Dear User:
This is most embarrassing.
As the director of PinkyLink, America's largest on-line information service, I was shocked to discover that a theft of several backup tapes took place over the July 6th weekend.
Contained on one of those tapes was, among other things, the personal security data on a small percentage of our customers.
While your name was, luckily, not on that stolen tape, there is still some threat to you. As of now we are uncertain whether any users with programmer-level computer access were backed up on the stolen tape. Therefore, we request you fill out this application and mail it back immediately in the postage paid envelope
provided.
Fill out the form and return it to us as soon as possible. Once received, we will update you to this new, secure ID.
Thank you for your cooperation, and to offset any trouble this may cause you, we will be subtracting 75% off your August bill.
Name
Address
Zip
Day Phone(_)
Night Phone(_)..-
Old (Invalid) Password
New (Updated) Password
PinkyLink, America's Largest On-Line Information Service, guarantees that the above personal data will be inputted no later than September 1, 19--, (following verification), and will be kept confidential before and after such time.
Please keep a copy of this for your records.
Imagine Joe User gets this letter in the mail. It looks authentic, having the logo and letterhead of the service, and arriving in a metered, typed en-velope. But will Joe believe that PinkyLink actu-ally sent this to him?
The whole situation is preposterous! Any real life computer service with a password problem would require that all password updating occur on-line. It's simply the cheapest and easiest way to update hundreds or thousands of pieces of user information. Still, when Joe User looks at this letter, he will notice that he isn't in
immedi-ate danger as some other users of the system are; unlike those other poor losers who got their passwords stolen, Joe doesn't have to be con-cerned that he'll start getting huge bills in the mail from the criminal charging system usage to Joe's account.
And what about that 75% deal at the bottom? That makes Joe twice as likely to respond to the letter. Not only does he have a responsibility to himself to make his account secure again, he has a responsibility to the database: if they were nice enough to warn him of this and pay him for it, the least he can do is comply with
them. And the return envelope is postage paid!
Of course, PinkyLink probably has an on-line way for users to change their password, but you don't have to mention that when you write a letter like this. Remember, the style is more important than the wording of the letter. Before you send out something like this, be sure to look at real examples of PinkyLink's correspondence, to get an idea of the kind of paper and printing used, sizes of fonts, coloring, etc.
You should expect high returns from this swindle, especially if the people you send the letters to are absolute rookies. Later we'll talk more about how monitoring BBS activity can pay off.
