# Hey everyone, please read this is no hoax



## 220swift (Mar 2, 2011)

*Guys and Gals,*

I just finished sending this to all my clients. Thought you all should know to.

*PLEASE READ THE FOLLOWING.* *THIS IS NOT A HOAX.*

These kinds of attacks are generally referred to as "phishing" attacks and are often difficult for security systems to automatically mitigate. You are even more vulnerable on your systems at home.

You can read the FBI bulletin as well as a very good description of the attack at the links below. However, threats like these are persistent in our environment. We continue to recommend the following key practices to keep company and personal information safe online:
*DO*: Be very careful when opening attachments or clicking links in emails that you receive, especially if the email seems odd (how did the FDIC get my work address?) or if the writing style in the email doesn't appear to match up with the sender (indicating someone's account may have been hijacked). If you do need to use the links or open the attachment and it looks suspicious, verify with the sender via some other means prior to doing so.
*WHY*: Phishing attacks (attacks that originate via a fraudulent communication) are growing in number and are often extremely successful. Attackers often masquerade as a legitimate source to trick users into trusting the contents. It generally takes only one mistake to end up as a victim of this type of attack, and often times the fact that you have been compromised can go undetected until it's too late.
*DO*: For home systems or systems not managed internally by IT, be sure to keep all operating system and applications patched and up to date. Use automatic updates when possible to make this a simple task.
*WHY*: An overwhelming percentage of software vulnerabilities that are exploited by hackers are known vulnerabilities, and that have had patches available for several months. Keeping your systems patched and current will reduce the potential for you to be a "target of opportunity".
*DO*:  Change passwords for critical systems often, at least every 90 days. This includes important personal accounts such as email, online banking, and accounts tied to financial data (such as iTunes accounts). Be sure to use strong passwords that incorporate length and complexity. DO NOT USE DEFAULT PASSWORDS.
*WHY*: Often when credentials are stolen, they will not be immediately used. Changing your password often reduces the window of opportunity should your information get stolen. Using a longer, more complex password substantially decreases the potential for your password to be stolen successfully.
http://www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612


----------



## youngdon (Mar 10, 2010)

Thanks for posting that 220 I know I am really lazy about changing my simpleton passwords.
I get occasional emails about a payment I made being rejected and I know they are bad news. Just like when predator hunting I use common sense.


----------



## 220swift (Mar 2, 2011)

Ya Don, this threat seems to be more of a problem this time. ZDNET has also done an article. I'll post that later tonight.


----------



## bones44 (Jan 7, 2011)

Reminds me of an Office rerun that was just on. All of Michaels passwords were "1234". Thanks for the heads up 220 !


----------



## Ruger (Jan 22, 2011)

Sucks that people have to try and scam us out of our livelihood! Seems like nothing is safe anymore. Maybe I'll just take what $ I have and bury it in a mason jar in the back yard! Thanks for the info.


----------



## Predatorhunter (Dec 9, 2010)

Thanks 220 sometimes we all need a little reminder.


----------

