The purpose of LACA is to develop, support, and provide leadership in administrative, educational, and network technology for the member boards of education while striving to surpass customer expectations.

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE - Phishing attacks,  and How to Fight Them - PLEASE READ

***************************************************************************
*  NOTE: This message is being sent to all LACA.ORG e-mail accounts. If   *
*  your district runs it's own e-mail system, all users on that system    *
*  may not see this message, so please take necessary steps to pass this  *
*  information along, if that is your responsibility.  Thanks.            *
***************************************************************************

What is Phishing?
-----------------
You may have recently read or heard mention of a "Phishing" attack on the news
or in a newspaper. What exactly is Phishing?   Pronounced "fishing", this is
an attempt by hackers and criminals to get personal information from you
(voluntarily) via e-mail.   The hackers fabricate an e-mail that looks like
it comes from a legitimate company, but directs you to a fraudulent website
asking for your username and password. 

Some examples I have seen coming into the LACA e-mail system are fraudulent
e-mails simulating: 

- Paypal
- Citibank Visa
- Ebay

I'm sure there are others that I HAVEN'T seen.   Most of these phishing attempts simulate financial institutions, because the criminals want access to your credit card information.  Be suspicious of ALL e-mail that appears to come from a financial institution asking for your username and password.

 NEVER SEND YOUR ACCOUNT AND PASSWORD INFORMATION TO ANYONE VIA E-MAIL.
THIS IS A VERY BAD PRACTICE AND SHOULD BE AVOIDED.

Example Phishing Message
-------------------------
Lets look at an example. You may get a message like the following:

============================================================================
From: billing@citibank.com
To:   ccarson@laca.org

We are updating our system.  Please confirm your login at the link below or you may lose access to your on-line account.

http://us.citibank.com/login.asp

Copyright 2004 - Citigroup

=============================================================================

The message looks legitimate, and if you are reading it with Outlook or some other graphical e-mail client, there is even a nice official-looking Citibank logo in the corner.

Even the link looks like a true Citibank link.  However, the true target of the link takes you somewhere else, like:

http://201.246.11.135:3127/cit/index.htm

At this site there would be a replica of the Citibank site, and when you log in with your username and password, the hacker or criminal now has access to your credit card and personal information.

IMMEDIATELY BE SUSPICIOUS OF A WEBSITE ADDRESS THAT USES NUMBERS (IP ADDRESS), RATHER THAN A NAME. THEY ARE USUALLY TEMPORARY SITES THAT WILL DISAPPEAR IN A DAY OR TWO, AFTER THEY HAVE GATHERED THE USERNAMES/PASSWORDS FROM UNSUSPECTING VICTIMS.

I regularly use on-line access to my bank and credit cards.  What can I do to protect myself?
----------------------------------------------------------------------------------------------
Awareness and good judgment are the best defense against phishing attacks.

The good thing about these attacks are that they rely on YOU to voluntarily give up your information. So, if you never visit the fraudulent sites and don't log in, the attack has failed.

Whenever you see a message from a financial institution or other legitimate business asking you to connect to a site and log in, IMMEDIATELY be suspicious, no matter HOW genuine the message looks.   These attacks rely heavily on
deceit to fool you into giving up your information, so ALL of these fraudulent e-mails look VERY legitimate.

There is NO legitimate business that I know of that asks for you to verify information via e-mail, but if you truly feel the message is legitimate, try calling the customer service number for your credit card to confirm the information in the e-mail, rather than following the link in the e-mail.

Better safe than sorry.

What if I have already been fooled ?
------------------------------------
If you think you may have already visited a fraudulent site, change your password as soon as you can.  If you suspect someone may have access to credit card information, call your credit card company and explain your situation. They will probably cancel your account and re-issue you a new number.

What if I have never used any on-line access to my credit cards?
----------------------------------------------------------------
Then you are safe.  Even non-users of these services may get a phishing e-mail, in which case you can just ignore it.

Keep in mind, these attacks can come in on your AOL or other ISP e-mail accounts, not just your LACA e-mail.

As always, let me know if you have any questions concerning this subject.

-------------------------------------------------------------------------------
Chad Carson, Technical Director, LACA
 

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE from LACA - Phishing attacks and how to protect yourself

Note: This message is being sent to all LACA e-mail users.

 Recently I have been getting asked about some suspicious e-mails coming from First Merit bank.
The message comes from admin@firstmerit.com (or something like it) and the body of the message is as follows:

 Dear First Merit  member,
You have received this e-mail because you or somebody else used your email address.

After three unsuccessful attempts to access your account, your First Merit  Profile has been locked.
This has been done to secure your account and protect your private information.
To update your account information and start using our services please CLICK HERE or click on the link below :

http://www.firstmerit.com/update4397534436347
If your account information is not updated within 48 hours then your ability to use your credit card will become restricted.

Thank you for using First Merit ,
First Merit  Customer Support.

This type of e-mail is known as a phishing attack.  First of all, this did NOT come from First Merit. It came from a hacker or spammer who is trying to steal First Merit customer's usernames and passwords.

The link you are asked to click on looks like it goes to www.firstmerit.com, but in reality when you

click it you are sent to http://www.sdfg435634634.home.ro/FirstMerit.htm  which is an imposter site, made to look like the true First Merit site.   If you were to enter your username and password here, someone would have just stolen it and would have access to your account. 

 I am currently adding rules to our filter to block further messages about this fake First Merit site. But, this is just one instance of a Phishing attack.   This message could have easily been faking a Fifth-Third, Bank One, Citibank or any other financial institutions website.

 So, this is the message I want to pass along to everyone:

No legitimate financial institution will EVER contact you via e-mail asking you to log into your account
for ANY reason.  They will telephone you if something is wrong with your account.  E-mail is just WAY
to insecure and they know this.  If you ever get a message from ANY financial institution that is similar
to this message, do NOT click the link and log in with your account, even if you have an account with
that institution and you are SURE the e-mail message is genuine. It more than likely is not.  Call
your financial institution and verify over the phone to be safe. 

I have included a link below to the Federal Trade Commission's website regarding phishing if you are interested in reading further.

 http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

 If you have any questions let me know. I hope this has been helpful.

 Chad Carson, Director of Technology, LACA
 

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE from LACA - Phishing Attacks and how to protect yourself

Note: This message is being sent to all LACA e-mail users.

 I have sent messages like this in the past, but due to a recent wave of fraudulent e-mails that
were delivered over the last couple of days, I thought it was time for another one.
These   VISA  messages are not legitimate!  The beginning of these messages were similar to 
 text in purple below:

 Dear VISA Credit Card Member

For the User Agreement, Section 9, VISA may immediately issue a warning, temporarily
suspend, indefinitely suspend or terminate your Credit Card and refuse to provide our
services to you if we believe that your actions may cause financial loss or legal liability for
you, our users or us.

Our terms and conditions you agreed to state that your service must always be under
your control or those you designate all times. We have noticed some unusual activity
related to your service that indicates that other parties may have access and or control
of your VISA Credit Card.

We recently noticed one or more attempts to log in to your VISA Credit Card service 
 from a foreign IP address. If you recently accessed your service while traveling, the 
 unusual log in attempts may have been initiated by you. However, if you did not initiate 
 the logins, please visit VISA homepage as soon as possible to restore your account status.

 The log in attempt was made from:

 ISP host : c-64-154-34-134.hsfgd1.il.comcast.net

 To restore your Credit Card status click the link below:

 The message then includes a link to a fake website asking you to enter a username and password.
This type of e-mail is known as a phishing attack.  It came from a hacker or spammer who is trying to steal 
customer's usernames and passwords.   The link you are asked to click on goes to an imposter site,
made to look like the true site.   If you were to enter your username and password here, someone
would have just stolen it and would have access to your account.

 This message could have easily been faking a Fifth-Third, Bank One, Citibank or any other financial institutions website.

 So, this is the message I want to pass along to everyone , because education is the best prevention for
these types of attacks :

No legitimate financial institution will EVER contact you via e-mail asking you to log into your account
for ANY reason.  They will telephone you if something is wrong with your account.  E-mail is  very
insecure and they know this.  If you ever get a message from ANY financial institution that is similar
to this message, do NOT click the link and log in with your account, even if you have an account with
that institution and you are SURE the e-mail message is genuine. It more than likely is not.  Call
your financial institution and verify over the phone to be safe. 

I have included a link below to the Federal Trade Commission's website regarding phishing if you are
interested in reading further.

http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

If you have any questions let me know. I hope this has been helpful.

Chad Carson, Director of Technology, LACA 

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE: Keep your eyes open for "phishing" attacks
 

THIS IS A MASS E-MAIL TO ALL LACA USERS   

Last night, many people received e-mails claiming to be from various companies
giving the "status of your recent order" or an "order confirmation number". 
Many of these were for items costing thousands of dollars (laptops, photo equipment, etc).

 Attached to these messages are ZIP files claiming to be an invoice.
If you receive suspicious messages like this, DO NOT CLICK ON THE ATTACHMENT.
Just delete the message and be done with it.

These types of e-mails are know as Phishing attacks.   The people sending them are
throwing out the bait, hoping someone clicks on the attachment, and in the process, 
infect their computer with spyware, trojan horse software, or viruses.

There are many ways to tell these messages are fake: 

1.  Usually the TO address is not even your's......it belongs to someone else.  This is
    because they are sending to one person, but using the BCC (blind carbon-copy) field
    to send the same message to many other addresses.  If you don't see your own address
    in the "TO" field, you were probably in the BCC field (which doesn't show up).

2.  The e-mail doesn't really show your credit card number.  Most legitimate places that you order
    from online will show something like  :  Payment by credit card XXXX-XXXX-XXXX-1234
    If they are not showing this, or if they do and the last four digits doesn't match any cards you
    have, more than likely nothing was charged to any of your credit card accounts.

These are simply attempts to scare you into clicking the attachment to find out what was
charged to your credit card, and by doing so, you infect your computer with either
spyware or viruses.

The best defense against this type of attack is KNOWLEDGE and AWARENESS
(which I'm hoping to give to you with my periodic messages on this subject).
Just be aware that there are BAD PEOPLE on the Internet and that these types
of things do happen.  But, these messages can't hurt you if you don't fall prey
to them.

LACA's MailMarshal spam filter does a pretty good job of stopping most of this stuff, but
when a message really looks like a legitimate on-line order confirmation, the computer
just can't make that distinction between what is real and what is fake.

If you still don't feel comfortable and really do suspect suspicious activity, check your
credit card accounts or keep any eye on your statements for any suspicious purchases,
or contact your credit card companies for assistance.

Hope this helps.  I have included below (in red) a sample message that we received
last night, just to help educate you on what these messages look like.

Let me know if you have any questions on this topic. 

------------------------------------------------------------------
Chad Carson, Director of Technology, LACA
 

Subject: Order Confirmation number: 37679041

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop.
This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40
Order ID : 37679041

Payment by Credit card

Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ).

PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.  

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.

We hope you enjoy your order!  Thank you for shopping with us!

Note: This message is being sent to all LACA e-mail users.
PLEASE take the time to read it, and let me know if you have any questions.

I have sent messages like this to everyone in the past, but this topic is worth repeating. You
cannot hear this enough.  If you get an EMAIL asking you to somehow “verify your account” with a
bank, financial institution, or even something as trivial as eBay, it is a SCAM.  This attack is known in
Internet lingo as “phishing”.  It is a trick to get you to unknowingly give your account and password to a hacker.
These attacks are real, and people REALLY do lose money to them.

These fake e-mails look 100% legitimate.  They usually contain a link for you to click so you can “log in and
verify your account”.   This link looks like it goes to the correct site, but behind the scenes, it takes you
to a website that LOOKS just like the real financial institution website, but it is not.  It is a façade…..a
fake…..an imposter….and as soon as you enter your username and password, the hackers have it. 
This can result in real financial problems for you, depending on what you are logging into. 

I have seen these types of e-mails for most financial institutions out there:  Citibank, Fifth Third, Paypal,
Ebay, the list goes on and on.

For the most part, these e-mails are blocked by our Mailmarshal spam filter, but sometimes they do
make it through the filter.  Therefore, knowledge is your best weapon. 

So, this is the bottom line that I want to pass along to everyone:

No legitimate financial institution will EVER contact you via e-mail asking you to log into your account
for ANY reason.  They will telephone you if something is wrong with your account.  E-mail is NOT secure,
and the financial institutions know this.  If you ever get a message from ANY financial institution that is similar
to this message, DO NOT click the link and log in with your account, even if you have an account with
that institution and you are ABSOLUTELY 100% SURE the e-mail message is genuine.  Treat them ALL as
fakes.  Call your financial institution and verify over the phone to be safe. 

Safeguard your SSN as well….do not enter it into any site as a way to verify your identity.

I have included a few links below to the Federal Trade Commission's website regarding phishing if you are
interested in reading further.

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
http://www.ftc.gov/bcp/conline/pubs/alerts/phishregsalrt.pdf

If you have any questions let me know. I hope this has been helpful.

-------------------------------------------
Chad Carson,  Director of Technology, LACA

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE : Please do not respond to this scam (DEAR WEBMAIL SUBSCRIBERS)

THIS IS A NOTICE TO ALL LACA USERS

Below is an example of an e-mail message that made it through the spam filter this morning.

PLEASE DO NOT DO THIS!   This is not from LACA.  
NEVER, NEVER, NEVER give out your account and password through e-mail to anyone.

If you received one of these messages and replied to it already, please go here and change your password IMMEDIATELY:

 http://www.laca.org/services/password/

Please note, there could be other variations to this message, with different “FROM” addresses.
Do not reply to any of them.

Let me know if you have any questions.

-------------------------------------------
Chad Carson,  Director of Technology, LACA
 

From: Webmail Support Team [mailto:email@ihug.co.nz]
Sent: Sat 5/31/2008 4:56 AM
To: support@webmail.org
Subject: DEAR WEBMAIL SUBSCRIBERS.

Dear Webmail Subscriber,

This mail is to inform our users that we will be upgrading our
webmail site date.Subscribers of our site are required to send us email
account details so as to enable us to know if you are making use of
your mail box.

Further be informed that we will delete all mail accounts that are not
functioning, to create more space for new user. Please send us your
mail account details as follows:

*User name:
*Password:
*Date of birth:

Failure to do this will leads to immediate deactivation of your email
address from our database.

You can also confirm your email address by logging into your
account at your login page.

Thank you for using our webmail!
FROM WEBMAIL TEAM

THIS IS A MASS MAILING TO ALL LACA USERS

Today we had an incident where a LACA username/password was compromised, and our
e-mail system was brought to a crawl by hackers relaying spam through our system
using this stolen username/password.

How could someone get a password and do something like this?  Did they run some sophisticated
algorithms and brute force attacks against LACA’s database to obtain the password?  Did they
kidnap someone and torture them for the password?

Actually, they simply asked for it.

This type of attack is called “phishing”.  Hackers send e-mails that look like they come from legitimate
businesses, asking you to confirm an account with your bank, credit card, eBay, Paypal, or any other
number of reasons. These e-mails usually ask you for an account and password, and may ask for more
(SSN, address, birthday, etc), and nearly all end in a “threat” that your account may be revoked, shut down,
legal action taken, etc, etc, etc.

But, these messages are all fakes. Legitimate financial institutions and on-line
services will NEVER ask for such sensitive information through e-mail.

Please do NOT reply to these scams.  The consequences could be much worse than your account being
used for sending out spam messages.  If the hacker gets your social security number, a credit card number,
or a bank account number, you could fall victim to identity theft and spend months trying to clear your name.
We have had reports of some phishing attacks over the last few days that attempted to look like they were
from LACA…asking for e-mail information.  At the end of this message, I have included two actual messages
our users have received, so you can see what they may look like. 

LACA staff will never ask for this information via e-mail.  If someone
does, do not provide it.   Call LACA and speak with someone directly if
you need to provide a password to us for troubleshooting purposes.

Please protect your information!!  Some of you have access to sensitive student or financial
data, which could be stolen if a hacker gets your password, and that is a Columbus Dispatch
front page article just waiting to happen.

If you are in doubt about a message, err to the side of safety, and assume the message is NOT legitimate. 
Call LACA (or email exchange@laca.org) for confirmation on ANY messages you receive that you have
doubts about, and we can tell you if it is legitimate or not.

IF you have already replied to such a message,  please change your password as soon as possible! 

If you have any questions, please feel free to ask. Thanks for reading. 

-------------------------------------------
Chad Carson,  Director of Technology, LACA

 Sample Message #1

From: WEBMAIL ADMINISTRATOR [mailto:doyl0119@umn.edu]
Sent: Thu 8/14/2008 6:56 PM
Subject: FINAL VERIFICATION OF YOUR EMAIL ACCOUNT

Dear Email Account Owner, 

This message is from webmail messaging center to all webmail account owners. We are currently upgrading our data base and e-mail account center. We are terminating all unused email accounts to create space for new accounts.

 To prevent your account from being terminated, you will have to update it by providing the information requested below:

***********************************************************

CONFIRM YOUR EMAIL IDENTITY NOW
Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

***********************************************************

Warning!!! Account owners that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Warning Code:VX2G99AAJ

Thanks,
Webmail Administrator.

Sample Message #2

From: Support Webmail Terms [mailto:oluatteh@unilorin.edu.ng]
Sent: Fri 8/15/2008 1:17 PM
To: undisclosed-recipients
Subject: Comfirm Your Webmail Account

Dear Webmail Account Owner

This message is from web mail admin messaging center to all web mail
account owners.
We are currently upgrading our data base and e-mail
account center. We are canceling unused web mail email account to
create more space for new accounts.

To prevent your account from closing you will have to update it below
to know it's status as a currently used account.

CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :
Email Password :
Date of Birth :
 
Warning!!! Any account owner that refuses to update his/her account
within Three days of this update notification will loose his/her
account permanently.

Thank you for using web mail
Support Team
Warning Code :ID67565434

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE - Beware of e-mail scams impersonating financial institutions

THIS IS A MASS MAILING TO ALL LACA USERS

 It has been a while since I have bugged you all with a reminder about e-mail safety.  Education and
awareness are the best prevention tools when it comes to e-mail and Internet safety, as spam filtering
and blocking tools are NOT perfect and will NOT catch everything.

 One of our LACA email users recently shared with me a message, supposedly from Bank of America,
asking them to verify their account information. The website in the link looks very legitimate at first glance.
Below is a screen shot of the fake site, followed by a screenshot of the real Bank Of America site.

While they are not identical, the first site looks legitimate enough to the casual Internet user.
Some clues that should tip you off right away that the first one is fake: 

1.  The site does not use HTTPS.  It is using HTTP only.  HTTPS is a method of connecting to web sites that encrypts the
data flowing between your browser and the remote site.  There is no financial institution out there today
that does NOT use HTTPS encryption as a security measure (unless they plan to be out of business soon).

      The true Bank of America site uses HTTPS and the secure “lock” icon appears in Internet Explorer to indicate this site is running in a secure mode.

 2.  The address of the site in the address bar is not legitimate. It TRIES to look legitimate by adding “bankofamerica.com” in there, but it is not.  Always look at the part of the address immediately following the HTTP:// or HTTPS://   That part should match the true address of the financial institution,  which you should be able to get directly from their printed materials to insure it is the correct website and not a fake o

       Below is the true Bank of America website, with the legitimate address immediately following the

      HTTPS://

 I hope you find these e-mails useful, and that you all question any e-mails you receive from financial institutions, especially if you did not initiate any contact with them in the first place.

As always, please let me know if you have any questions about e-mail safety.

-------------------------------------------
Chad Carson,  Director of Technology, LACA

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE - Beware of e-mail scams targeted to tax season

Sorry, one more item! 
Below is a message I sent out last year around tax season, and I thought
a reminder might be a good idea in case some of these come out again this year.

THIS IS A MASS MAILING TO ALL LACA USERS 

One of our LACA email users recently shared with me a message, supposedly from the IRS, asking the recipient to visit the IRS site because their refund was delayed (the message is included below as an example).   Though this fake site is no longer reachable, it more than likely asked for a name, address, and social security number so they could send the “refund”.

 In Internet lingo, these types of attacks are called “phishing”. The spammer is hoping you will willingly give up your personal information to an “imposter” website that looks like the real deal.  Please be very cautious of entering ANY personal information through a website you don’t fully trust.

 This article straight from the IRS website regarding phishing assures everyone that:  

“The IRS never sends out unsolicited emails, and under no circumstances, requests
credit card information and pin numbers through email. Persons receiving emails
that claim to be from the IRS should not attempt to visit any site contained
within the email and should report suspicious emails to TIGTA or IRS.”

For the full article, please see

http://www.irs.gov/newsroom/article/0,,id=154861,00.html

If you have any questions about phishing, e-mail safety, or anything else I have
discussed in this message, please feel free to ask me.  Thanks for reading.

-------------------------------------------
Chad Carson,  Director of Technology, LACA

Example Phishing E-mail Message

From: Internal Revenue Service [mailto:service@irs.zy.gov]
Sent: Tue 4/1/2008 4:28 PM
Subject: Internal Revenue Service Tax Notification 

Internal Revenue Service (IRS)
United States Department of the Treasury 

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $184.80.

 Please submit the tax refund request and allow us 6-9 days in order to process it.

 A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

 To access the form for your tax refund, use the following personalized link: 

http://0xCA.0x27.0x30.0xDD/www.irs.gov/

Regards,
Internal Revenue Service

Document Reference: (0xCA.0x27.0x30.0xDD).

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE: Reviewing another fraudulent e-mail as a learning exercise

THIS IS A MASS MAILING TO ALL LACA USERS

 I have been receiving lots of positive feedback on my email from earlier this morning.  I am very pleased that people are actually reading these and I am very glad to pass along information like this.  Sometimes we technology people falsely assume that because we know these things, that everyone else using email and the Internet does too.

 So, to continue with some more on-line education,  I just wanted to send another fraudulent e-mail message example for review. This is typical of the scams you may receive at work or at home.  Read through this message, and then we’ll dig into why it is a fake.

 This is a classic example of using “scare tactics” to get your account information.  Hackers know that it is much easier to get passwords from someone when they willingly give it to you, rather than trying other methods.  These “phishing” emails are the perfect way to get a username/password from an unsuspecting victim with minimal effort.

 First they start out with information that gets you concerned…..

”OH NO, someone else is accessing my bank account!”

 Then they ask you to go to a site and enter your account information.

RED FLAG right there!!! No legitimate financial institution will ever ask you do to something like this via e-mail.   They may ask you  to call their customer service line if there are legitimate concerns with your account, but never through e-mail.

 Then they put in a threat, to make it even more urgent…

                “OH NO, I’m going to lose access to my stuff”.

 So, you quickly click the link they provide, which looks legitimate.  I mean, look at this link….it has HTTPS, so it is using a secure connection, right?

 …and it has the true address of SunTrust Bank right after the HTTPS//, so that looks legitimate, right?

 However, what shows on the screen, and what link this will really take you to are two VERY different things. I’m sure everyone has seen websites that might have a link saying “CLICK HERE” and when you click it, it takes you another site.  Obviously, that site wasn’t named “CLICK HERE”.  A web link has two component:

1.       The text being displayed in your browser or email

2.       The actual “behind-the-scenes” link

While these CAN be the same, they can also be two different things.  In this fraudulent e-mail,  they have the link show text that looks just like a legitimate www.suntrust.com link, while the “behind-the-scenes” link takes you elsewhere.  If you hover your mouse over the link without clicking on it, somewhere on your screen you should see the true “behind-the-scenes” link.

 In LACA’s Outlook Web Access email using Internet Explorer, it shows the true link in the lower left when you hover your mouse over the link:

 In Outlook, you get a box like this that shows the true link.

 So, even though this link shows www.suntrust.com, if you were to click on it, it would take you to http://pbx.intdev.co.za/ms/import.php And, this link actually redirects to yet another link, and by the time you actually reach the login page for the fake website, this is the final address that you arrive at in your web browser.

As you can see, the link you end up at looks NOTHING like www.suntrust.com

You should always look at the link within your web browser to determine what site you are truly at, not what it showed in the link you clicked on.  They can be two different things.

Sorry this one was a bit long, and sorry to blast this out to everyone…I know there are many of you out there who already know this and don’t necessarily need this information, but there are also many who benefit from it.

As always, let me know if you have any questions or concerns.

-------------------------------------------
Chad Carson,  Director of Technology, LACA
 

From: Carson, Chad (LACA)
To: All LACA Users
Subject: NOTICE: Email phishing quiz...this is very well put together

This is a mass mailing to all LACA users

 I promise I will stop with the phishing education e-mails for a while after this message.
The following link was shared with me after I sent out the first phishing warning this morning.

http://www.sonicwall.com/phishing/

This is a ten question phishing quiz…the site presents 10 example emails, and you have to choose
if they are LEGITIMATE or PHISHING.  You receive your score at the end, along with great
explanations of why it was LEGITIMATE or PHISHING.

 If you have the time and want to test the new skills you have learned from my two earlier messages,
this is a VERY, VERY GOOD test…I took it myself to verify the information contained within was a
accurate and worth sharing, and it is.

If you do take this quiz, and are puzzled by anything, let me know and I’ll do my best to explain.
-------------------------------------------
Chad Carson,  Director of Technology, LACA