Folks, your bank will NEVER email you asking you to click or confirm anything

Discussion in 'privacy general' started by Wayne - DiamondCS, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Folks, by now you may have received email(s) from a bank, perhaps even the bank you're with, asking you to do something (for example, asking you to click on a link to confirm your email address). Often these emails look legitimate, and often include graphics and links that help increase the likelihood that they'll be accepted as legitimate.

    BUT ... YOUR BANK WILL _NEVER_ DO THIS.

    If your bank has any issues that they need you to address, they'll contact you directly by telephone or postal mail. (Even then you still need to tread cautiously, but they will _never_ email you).

    So if you do receive any such emails, simply forward the email as an attachment (to preserve the email headers) to the "security@" address of that bank so that the bank can investigate, then simply delete and disregard the email.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Yes Wayne, that's become prevalent in last couple weeks in Australia.

    Actually I have noticed the National Australia Bank has even run advertisements in our paper, saying exactly the same thing. NEVER EVER reply/click/send private info.

    TAS
     
  3. sekuritas

    sekuritas Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    19
  4. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    sekuritas,
    Yes you're very correct -- people should use a personal firewall to ensure their email client doesn't connect out simply by clicking on a HTML-rich email. Really your email client only needs outbound access on TCP ports 25 and 110, and only to the IP address(es) of your mail server(s).
     
  5. sekuritas

    sekuritas Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    19
    At last! Some relief for those IE users.

    The update disables an ActiveX control known as adodb.stream, which Microsoft says will prevent the Download.Ject attack. The malicious code was being downloaded from the infected IIS servers onto users' machines, and included a trojan that records keystrokes in an attempt to capture eBay and Paypal passwords. The Russian server distributing the attack code was shut down on June 24, four days after the first reports of the exploit, but security professionals predict that copycats are likely to try and replicate the attack.

    http://www.microsoft.com/presspass/press/2004/jul04/07-02configchange.asp
     
Loading...
Thread Status:
Not open for further replies.