The tl;dr summary for those with short attention spans –┬áDon’t open the attachment, be quick to delete anything you’re not sure about, and if you want to help in the fight against phishing, report it using the guidelines I’ve outlined below. I received a pretty awesome phishing email today. It included a significant attachment that I’m looking forward to analyzing at a later date. Since it will take me a while before I’ve got the time to run the analysis, I decided I wanted to forward it around to the appropriate organizations to ensure that they take some time and analyze it and make sure other individuals can be protected from it. It turns out that there are more places[…]

The internet is full of unsavory characters who want to steal your personal information and/or money. This has been widely accepted for quite some time. Recently, some good articles have appeared online regarding what to do if you think you’re being scammed, especially by pop-up ads that look like anti-virus software (http://www.fbi.gov/pressrel/pressrel09/popup121109.htm, http://voices.washingtonpost.com/securityfix/2009/09/what_to_do_when_rogue_anti-vir.html). While these articles focus on what to do if you’re hit with such an attack, I’d like to present a few rules of thumb that I use whenever I see any type of message that looks suspicious, whether it is from a pop-up ad, e-mail or letter that purports to be from my bank, or even an unexpected phone call from someone claiming to be from a[…]