I received an email today containing the following content:
You have received a secure message from CareFirst BlueCross BlueShield. To read the message, please open the enclosed attachment.
To ensure your privacy, CareFirst has used software supplied by Sigaba Corporation to encrypt your message. Some of the pages you will see may include their SigabaSecured® logo or company name.
· Your secured message is contained in a file named CareFirstSecure.html which is attached to this e-mail. Click on the filename, then click open.
· You will be asked for your User ID and Password (that you use in My Account), and the message will display.
· Some e-mail systems require a free download from Sigaba Corporation to properly display the secure message. If you are asked to install and run software from Sigaba Corporation, please click Yes.
· After this small download is complete, you will then be asked for your User ID and Password for My Account. Then your message will display.
If you click Open and cannot view the message, try clicking Save. This will save the file on your PC's hard drive. You can then open the message.
Some computers (especially in large corporations) are "locked down" to prevent users from downloading software. Those locked computers may not allow you to read a secured message or to download the required component from Sigaba.
If you are unable to open the attached message, or need other technical assistance, please contact us at 1-877-526-8390.
Immediately I thought that this was a phishing attack as
1. I did not expect any messages from care first
2. had never seen this type of message before
3. the message was suggesting that I launch an attachment
4. The attached .html file contained an active-x control packaged in couriercontrol.cab. A quick google search showed link titles that contained spyware, and other references from HiJackThis.
But just to be sure I navigated to www.carefirst.com and logged into my account and looked for some sort of messaging area. I could not find it.
Then I proceeded to use the care first web site to send a message to technical support. I typed a long explanation of what I had found and wanted to know if this email had indeed come from care first. Upon trying to submit the form I got a 404 error. I was pissed. But as it turned out the message was delivered as I quickly got an email response.
Thank you for reporting your issue to the My Account Technical Help Desk.
The email you received is a secure email sent to you from CareFirst and
requires (as instructed in that email) that you install the Sigaba software
onto your PC. Once that is completed you will need to click on the
attachment (or save it to your desktop and open from there) to reach a
login page. The userid and password being requested, as a final step to
opening your secure email, will be the same as the CareFirst 'My Account'
web page account you created.
I like how it just restates that I have to install the software to view a message. Hmmmm, well let me talk to a human. I called the technical support and said I just wanted to know what the message was without installing any software. They said they could not help me and I would need to talk to customer support. Five transfers later I was back at technical support. I asked if there was a location on my online account that I could view the messages and I was told the only way was using the Sigaba secure approach. They took my information and said they would get back to me.
Now, Sigaba may be providing great security solutions but providing such instruction to retrieve messages is irresponsible.
I believe most of the general internet population has been trained to not save or open attachments and be suspicious of these types of email. If we tell them “well, you can trust these messages” what is to stop malicious hackers from spamming everyone with messages that look like these secure sign in pages.
