This week, it's IT administrators that are specifically targeted with a phishing attack. The bad guys know very well that the most powerful weapons are administrator's credentials, as those really are the keys to the kingdom. So, what they are using is the instantly famous report that Mandiant wrote about the Chinese military hacking into 141 mostly U.S. businesses. An infected PDF version of the original report, titled "APT1: Exposing One of China's Cyber Espionage Units, is now being used as spear phishing bait to get IT people to open it up using two fake names: Mandiant.pdf and Mandiant_APT2_Report.pdf The infected document leverages a just-patched hole in Adobe Reader and was first spotted in Asia. Keep your eyes peeled for it hitting your own inbox. In the meantime, the actual report is fascinating reading, and you can find it here at the Mandiant website: http://intelreport.mandiant.com/.

Source: Cyberheist News,  www.knowbe4.com

Note: links to third party sites are provided for your convenience.  Bank of Ann Arbor does not control their content.

Our website will experience a brief period of outage beginning at midnight December 24 through 2am December 25 as our server undergoes regularly scheduled maintenance that will help us continue to provide you with the best service possible.

During this time, you will not be able to access www.boaa.com or www.bankofannarbor.com, but you can access your accounts directly through the links below.  Please copy and paste them somewhere convenient so that you can still access your account information during this short down time:

Personal Banking:

https://web6.secureinternetbank.com/pbi_pbi1961/pbi1961.ashx?Rt=072413735&LogOnBy=connect3&PRMACCESS=Account

Business Banking:

https://web6.secureinternetbank.com/ebc_ebc1961/ebc1961.ashx?wci=process&wce=request&rid=3000&rtn=072413735&rt=072413735&mfa=2

Please contact us at 734-662-1600 if you have any questions or concerns.  Thank you for your patience.

The Internet Crime Complaint Center (IC3) has recently received reports regarding a scam that baits individuals into intimate online conversations and then extorting them for financial gain. The scam was initiated after the victims met someone online, such as on a dating site, and were asked to connect via a specific online social network. Shortly after, the conversations became sexual in nature. Later, victims received text messages, either containing their names, asking if it was them or containing a statement that indicated their names were posted on a particular website. The victims were provided a link to a page on the website that claimed they were a “cheater.” Photos of the victims and their telephone numbers were also posted. There was an option to view and buy the posted conversations for $9. Victims were also given the option to have their names and conversations removed for $99. Some were even told that once the payment was made, the information would be removed within an hour and the website would not allow anyone to post anything pertaining to the victims’ names again. However, reports do not indicate that the information was ever removed.