<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">The current wave of malicious phishing messages appear to come from known senders and include a link to a forged Google site. The subject line states that the known sender “has shared a document on Google Docs with you.”<o:p></o:p></p>
<p class="MsoNormal">Users that click on the link are prompted for their credentials, which allows the attackers to hijack additional mailboxes.<o:p></o:p></p>
<p class="MsoNormal">At MVECA our spam filters automatically began filtering these messages within a few minutes, so most users only received one to two of the messages, if any. Unfortunately, users at schools using Google mail may have received dozens or
more.<o:p></o:p></p>
<p class="MsoNormal">It is critical that end users understand that they must scrutinize all email, especially when messages contain links or attachments. Users that have clicked on the link and provided their credentials should contact their local support
resources immediately and should change their passwords if possible.<o:p></o:p></p>
<p class="MsoNormal">We would welcome additional information and observations from your technology support staff. If you have any additional information on this incident, please email me directly at
<a href="mailto:sage@mveca.org">sage@mveca.org</a>.<o:p></o:p></p>
<p class="MsoNormal">Thank you,<o:p></o:p></p>
<p class="MsoNormal">Thor<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thor Sage<o:p></o:p></p>
<p class="MsoNormal">Executive Director<o:p></o:p></p>
<p class="MsoNormal">Miami Valley Educational Computer Association<o:p></o:p></p>
<p class="MsoNormal">937-767-1468 x3101<o:p></o:p></p>
<p class="MsoNormal"><a href="http://www.mveca.org/"><span style="color:windowtext;text-decoration:none"><img border="0" width="174" height="64" id="Picture_x0020_1" src="cid:image001.jpg@01D2C42D.EF2D6DF0" alt="http://www.mveca.org/images/logo.gif"></span></a><o:p></o:p></p>
<p class="MsoNormal"><i>Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></i></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>