This went out this morning. The first place in any "security strategy" should be to train the human.
Folks,
I hope you had a great summer!
With anti-SPAM services getting better and better the malicious folks out there are getting a lot more subtle in their efforts plus we’re seeing an uptick of baddies in the Inbox.
Things to note in the message below:
- The FROM domain @fmelaw.com does not match the domain in the link
- After hovering the mouse over the Here link the URL listed contains a bunch of gibberish
- Watch for language, spelling, and grammar errors as there tends to be a lot of them
- Is the Subject and/or Sender legit? Call them first!
- Do NOT open any Word documents and especially do NOT click Enable Macros if prompted!
- Be cautious with any PDF attachments. If in doubt call the sender or forward to here with a question.
NOTE: We are seeing _a lot_ of compromised e-mail addresses and mailboxes as a result of users opening something or clicking on something they should not have.
One attack vector is via a Macro enabled Word document harvests both E-mail and Addresses to send out _replies_ to a legitimate e-mail thread/conversation. If the Word document gets clicked on and a prompt comes for enabling Macros the Word document is BAD. CLOSE Word and SHIFT+DELETE the e-mail!
If in doubt, don’t open or click on it! Do _not_ hesitate to call or forward the questionable content!
Thank you and have a wonderful day! :)
Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service
Twitter: @MPECSInc
No comments:
Post a Comment