Marriott Rewards sent me an e-mail that so closely resembles a phishing scam that I did not comply with it. While I’m a Marriott Rewards member, I refused to follow through with it.
They are promoting some sort of a sweepstakes, and to enter, I am required to enter my name, full address, and full date of birth (month, day, and year), and (optionally) my phone number.
This is precisely what phishing scams do.
I wrote to Marriott, telling them that this is irresponsible and only serves to confuse private citizens who are already having enough trouble discerning genuine emails from phishing and fraud.
In 2005, Marriott lost data on over 200,000 customers. Maybe they’re not thinking seriously about security yet. If not, what will it take to wake them up?