An intelligent Phishing email work – Be aware!

A slightly different topic this time…

I am writing this post, half in appreciation of a brilliant work of phishing email from some one out there… and other half : to help some one who could fall victim to this malicious intent from that same person(s)!

I got a mail in my gmail account yesterday, asking to verify my gmail account:

Gmail account verification mail that I received

 

Note that the from email ID is a bit of a giveaway for careful eyes:

it says “gooqle” and is not from “google.com”.

But how many normal gmail users will be noticing those?

Cleverly disguised!

When I clicked on the link to sign-in for verification, I got the following screen (looks quite authentic isn’t it?):

The verification login screen

 

Hardly anything suspicious here…

But I happened to notice (lucky me!)  the full url here which was like:

 

Notice the url with IP address than a proper         domain! Again, very easy to miss…

 

 

At this stage, I was convinced this was a phishing attempt. But decided to play along. I have entered my google ID with a Wrong password. Obviously, the phishing system can’t recognize that… So it passed me to the next page:

    For an unsuspecting victim of this           phishing , this looks like another               authentic google page.

And see what they are asking –

Your phone number or recovery             email!

I decided to play along – just typed a random 10 digit number into the phone details and pressed continue:

It gave me this page, before transferring to the “actual” gmail login page:

Another brilliantly disguised page.

What it says in reality is:

“Your account is updated into our “hacked” accounts list” 🙂

This has to be one of the best crafted phishing attempt I have come across. A recipient of this email can very easily fall prey to this attempt – and I hope this post helps as a protection.

Please feel free to share with people known to you!

 

 

 

Visibility of Service Portfolio (Not just Catalog) to Customers

Many of my recent consulting interactions with service organizations and their customers has been making one strong statement:

Service Portfolio needs to be brought into a larger mainstream role over Service catalogue in service provider scenarios. Or in other words, Service Catalogue might have to have a larger scope than just the ‘live and currently offered services’.

First, let us set the context here:

ITIL® has been clear on one aspect:

• Service Catalogue is the only part of the service portfolio published to customers (ITIL® Service strategy publication).
• Also the diagram in figure 2.6 in the same publication indicates Service catalogue as the only portion of the Portfolio that is visible to customer

In a typical IT Service management scenarios (especially in external, retail service scenarios), this is more or less logical and accurate.

However, in today’s world of ‘so-called’ Business-IT integration (which ITIL® has been describing from its 2007 edition onward), will this be sufficient?

Let us look at the two scenarios of service providers:

a) An Internal IT Provider:

In this scenario, the business units are the key customers for the Service provider (internal IT department or a shared service unit). In this case, if only the Service Catalogue is visible and used in interactions with the customers, will that suffice for an effective business-IT integration?

It is quite apparent that a visibility into the Service Pipeline is highly essential to achieve effective levels of business and IT integration. In the internal Service scenario, the pipeline will be largely driven by the business strategy and priorities, and hence it is important for the business to have a visibility into the Service Pipeline of IT in order to understand and fine-tune (if and as required) the IT’s strategy and capabilities to ensure alignment to business.

So it is clear that, in an internal service scenario, the Service Portfolio (selective portions of the same, in some cases, where applicable) need to be visible to the ‘customer’ organization to ensure proper alignment and integration.

 b) An External Service provider:

Recently I happened to have interactions with the external customers of an IT solution/service provider. One of the key challenges that were repeatedly voiced by the key stakeholders in customer organization was:

• Lack of visibility into the future solutions that the solution/service provider was planning to offer and/or the roadmap for the existing solutions/services in terms of enhancements and features.

Why is this important to the customer organization? (more…)

 

“It depends…”

When I attended my initial ITIL® trainings, (it was version 2 at that point) to some of the questions raised by the students (us), the trainer used to (often with a quirky smile) respond ‘It depends!’ – some, with follow-up explanations and others, without.

 I kept hearing the same phrase in answers from many other trainers, consultants, experts, authors and practitioners all along.  I felt some of them using that as a trump card to brush off difficult questions (and quite frankly made a mental note of the same tool for future use!). It is another thing that even the person(s) on the other end also started understanding the trick very soon.

On a serious note, ‘it depends’ is a genuine answer (or prelude to the answer) to many questions regarding ITIL® (or any frameworks similar). Examples:

• Some “Evergreen” questions in LinkedIn groups and other forums such as: “is password reset an incident or service request”, “ Is Server reboot a change” etc etc…
• “Which ITIL process should be implemented first? ” or “ which order the processes need to be implemented?”
• “What categories should Incident tickets have” or “how many levels of priorities a ticket should have”?
• “What details a Service catalogue should have”

And so on…

“It depends…” is not THE answer to the above questions, but it is a good prelude (which sets the perspective right) to the answer, which SHOULD be followed up with a clear explanation on “what it depends on…” and more importantly “why…”. A right combination of these will make the answer the best. (more…)