In the last couple of days I have gotten three of these, purporting to be from Bank of America, Chase and Suntrust, wanting me to log into my "account" because it has been "frozen" due to "unusual activity." They look authentic at a very quick glance because of the company logos, but look closer and there are sentence structure and spelling errors. The e-mail address from which they were sent is not even that of the companies. When you put your cursor over the link (which is the entire body of the e-mail, don't click on it!), the URL comes up as owl.li. Another dead giveaway is that I closed my Suntrust account nine months ago and have never had a B of A account at all. I do have a credit card with Chase. If you get anything like this, delete it on sight.

Any institution like bank, financial company, insurance whatever, just read the headline then delete, never clink on a link.

My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.

The same goes to those robo calls. If anyone of importance needs you, then will find you another way.

Should you ever want to verify the issue, log on your normal way, call your numbers, or visit the bank locally.

My email service is fastmail.com. It has a filter that puts such emails into a spam folder. It’s very accurate – seldom fails to recognize spam as such, and seldom puts legit emails into the spam folder.

Excellent service in all other ways too. $20/year for my service level, I’ve used it exclusively since 2001.

I seem to get at least one a week, either about my SunTrust Account, my Wells Fargo
Account or my BoA account.

I kinda worry that they might be authentic and they might really close my account.

Ohhh, but wait...I don't have an account at any of those places.

Bob

quote:

Originally posted by sourdough44:
My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.

The company I work for also does these traps but all you get is an email that let's you know it was a trap and goes over a few tips. If you never fall in a trap, you either get to take a shorten annual security training or skip the training. If you fail some number of traps you have to retake the full course.

The traps seem to come when we are all super busy - in an effort to make sure we stay vigilant.

I was pretty annoyed with the whole process until recently. I got a really well disguised phishing email on my personal account - stuff I learned in the corporate training probably saved my butt (and my personal computer).

Sorry for the thread drift but I thought this was funny.

A friend that works for a national company (probably 20,000+ employees) said an email came in right at peak season and late in the day. Someone (who was not in the IT group), sent an email to EVERYONE (in the US and Canada) saying that particular email was probably a phishing email and "do not click on the link." By forwarding the email - with all active links - that person now ensured EVERYONE was exposed to the threat.

My friend said that about four people replied to the email. You guessed it - they used "reply all" AND again the active links were included in those 4 emails.

My friend did a reply all and suggested everyone stop circulating the email and that he knew IT was working on the issue. (He did remove the links before he sent his email.)

The folks that re-circulated the emails were professionals with significant degrees and many years of experience.... not one of the 5 contacted IT. (My friend contacted IT and they blocked the link on all company machines.)

quote:

Originally posted by SR:

quote:

Originally posted by sourdough44:
My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.

The company I work for also does these traps but all you get is an email that let's you know it was a trap and goes over a few tips. If you never fall in a trap, you either get to take a shorten annual security training or skip the training. If you fail some number of traps you have to retake the full course.

The traps seem to come when we are all super busy - in an effort to make sure we stay vigilant.

I was pretty annoyed with the whole process until recently. I got a really well disguised phishing email on my personal account - stuff I learned in the corporate training probably saved my butt (and my personal computer).

We started out with the friendly, informative mock phishing e-mails, but have moved into the punishment mode and even worse my employer’s IT has gotten downright evil in their mock phishing. I got nailed earlier this year but listen to this bullshit. The nearest emergency exit was temporarily closed because the window washers were washing directly above it (multistory building). Soon after building services e-mail went out, the IT asshole who does mock phishing (located is in my building) sends out a separate e-mail with a link to a temporary emergency egress floor plan. I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).

quote:

I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).

^^^^
I do not think I could have ever lasted in the corporate world with that kind of foolishness. Being self employed at times is difficult and challenging, but not in that stupid kind of a way. Reminds me of a Catholic boarding school.

quote:

Originally posted by tatortodd:
…. and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).

Your guy sounds like a handful. Have you asked your boss if others are having similar challenges (is the naughty list full of names)? Maybe your boss has a suggested approach that would help.

Also, can you send suspected phishing emails to IT and have them check them? If yes, flood the guy with every marketing spam email you get.

We click two buttons and the email is routed to IT to be checked.

So I'm clear, I don't try to flood our IT group. But maybe you would want to flood your guy.

Based on your questions, you're thinking of a much smaller company. My boss only gets an e-mail when one of his direct reports fails a mock phishing attack (i.e. he wouldn't see the actual list).

As far as clicking to report suspected spam, one button brings up a window where you're asked why you're submitting and a few radio buttons such as whether or not you clicked the link/attachment. After clicking the submit button you hear back at some random, unpredictable time period.

Trust me, I report every unexpected external e-mail that our spam filter doesn't quarantine. One reason is I've received some very good actual phishing attempts including a vendor hacked and supposedly someone I worked with several years prior sent an e-mail with an attachment. It looked odd so I reported it and sure enough the attachment was malware.

quote:

Originally posted by tatortodd:
I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).

WTF?!

That's like 5 years ago in terms of what companies do. How about the company do something instead of playing games with its employees.

One company I worked for (which I think is a better strategy) is that emails that come from outside are marked on the subject as being from an external source as a warning.

After a break of a couple of days I got another one yesterday, this one from "US Bank." Again, no account with them. As for those of you whose employers play chickenshit mind-fuck games with you, I'm glad I don't have your jobs.