October 24th, 2014

We have helped a few sites where staff have infected their computer *and* server files. This behavior MUST stop and you have the power.

Delete the message. If you are thoughtless enough to open the message, then do not click any links.

This behavior works to prevent issues, every time, no matter how evil and virulent the malware is.

Do you ever get messages with any of these subject lines? You know what to not do. Do not trust anything in your inbox, do not open these. Ignore them all, delete them all. If it is legitimate, someone will contact you in another way. This list is only a sample, Bad Guys use similar and clever techniques.

  • USPS - Your package is available for pickup ( Parcel 173145820507 )  
    USPS - Missed package delivery ("USPS Express Services" <[email protected]>)
    USPS - Missed package delivery  
    FW: Invoice
    ADP payroll: Account Charge Alert  
    ACH Notification ("ADP Payroll" <*>)
    ADP Reference #09903824430  
    Payroll Received by Intuit
    Important - attached form  
    FW: Last Month Remit
    McAfee Always On Protection Reactivation  
    Scanned Image from a Xerox WorkCentre
    Scan from a Xerox WorkCentre  
    scanned from Xerox
    Annual Form - Authorization to Use Privately Owned Vehicle on State Business  
    My resume  
    New Voicemail Message
    Voice Message from Unknown (675-685-3476)  
    Voice Message from Unknown Caller (344-846-4458)
    Important - New Outlook Settings  
    Scan Data
    FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]  
    Payment Advice - Advice Ref:[GB2198767]
    New contract agreement.  
    Important Notice - Incoming Money Transfer
    Notice of underreported income  Notice of unreported income - Last months reports
    Payment Overdue - Please respond  
    FW: Check copy
    Payroll Invoice  
    Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)  
    past due invoices
    FW: Case FH74D23GST58NQS  
    Symantec Endpoint Protection: Important System Update - requires immediate action



Posted by Jim Sherrill | Topic: Tips  | Category: Security
Medical Software Associates. 1021 McCallie Avenue. Chattanooga, TN 37403