Mass-mailing your customers today? Read this first
Thames Water found itself in warm, er, water this week after a clunky migration effort left customers receiving emails that looked like a particularly sophisticated spear-phishing attack.
A Register reader got in touch after receiving an email purporting to be from the company and requesting that he re-register his online account. His original account number was shown, along with a big, colourful button inviting a click.
A classic spear-phishing tactic, compounded by the fact that that button did not go to thameswater.co.uk, from where the email came, but rather online-thameswater.co.uk, the homepage of which could well worry technical and non-technical users alike.
The email was genuine. The problem, according to a spokesperson for Thames Water, was that not all data had survived the migration from the company's 40-year-old billing system ..
Support the originator by clicking the read the rest link below.