If you’re going to misdirect a fax containing personal information, you probably don’t want to misdirect it to a security firm with a blog.
SLC Security reports that they received faxes from William Farrell, CPA of Cary, NC containing what appeared to be payroll information.
When they tried to contact the firm using the contact email prominently posted on the firm’s web site, their email bounced back:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed
The mail server could not deliver mail to [email protected]. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries
Insert #facepalm here. And yes, a whois lookup confirms there is no such domain.
The site does provide another e-mail address and a phone number, but then, it’s not on SLC Security to make repeated efforts to alert strangers that they’ve had a breach.
So when was the last time you checked your sites to make sure that any contact email addresses you provide actually work?