- Impact
- 6,717
Neither, the correct one is, email-marriott.com.... Last week there was a monstrous data breach. In response the company sent out millions of email warnings. Problem being it was a bad response without a proper domain strategy and put millions at risk for a second time. Small and large companies alike should always consider a proper domain strategy as part of their cybersecurity strategy.
From: TechCrunch
https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/
"One problem: the email sender’s domain didn’t look like it came from Marriott at all.
Marriott sent its notification email from “email-marriott.com,” which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate — the domain doesn’t load or have an identifying HTTPS certificate. In fact, there’s no easy way to check that the domain is real, except a buried note on Marriott’s data breach notification site that confirms the domain as legitimate."
From: TechCrunch
https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/
"One problem: the email sender’s domain didn’t look like it came from Marriott at all.
Marriott sent its notification email from “email-marriott.com,” which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate — the domain doesn’t load or have an identifying HTTPS certificate. In fact, there’s no easy way to check that the domain is real, except a buried note on Marriott’s data breach notification site that confirms the domain as legitimate."