy
              • Well to be honest my post was inspired by a friend who worked at BBN/Genuity/whateverthehellthey'recalledtoday who actually has those issues, but he did a good job at it because he studied and worked hard at learning the ins and outs of checkpoint and Cisco products. I just thought that the idea of capitalizing on certain mental characteristics which are normally viewed as negative, but in a positive way. Of course, the primary intent was humor, but who knows, while I was making a wisecrack there may be so

            • Re: (Score:2)

              by ajs318 ( 655362 )
              That's like my idea for putting the biggest, baddest-arsed, axe-wielding psycho-killer motherf**ker you can find in a flat on the top floor of a tower block. You can bet the lifts would always be in working order and never smell of piss .....

            • Larry Niven's ARM (Score:3, Informative)

              by DragonHawk ( 21256 )

              No need to train anyone to be paranoid, just take a few mentally ill folks off of their brain meds and leverage their condition.

              SF author Larry Niven actually used something very like that idea in his "Known Space" future history. The idea was that society had decided that anyone who was the least bit violent/aggressive was "ill" and gave them meds to make them a happy little camper. Not mindless zombies, just very passive. (That's a difference of degree, of course.) But there was still a need for a p

    • .... cute. But not the case here. DKMC is not a corporation. It is a not for profit hospital system.

    • Re:Diabolical (Score:4, Interesting)

      by rubberbando ( 784342 ) on Friday November 03, 2006 @02:08AM (#16700059)
      Nah, the corporations still prefer the more humiliating way of having security show up at your cube with an exec who hands you a box to put your things in and then marches you out the door in front of everyone. Companies are too paranoid to give you a chance to wreak any havoc. They want you logged out before they let you go. They will isolate you and get you out of the building as soon as possible. Therefore, layoff/firing by email (especially to your company email) is not very probable. I speak from experience. When I was laid off from a job, the execs were swift in getting me out of the door. I wasn't even on the clock yet and they swooped in, gave me my severance check, had me pack up my stuff, took my key, and pushed me out of the door before I knew what had just happened to me.

      • Re: (Score:3, Interesting)

        by arivanov ( 12034 )

        This is a US specific phenomenon which does not exist elsewhere. For some reason in the US you are expected to wreak havoc and behave like a sociopathic delinquent. Not that I am surprised considering that some of the most prominent US high tech sector CEOs confess that sociopathy is a definitive job requirement: one example [slashdot.org], many others.

        That is not the case in the EU. There you will be expected to slave off to the end of your notice period (or at least part of it). The very few to try something sociopathi

        • This is a US specific phenomenon which does not exist elsewhere. For some reason in the US you are expected to wreak havoc and behave like a sociopathic delinquent.

          It does so exist elsewhere.

          This happened to me in 1990 in Perth, Australia. The overlords decided it was easier to sack me from my sysadmin job than fix a plethora of endemic problems within the organisation. I had my keys taken off me, and was driven home so that they could reclaim their modems and terminals.

        • Re:Diabolical (Score:4, Insightful)

          by Kjella ( 173770 ) on Friday November 03, 2006 @05:32AM (#16700821) Homepage
          That is not the case in the EU. There you will be expected to slave off to the end of your notice period (or at least part of it). The very few to try something sociopathic (the Dixons salary trigger) have seen the end of the very thick legal stick so people tend not to try this any more.

          And the primary reason is that the notice period is much longer. Most jobs have three months notice period, and I don't think any company could afford to just send you home. Besides I think that in itself is a good way to reduce tension - three months is a fairly long time to apply for new jobs and employers like people who can start on short notice if they're in a hurry (since people normally have three months notice). Since it seems US employers like to blindside you and suddenly go "kthxbye - here's your check" I imagine US employees feel rather screwed over.

          In two weeks, the chance that you're done with an interview process and ready to start at another company is near zero. That US people have two weeks of free time while I have to work my notice period isn't really much of a help, since so much of the application process is waiting. If you need to relocate, then you can't do that before you have the job, which also stretches it out in time. The upside... well, I don't quite know what the upside but I guess you can have a job on hand and give your boss two weeks notice and change jobs in a flash, but if you're waiting for a good job the notice period goes quickly. To me it certainly doesn't outweigh the disadvantages.

          There is of course the issue with awkwardness of working with someone on notice, but it is not really as big a concern as people think. Most lay-offs I've witnessed the people are on good terms with the manager and their co-workers, the decision came from higher up based on profitability/strategic changes. In those cases people tend to just do their job, of course not with great enthusiasm but still. Of course, it's something completely different if you were personally fired for negligence/incompetence/abusive behavior but I haven't been involved in any such process. In those cases they're either put on (paid) suspension or get themselves a sick notice (mostly to avoid the stain on their record). Which might sound niee, but good luck on getting your next job...
          • Comment removed based on user account deletion
            • From my buddy at intel:
              if you're fired you're out the door *now*.
              if you quit you may stay two weeks, though not unheard of for the company to buy out the two weeks (here's your money, go away).
              if you are laid off you get two months to find another job. you are expected to show up to work nominally once a week (to show you're alive I guess), but you have no other job responsibilities. Considering the rather nice print work they have, I'm thinking full-up 4 color resume's sound pretty good :-)
              -nB

            • Re: (Score:2)

              by Splab ( 574204 )
              Exactly the same in Denmark, if the person being laid off has sufficient access to company data you need them out of the building. But here in Denmark, if you get a job within those 3 months (up to a year depdending on how long you have worked there) they can deduct the new pay from whatever they should have been paying you.
        • Actually, it does happen in the EU (or at least the UK). Where I work, if you're in the IT department (and more specifically if you have administrator access) you don't have to serve your notice period, even if you're resigning (one of my old bosses got so fed up with things, he quit the day he came back from holiday - he was out the door on 3 months salary before I even turned up to work). Same thing with one of my former colleagues last year, he found a better job and got 3 months worth of pay free. Why t

        • The last time I was made redundant (here in the UK), I had to work my 4 weeks notice (even though others were sent straight onto gardening leave). I was even then offered a permanent position DURING my notice period (I was actually 8 months into 1 yr (rolling) contract) and after I turned it down (another person resigned and they were obviously 1 short on headcount - make up your minds!) they asked me to stay 2 weeks to finish the project off (which I did as I had nothing better to do and it was money in po

        • Re: (Score:1)

          by bigbird ( 40392 )

          That is not the case in the EU. There you will be expected to slave off to the end of your notice period (or at least part of it).

          .

          Not necessarily true. In the City of London in investment banking people are generally escorted off the premises immediately if they are made redundant. I've seen it numerous times. Well, not seen it. Just asked "where is x today?", and found out they were gone. Oh, so *that's* why they didn't turn up for lunch!

        • Re: (Score:2)

          by sjames ( 1099 )

          Absolutely. When predicting another's behaviour, for example, A predicting B's actions, that prediction will be a combination of A's observations of B's past reactions and A's subconscuous projections of his own reaction. I can often learn as much or more about another person based on how they think I will behave as I can by direct observation.

          So, it is VERY telling that a typical large American corporation seems to expect fired employees to go postal.

      • Re: (Score:2)

        by Octorian ( 14086 )
        I think it really depends on the workplace. Only once did I ever have a co-worker terminated for cause, and he was escorted out the door. Every other time, whether leaving by choice or due to layoff, they've let the person work even after knowing that they're leaving (and this is at more than one employer. I've also never seen anyone abuse this. Of course, I'm used to working in an environment where people do have to transition and complete things before leaving the job, and where people tend to care ab
      • I was a bit surprised, having gone through the mass layoffs of 2000-2003, that when my turn came around in late '04 it was fairly anticlimatic. I was asked into a room, told I was laid off, asked to surrender my building keys, but given free reign for the day to pack and visit coworkers to say goodbye. This, and I'm a big scary guy who walks around like a stormtrooper and practiced karate outside the building on summer mornings. It entirely depends on the management, and whether a company makes layoffs a

    • Re: (Score:2)

      by 1u3hr ( 530656 )
      Not very clever, because getting an email that you've been fired isn't something you forget about. When you follow it up you find it's bogus, and everyone is alerted. What's the point of a keylogger if it's removed immediately? You want a keylogger to be installed without anyone the wiser so it can leech information.
  • Hilarious!

    Evil too, of course, and I wouldn't be particularly sad if those responsible were raped to death by manatees. But still pretty fucking hilarious.

    • Re: (Score:2)

      by ajs318 ( 655362 )
      This would only ever happen in the USA.

      In the UK, the law still protects a person's right to earn an honest living (because it's generally better for all concerned than if they were earning a dishonest one). One of its consequences is that in cases of severe debt, anything considered a tool of your trade cannot be seized by bailiffs. Another is that you can only be fired without notice (at least one payment cycle i.e. month, fortnight or week depending how often you get paid) in cases of gross miscon
      • In the UK they use text messages instead.

        http://www.wsws.org/articles/2003/jun2003/tag-j09. shtml [wsws.org]

        It was a law firm that specialised in small litigation, especially personal injuries.

        • Re: (Score:2)

          by arivanov ( 12034 )
          Yep. We all remember that classic gem. It made the prime time news at the time, just to be followed by many others which never did.

          IMO this pink-slip-by-email scam would have been more likely to work in the UK because in the UK you are not walked off the premises by security before you see your pink slip. At the same time procedurally, the UK has the least safeguards and least number of formalities for firing a worker in all EU. So in the UK the likelihood of people taking this fake email pink slip at face

      • Re: (Score:2)

        by orasio ( 188021 )

        Hilarious!

        Evil too, of course, and I wouldn't be particularly sad if those responsible were raped to death by manatees. But still pretty fucking hilarious.

        This would only ever happen in the USA.

        I don't think so.

        Source: Wikipedia
        http://en.wikipedia.org/wiki/Manatee [wikipedia.org]


        Manatees inhabit the shallow, marshy coastal areas and rivers of the Caribbean Sea and the Gulf of Mexico (T. manatus, West Indian manatee), the Amazon basin (T. inunguis, Amazonian manatee), and West Africa (T. senegalensis, African manatee).

        • Re: (Score:2)

          by MCraigW ( 110179 )

          Manatees inhabit the shallow, marshy coastal areas and rivers of the Caribbean Sea and the Gulf of Mexico (T. manatus, West Indian manatee), the Amazon basin (T. inunguis, Amazonian manatee), and West Africa (T. senegalensis, African manatee).

          There are Manatees in the USA on the Gulf (southern) coast, that Gulf being the Gulf of Mexico. According to http://www.ventureco-worldwide.com/manatee_project 1.htm [ventureco-worldwide.com] there are approximately 2,600 manatees in the USA.

          • Re: (Score:2)

            by orasio ( 188021 )

            This would only ever happen in the USA.

            I don't think so.


            The key word here is only. I have seen manatees in Florida.
      • Well, even in the US you get your "two weeks". Employers typically don't want you around after they've severed your contract, so it's practically custom to give someone a cheque for two weeks pay and then escort them out of the building. Something about people who wear ties being notorious cowards and being sure that anyone beneath them in the hierarchy is just waiting for the opportunity to start killing people.

        Labour law is a funny thing. You need a job to live -- even the best welfare program is pre

  • So would downloading the keylogger count as a breach in the company's acceptable use policy, therefore warranting them an actual pink slip?

  • Self-fulfilling prophecy (Score:3, Funny)

    by Kris_J ( 10111 ) * on Friday November 03, 2006 @02:01AM (#16700023) Homepage Journal
    And those who did> click on the link and introduced a trojan into the network were fired.

    (Not really.)

  • Hit _ntel too (Score:1, Interesting)

    by Anonymous Coward
    There was a notice on the internal site for _ntel last week about this, but IT was catching it. With the layoffs there, they were a ripe target.
    • That's the most pointless obfuscation of a company name I've ever seen.

      Sorry. How many other tech company names end with "ntel"?
  • Cornered....like a rat...danger at every turn!

    Darwin's List seems assured of a good genetic pool to recruit candidates from.

  • My favorite virus email was the "I Love You" virus. Since I worked for a French company at the time, the entire executive staff triggered the virus and the entire company got spammed by it. That was funny since you got emails from the CEO that he loved you. But the cure hurted more when it kicked in. For every email that was deleted from the server, Norton sent out a notification email that the email was deleted. The network grind to a halt because of the notification emails instead of the actual virus emai
    • so you're saying the server.... surrendered?

    • Since I worked for a French company at the time, the entire executive staff triggered the virus and the entire company got spammed by it.

      I have to ask: why is it relevant that the company was French, and in what way do you think that the fact, that it was French, make the executive staff more likely to trigger the virus?

      Note: English is my third language, and I may just not have understood that particular sentence correctly. Also, I am not French or from anywhere closely associated with France, so my questi

      • Re: (Score:2)

        by mgblst ( 80109 )
        Because the French are such a loving people.
      • Different time zones. My office was located in the Pacific Time Zone and France is on the other side of the Eastern Time Zone. So the virus was in full swing by the time my co-workers got into the office. Besides, French or not, the executive management team has always been clueless and/or loveless. :)
      • I have to ask: why is it relevant that the company was French, and in what way do you think that the fact, that it was French, make the executive staff more likely to trigger the virus?
        Because the french are the best lovers in the world. The french strategy for world domination is to go to any country, and love the natives by marrying with them.

        This also explains why the french gene pool is the most diversified in the world.

    • Any email virus checker that sends any kind of "This email had a virus but I removed it" email either to the recipient or to the listed sender is broken IMO (except in the case where its got both a virus and genuine content in which case the virus should be removed, a note inserted into the email next to the genuine content and it sent on to the recipiant)

      As a recipiant of email, I dont care that I got a virus in my mail, I just want it gone. The listed sender probobly doesnt care since its likely fake anyw
    • In my old company, it was one of the members of the (very snooty and self-righteous) IT staff that propogated the "I Love You" virus.
  • In Soviet Russia, spam deletes you!

  • Easiest Way To Confirm a Layoff Rumor (Score:3, Insightful)

    by christoofar ( 451967 ) on Friday November 03, 2006 @03:03AM (#16700271)
    Step 1. Date or make friends with someone in HR systems who runs the Peoplesoft/Oracle/SAP HR system. Help them out with database work (like complex batch jobs).
    Step 2. Pay attention to the kinds of queries they need help with.
    Step 3. If they begin compiling seniority studies / benefits calculations for projections IN THE FUTURE (red flag!) or estimate retirement dates if your company has a defined pension benefit, see step 4.

    Step 4. Put up resume on dice.com and start "disappearing" during lunch to return headhunter phone calls.

  • Simply ignore it (Score:4, Funny)

    by Tweekster ( 949766 ) on Friday November 03, 2006 @03:26AM (#16700353)
    I would not accept being fired by some nonconfrontational method like this.

    Just pretend you never got it. and ignore it, go about your day. Apparently the boss is already too much of a pussy as to actually fire you in the fire place, so what is the chance he will say anything. Hell come back the next day, then cause a small scene making them look like idiots.

    THey are afraid of confrontation, make that fear a realization (in a calm way, but put it all on them)

    • Re: (Score:3, Insightful)

      by mark-t ( 151149 )

      I knew someone who was fired where his boss left the message on his answering machine.

      He showed up at work the next day like nothing had happened.

      Turned out that he knew the labour code required the employer to pay him a minimal length shift (4 hours) just for showing up, even though he was sent home right away, as the employer could not prove that the employee had ever received the message that he was not supposed to come in.

      The moral of the story is that if you are going to let someone go, don't re

      • Re: (Score:2)

        by 1u3hr ( 530656 )
        The moral of the story is that if you are going to let someone go, don't rely on _any_ sort of message conveyance system to deliver the message, talk directly to the employee.

        Conversely, when I quit my job, after a long period of money disputes, I really didn't want a face-to-face confrontation, but I did need a clear record of exactly when I had left and why, for later hearing at the Labour Tribunal when I was extracting my unpaid salary and banefits. I left a letter on my desk after faxing it to the bos

      • Heh. This is a bit off topic, since I actually quit this position rather than getting laid off, but the story goes like this:

        1. My kid is born. She has signifigant health problems. I warn my boss that I'm going to need to take an extended leave because she can't be put into day care, but since I have a big chunk of paid leave time saved up, it shouldn't be a problem. He says, basically, "cool."
        2. A week before my leave is to start, my boss hands me a list of dates for which I am "approved for leave." Notabl

        • Re: (Score:2)

          by mark-t ( 151149 )

          More requests come in. I fulfill them, submit the hours. The boss demands to know why I worked without consulting him: I forward him the requests, and ask him to take it up with the people requesting the work (all of whom report to him). He responds that since some of the work should have been done before I left - not that he said anything at the time - he isn't paying.

          Uhmmm.... wow! That's all I can say...

          Where I live that sort of remark would have landed the employer in front of a labour standards h

    • Re: (Score:3, Funny)

      by dbolger ( 161340 )
      Just pretend you never got it. and ignore it, go about your day. Apparently the boss is already too much of a pussy as to actually fire you in the fire place, so what is the chance he will say anything.

      Yeah but what happens when they take your red swingline stapler?

      --
      Dave
      • Everyone knows you burn the place to the ground.
      • Yeah but what happens when they take your red swingline stapler?

        Then, you burn down the building, collect the cash, and drink Mai Tai's on the beach muttering about salt on the rim instead of sugar.

        Cheers

    • Re: (Score:2)

      by volpe ( 58112 )
      The phrase "more better" is acceptable English.

      Says who?
    • Just pretend you never got it. and ignore it, go about your day. Apparently the boss is already too much of a pussy as to actually fire you in the fire place, so what is the chance he will say anything.

      And if your boss does come by to fire you in person, just make sure you're eating a big bowl of crunchy cereal. You can smile and nod, and then go back to work, and eventually upper management will notice and give you a promotion + commendation.

  • But does the keylogger work on Linux?
  • I thought not.

    Nothing to see here, just moronic borgslaves, move along....

    WHY don't all these moron CTO's and VP's of IS get their asses canned, paying MS for their shit?

    • Re: (Score:2)

      by jimicus ( 737525 )
      WHY don't all these moron CTO's and VP's of IS get their asses canned, paying MS for their shit?

      Because they're infinitely more likely to get sacked for refusing to provide & support a platform on which the company can run the software it feels it needs to than they are to get sacked for providing it and it so happens that it's not terribly secure.

      Business drives IT, not the other way around.

      Besides which, with a suitably locked-down network and a suitably paranoid mail relay, it's not really a problem.
  • I thought, getting a "pink slip", was slang for taking the loser's car off his hands after a street race.

    And "getting your walking papers" meant getting fired...

    Someone enlighten me? Yank doesn't always make sense to me.
    • I thought, getting a "pink slip", was slang for taking the loser's car off his hands after a street race.

      And "getting your walking papers" meant getting fired...

      Both are correct, and getting a pink slip at work does mean getting fired/laid off. I'm sure in other contexts getting a pink slip could mean many other things.

      Someone enlighten me? Yank doesn't always make sense to me.

      Keep that in mind the next time you're feeling "chuffed to bits".
  • This kind of stories will end with really stiff laws and high-profile enforcement. Hacking also used to be a harmless pastime of C.Sci students until a bunch of assholes caused real damage. Spammers should just stick with their p3n1s 3nlargm3nt creams and continue to enjoy their status as a pests, but not real villains.
  • If only people used digital signatures, impersonating senders would be a lot harder.
  • The companys email filter should have stopped that. It would not have worked here.
    • Unless they had an infected machine inside the firewall

      • Re: (Score:1)

        by rolfc ( 842110 )
        It's not wise to have infected machines inside the firewall. ;)

        In this case it was the filter that didn't work

        "We blocked a ton of spam at our e-mail gateway because the [sender] addresses are not valid, but these were," says Sharon Finney, information security administrator at Dekalb Medical Center that has 3,500 employees.

        In my opinion, valid adresses coming from the outside are not valid.
        • I take it you ment emails purporting to be from inside coming from outside - a literal reading of what you saiod would block all emails :-) I suspect they just faked the headers
  • That's what you get for using an insecure OS (*cough* Windows)/browser (*cough* IE)/configuration/whatever. Too bad the IT department often doesn't learn about security until there's a bigger breach.
  • OK, so who clicked the "unwittingly downloaded a keylogger program" link in the article without having second thoughts?

    A double whammy for the phishers if it linked to the keylogger infected file in question. ;)

  • In Soviet Russia, spam junks YOU!!

    Aikon-

  • Yeah, I got one of these too. Since I've been self-employed for over 23 years, it looks like I would have already heard about this layoff. Sigh. I'm always the last to know!
  • Their SMTP gateway should have detected a server outside of their network was trying to send a message with an internal email address as the sender and blocked it. It never would have worked in my company. Plus if someone in my company received a message like this which would have had an external email address as a sender, someone would have called me right away. I then would have blocked the site, blocked similar emails, seen who was sent a similar message and spoke with them to find out who visited the si
  • Its a phish attack, not spam.
  • A well planned keylogger placement should be undetectable, no? This farce raises attention, and seems likely to garner further investigation.
  • Where is the link?
    I would like to see this site they went to.
  • Seriously, how many people really get legitimate e-mail from the major spam havens like China, Korea and Brazil? Until these ISPs start filtering port 25 traffic from their broadband customers, I don't see much of a reason to accept any smtp traffic from their wholesale IP space.

  • ...For browsing the internet with IE. An IT department that lets employee do that is inviting trouble, period.

    I used to be all compassionate and sympathetic with victims, but now I am just tired of the overall cluelessness, carelessness and inertia in 90% of IT departments out there.

    If fishermen were behaving like an IT department, they'll slather themselves with fish offals, then jump in shark-infested water.

  • I used to live there (still live in the county over). Based on my experiences with Atlanta, I wouldn't be the least bit surprised if this is somehow related to a larger problem.

    I'm hoping that it's just coincidence it happened a week before election week.

  • "Score another one for spammers." And deduct another one (or ten) from us.

    I hate to sound cynical, but this story is not news. There is nothing new here. There have been thousands of different attacks like this, and there will be thousands more.

    We (the slashdot community, the IT world, the rest of the world) have to make a choice here:

    1. Easy, 1-click executability of untrustworthy active content in emails and the like is a serious bug which must be aggressively stamped out.

    2. Having people get p

Slashdot Top Deals

Lots of folks confuse bad management with destiny. -- Frank Hubbard

Close