Mark Secker wrote:
I've literally had hundreds of them coming via dozens dead or dormant
e-mail accounts of forwards that I have.
never ever EVER EVER open ANYTHING like this EVER EVER even if it's from
your own IT department
Further more I have NEVER EVER seen a legitimate e-mail of this type.
if they are legitimate they will tell you to ring their service center.
and even then you look that up in the white/yellow pages rather than use
any phone number they give you
A legitimate bank email will never ask you for your PIN number, net
banking details, etc - if it does, it's a scam, and should be reported
to the bank.
You should never follow a link in a message that appears to come from a
bank (or, really, anybody else for anything important for security).
Instead, use a bookmark or type in the address you know they have. For
similar reasons, if they provide a phone number to call or address to
send something to, do not use it - look up the bank's details in the
phone book instead.
It is extremely important to understand that an e-mail can appear to
come from any address of the sender's choice. If I can have your
permission I'll demonstrate this shortly by sending a message to the
WAMUG list that appears to come from you. Because sender addresses are
so trivially faked, you can not trust that a message is from the person
it appears to be from, and should generally be suspicious of any
message, no matter who it's from, that asks for security details,
personal details, or asks you to take actions like open an attachment,
visit a website, or perform tasks on your computer.
Sucks, doesn't it?
--
Craig Ringer
