From: Hanna, Kathy (COT)
Sent: Friday, February 16, 2007 11:01 AM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; COT Commonwealth Technology Council
Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; SecurityContacts Group
Subject: COT Security Alert - Phising Attempts
COT Security Alert
COT has seen evidence of phishing emails being received in the Commonwealth’s network. These emails appear to be from legitimate sources, like the Bank of America. Be advised that these are phishing attempts. As with any unsolicited or unknown emails, do not open or respond to the emails. For an example of the email, see below:
Dear Bank of America Customer
Due to the number of incorrect login attempts, your Bank of America Online Banking Account has been locked for your security on 02/15/2007. You must reset your Passcode before you can enter Online Banking. You can reset your Passcode just with one click on the link below.
At Bank of America we care about your security so, for your protection we are proactively notifying you of this activity.
Want to confirm this email is from Bank of America? Log in to Online Banking, select Manage Alerts and Alerts History to view all alerts sent from Bank of America. Your Alerts History is updated every 2 hours.
COT asks that you do not open these emails or click on any links contained in them. If you must open unknown or unsolicited emails as part of your job, be cautious in clicking any links or providing any confidential or personal information unless you can confirm the authenticity of the email and the link.
COT offers the following tips to avoid phishing scams:
• If you receive an urgent email or popup message asking for personal or financial information, be suspicious. Do not reply or click on the link in the message. Legitimate businesses usually do not ask for sensitive information via email. If you are concerned about your account, contact the business by telephone using a number you know to be genuine.
• Delete any unwanted emails. Do not ask to be removed from unsolicited emails from unknown companies using the "Opt-Out" feature provided. Your response only validates your email address, and further spam is likely to follow.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them to you.
• Ensure that your browser is up to date and up to date security patches applied. Use anti-virus software and keep it current. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a personal firewall can protect you from inadvertently accepting such unwanted files.
If you feel you have been infected or have compromised information, contact your agency’s technical staff. Please delete these emails. If you feel you have been a victim of a phishing scam or have comprised data, contact your agency’s technical staff. For any questions or further information, contact COT Security Services ISS, COTSecurityServicesISS@ky.gov.
NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.