Wednesday, July 02, 2014

Arlington Alert Migration - You Can Do Better

Being in the software business, I know how tricky deployments and migrations can be. I have sympathy for anyone who has to make changes to a massive production system. But with that said, I'm baffled by the latest changes in the Arlington Alert system. Arlington Alert is a text messaging platform that, well, alerts Arlington residents important news. The alerts include road closures, weather alerts, and other mostly relevant bits of information. While they occasionally send out noise, on the whole, I really like the system.

Two days ago, Shira got the following e-mail:

Subject: Good afternoon Arlington County Arlington Alert users.

Please click here to acknowledge receipt of this message

This is an important message from ARLINGTON ALERT

Arlington has transitioned to its new and improved “Arlington Alerts” system, as of today June 30, 2014.
To continue to receive Arlington Alerts you must register in the new system,

to register visit https://member.everbridge.net/index/1332612387832024

Some Arlington Alerts features include:

• Choose to receive traffic updates, emergency alerts and county government notifications.
• Choose automatic weather notifications for up to five (5) geo-targeted locations and the ability to set quiet periods for chosen weather alerts.
• Add up to ten (10) delivery methods such as email, cell phone, home phone and text messages.
• Mobile application available via iPhone or Android devices.
• Arlington Alerts is FREE. You may incur charges from your cell phone company if you have a per-call or per message limit on your mobile device.

For additional information about Arlington Alert, visit https://member.everbridge.net/index/1332612387832024 and share with family, friends and co-workers!

For those who have already registered you can always update your account, be sure to bookmark this link.

There's a number of very suspicious aspects to this e-mail: (1) the subject line is unrelated to the content of the e-mail, (2) it's not personalized to the sender, (2) it includes the sketchy "Please click here to acknowledge receipt of this message" -- who does that?, (3) it mentions everbridge.net, a domain name that isn't familiar, (4) if this really is a critical message ("to continue to receive Arlington Alerts..."), then why wasn't I warned about this change? If I was to design a phishing scam targeted at Arlington Residents, this is pretty much the exact e-mail copy I'd use.

To make matters even worse, visiting www.arlingtonalert.com takes you to a page that mentions nothing about the migration.

Shira e-mailed the folks at Arlington Alert and got back this response:

This message is legitimate. We have changed Arlington Alert vendors, (Everbridge is our vendor now), so everyone has to re-enroll. We are sorry for the confusion the email caused. If you have any problem signing up or other concerns/questions, please let me know. Deb

So there you have it, evidence that this was in fact a migration and not some phishing scheme.

Turns out, I had received the same e-mail, but had haphazardly archived it because of the benign looking subject.

Migrations are hard and rarely go smoothly. But come on, you can do better than this e-mail.

No comments:

Post a Comment