Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

[fraser <fraser () 0x10 com>]

* sfmailsbm () gmail com <sfmailsbm () gmail com> wrote:

> Dear List,
>
> It is a common practice among users to user their personal email accounts like hotmail, gmail, etc to send & receive 
> business (and most probably confidential) information
>
> This is particularly the case when users are out of office
>
> These webmails are not under the company's control, and hence there is a risk of information loss. However upto now 
> we have not heard of any such cases
>
> Wanted to get the opinion of the list on the security risks of the use of Webmails for business mails

Hi,

In my opinion, I think there is also an increased risk of social engineering attacks if such email addresses are 
accepted as generally used. One might be suspicious of a stranger asking for certain information to be sent to a random 
@hotmail.com account, but if the employees of a company are generally in the habit of usig such addresses they might be 
less suspicious of sending it to a non-company domain. A minor risk perhaps, but from a social engineers point of view, 
"Every little helps" ;)

-Fraser

P.s. I think i need more coffee

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------