Better, just train families and users to *never* click *any* link in *any* message from *anyone*. Then follow that up by never including links in your own messages, and scolding anyone who sends you a message that contains a link. That's pretty much my strategy. I might include links in messages to known tech-savvy recipients who know me and who are expecting such a link from me; for others, on the rare occasions that I include a link, I also tell them to not click on the link that I just posted, but instead to type in the address themselves to their browsers and then follow the path from there.
But then I am not a cyber security expert, so what do I know?
-- dkm
At 3/9/2012 10:06 AM Friday, Loren LaLonde wrote:
To Mr. Oas - Hilarious.
It looks like we'll have to start training our families and users to pay attention to where a link points, and remind them to never click on anything that ends in .exe, .vb*, and all that good stuff too. This one is particularly authentic looking since they copied the actual UPS copyright content, and the format is pretty similar to the real thing. Except I've never seen an invoice link, and delivery confirmations always include your address.
I might as well get ready to be on call with the relatives for this one. Anyone know which virus or exploit they're using so I can have the cleanup instructions handy?
On 3/8/2012 4:00 PM, Jon Galbreath wrote:
Yup, the page itself has links that go to some Java-enabled something or other. I didn't wait around to see what materialized. Fortunately Java is so slow there's time to close the page before you find out what's in store. I'm guessing it's evil.
Jon Galbreath, MCSE
Systems Administrator
International Studies and Programs
Helpdesk: 517-884-2148
Ph: 517-884-2144
<mailto:[log in to unmask]>[log in to unmask]
From: Laurence Bates [<mailto:[log in to unmask]>mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 3:59 PM
To: <mailto:[log in to unmask]>[log in to unmask]
Subject: [MSUNAG] FW: UPS Delivery Notification, Tracking Number B80F119957814DA9
This looks like a particularly dangerous email load - a credible looking web page attachment which offers an executable "invoice" Unless I am mistaken, this could catch quite a few users.
Laurence
From: UPS Quantum View [mailto:[log in to unmask]]
Sent: Thursday, March 08, 2012 1:49 PM
To: <mailto:[log in to unmask]>[log in to unmask]
Subject: UPS Delivery Notification, Tracking Number B80F119957814DA9
You have attached the invoice for your package delivery.
Thank you,
United Parcel Service
*** This is an automatically generated email, please do not reply ***