Tuesday, April 28, 2009

Unsolicited E-mail Containing Security Advice

body-logo[1] Here’s one for the what-were-they-thinking files.

I recently received an e-mail from a vendor that I’ve never heard of and with whom I’ve never done business:

From: "USA.NET" <news@info.usa.net>

To: <***.***@***.edu>

Date: 3/6/2009 11:28 AM

Subject: Weekly Security Update

Another wave of scam emails are circulating disguised as warnings from the U.S. Federal Reserve Bank. They lead to a fraudulent website that installs phishing/malware software or a Trojan virus that will send out critical information such as user names, passwords, or file contents of sensitive documents.

Always use best security practices when reviewing your email and do not open any email attachments from unknown senders.

http://info.usa.net/ct.html?rtr=on&s=eanw,***,***,****,*****,***,vn

To unsubscribe, send an email to: unsubscribe-15386@up0.net with the address: ***.***@***.edu in the subject line.

An unsolicited e-mail from an unknown sender advising me not to click on attachments in e-mails from unknown senders? The e-mail contains a link however, which presumably I’m supposed to follow. That’s amusing. According to this vendor, links must be safe, whereas attachments are not. The subject is generic, and there is no indicator that the sender knows who I am.

This really is indistinguishable from a phishing attempt.

2 comments:

  1. At least they didn't send it as a Word attachment.

    ReplyDelete
  2. That would have been amusing.

    I'm not sure if they think they are a security company, like their logo implies, or SaaS vendor, or a a mass mailer.

    Or perhaps they strive to be all of the above.

    ReplyDelete