The email resembled the organization’s own employee e-newsletter and asked recipients to visit a website to confirm that they wanted to continue receiving the newsletter. Another email carried an attachment that said it contained the marketing plan the recipient had requested at a recent conference. A third email bearing a colleague’s name suggested a useful website to visit.
None of these emails were what they pretended to be. The first directed victims to a website that asked for personal information, including the user’s password. The second included a virus that launched when the “marketing plan” was opened. The third directed users to a website that attempted to install a malicious program. (more…)