Folks, your bank will NEVER email you asking you to click or confirm anything

Folks, by now you may have received email(s) from a bank, perhaps even the bank you're with, asking you to do something (for example, asking you to click on a link to confirm your email address). Often these emails look legitimate, and often include graphics and links that help increase the likelihood that they'll be accepted as legitimate.

BUT ... YOUR BANK WILL _NEVER_ DO THIS.

If your bank has any issues that they need you to address, they'll contact you directly by telephone or postal mail. (Even then you still need to tread cautiously, but they will _never_ email you).

So if you do receive any such emails, simply forward the email as an attachment (to preserve the email headers) to the "security@" address of that bank so that the bank can investigate, then simply delete and disregard the email.

 

Yes Wayne, that's become prevalent in last couple weeks in Australia.

Actually I have noticed the National Australia Bank has even run advertisements in our paper, saying exactly the same thing. NEVER EVER reply/click/send private info.

TAS

 

That is only a start. Even if you don't click, you may have visited other infested web sites through other means.

See this for more info.
http://news.com.com/Researchers warn of infectious Web sites/2100-7349_3-5247187.html?tag=nefd.top

 

sekuritas,
Yes you're very correct -- people should use a personal firewall to ensure their email client doesn't connect out simply by clicking on a HTML-rich email. Really your email client only needs outbound access on TCP ports 25 and 110, and only to the IP address(es) of your mail server(s).

 

At last! Some relief for those IE users.

The update disables an ActiveX control known as adodb.stream, which Microsoft says will prevent the Download.Ject attack. The malicious code was being downloaded from the infected IIS servers onto users' machines, and included a trojan that records keystrokes in an attempt to capture eBay and Paypal passwords. The Russian server distributing the attack code was shut down on June 24, four days after the first reports of the exploit, but security professionals predict that copycats are likely to try and replicate the attack.

http://www.microsoft.com/presspass/press/2004/jul04/07-02configchange.asp