Fwd: FW: More on Fraud/Hoax email from Microsoft

[Guest guest]

Some have noted the Microsoft

email received about a patch

update.

 

I wanted to share part of a newsletter

I to, Surf Safely

[ news@surfsafelycom ] to which

give a bit more info:

 

 

::: begin quote - Surf Safely newsletter ::::

 

 

 

New viruses, scams and security threats.

 

 

 

Hackers, virus authors and scam artists seem to be working overtime this week.

In my inbox today I found a letter that appeared to be from Microsoft. I mean it

REALLY looked authentic. In it was the claim to have a critical upgrade that you

need to apply right away to " protect " yourself from a new virus. Well, guess

what? That file IS the virus! When I scanned it McAfee did not catch it on the

first pass. Still suspicious I went to the McAfee site and updated my virus

definition files. The one I had was only 2 revisions old, less than one week

old. The new version did identify the virus. I knew it was there. It had to be.

There were too many warning signs. A) No legitimate company will EVER send you

an executable file via email. Not ever. Not even Microsoft! B) The letter was

delivered to an email address I do not have registered with Microsoft. The moral

is never double click an executable file attached in an email without checking

it with the very latest version! of a good virus

scanner utility. And even then, only from a known source that you asked to send

it.

 

I also received today another entirely legitimate looking email, supposedly from

ebay. I've reported on these before but this one was so authentic looking I felt

it bears repeating. It claimed that I needed to update my personal information

with ebay. All I had to do was which looked like a genuine ebay

web address, fill in the form and click submit. Three clues told me this was a

scam. A) Even though the printed address in the email looked like a valid ebay

address, the url which opened up was a numeric IP address which does not belong

to ebay. Many people might look at this and just assume it was owned by ebay and

send in the form anyway. BAD IDEA. B) Like the virus it was sent to an address

not registered with ebay. C) They were asking for way too much information. Ebay

has no reason to ask me for SSN or credit card with ATM PIN. This has fraud

written all over it. The FBI had been alerted and is hopefully tracing the

origin of this web site which has been! up all

day today and, even as I write this, is still live.

 

And, alas, even Linux fans must be on guard. Two critical security flaws were

discovered yesterday which I first learn of in the news feed at SurfSafely.com

posted on ZDNet. One in OpenSSH that is used to establish secure connections

with a server, the second in Sendmail, the most widely used mail service program

in the entire world. If you manage a UNIX based web server, it is critical that

you get the updates from your OS vendor installed immediately. If you have a

personal web site, make sure your web hosting company has applied the upgrades.

Otherwise, spammers could hijack the server you're hosted on and send spam as if

it originated from you, making you look bad and possibly getting your email

blocked by other services.

 

<sigh> Maybe one of these days I'll have some HAPPY news to report, like the FBI

caught the creep that was stealing personal information under the identity of

ebay as a direct result of the tip which I provided them. It could happen.

Right?

 

::: end quote Surf Safely newsletter ::::

 

 

Cheers

Sally J

Victoria, Australia

 

 

 

NEW WEB MESSAGE BOARDS - JOIN HERE.

Alternative Medicine Message Boards.Info

http://alternative-medicine-message-boards.info