Thanks kurt, adding those in on my filtering and blackholing them now. Z
Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, June 07, 2012 3:23 PM To: NT System Admin Issues Subject: Re: ADP spam Yup. I had one user forward me the email asking about it. It had the following in it (I've replaced the dots with plusmarks) https://www+flexdirect+adp+com/client/login.aspx actually goes to http://melanienrico+altervista+org/HJmdFqbF/index.html It provided me with an opportunity to demonstrate what to look for to the user, and he was very appreciative. Kurt On Thu, Jun 7, 2012 at 12:13 PM, Chinnery, Paul <[email protected]> wrote: > Has anyone gotten an email with the subject: ADP Funding Notification > - Debit Draft ? > > We had a few mailboxes hit today. From the header information, it's > coming from Korea. What happens if you click the link (and, yes, one > of my users did and was very apologetic afterwards), it took her to a sewing > site. > Googled the phrase and it came up with a few sites. Totally > unrelated, just looks like those sites were hacked. She was wise > enough not to try to login with her credentials. The link, on one of > the sites, is to a domain in Brazil. > > > Paul Chinnery > Network Admin > Memorial Medical Center > 231.845.2319 > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
