I like when they request access to your clipboard
Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 [email protected]<mailto:[email protected]> | www.lmfj.com<http://www.lmfj.com/> [[image]] Like Us on Facebook <http://www.facebook.com/leemichaelsjewelry> Watch the Lee Michaels Story <http://www.lmfj.com/embed_holder.php> This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . From: General [mailto:[email protected]] On Behalf Of Jarred White Sent: Wednesday, December 04, 2013 12:41 PM To: [email protected] Subject: Re: [brlug-general] Spearfishing It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes <[email protected]<mailto:[email protected]>> wrote: Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp <[email protected]<mailto:[email protected]>> wrote: A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp<http://google.com/+edmundcramp> -- I am a drinker with writing problems. Brendan Behan _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://brlug.net/mailman/listinfo/general_brlug.net -- ~Running amok on technology with no apologies
<<inline: picture32c1b3>>
_______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
