Tag Archives: phishing

Block Javascript in Adobe Acrobat

Simple how-to instructions for blocking Javascript in Adobe Acrobat Reader in Windows, Linux, and Mac systems.

Reducing the attack surface in Adobe reader is an important step in reducing malware attacks. The vast majority of all PDFs do not contain Javascript, but Javascript-embedded PDF files is a well known method used to attempt to compromise end user systems. This can occur in phishing scams where e-mail messages contain infected PDF files, or links point to infected PDF files hosted on web sites.

Adobe Reader on Mac. Click for full size image.

Here is how to block Javascript in Adobe Acrobat 10 for Mac. Go to Acrobat > Preferences > Javascript and uncheck Enable Acrobat Javascript.  Then click OK.

Similarly, in Adobe Reader X on Windows, go to Edit > Preferences > Javascript and uncheck the Enable Acrobat Javascript, then click OK.

Likewise, for Adobe Reader 9 on Linux, go to File > Properties > Javascript and uncheck Enable Acrobat Javascript, then click OK.

Adobe Reader on windows. Click for full size image.

Click the thumbnails to view screen shots for Mac, Windows, and Linux.

Adobe Reader in Linux. Click for full size image.

ETrade: phishing or not?

Bookmark This (opens in new window)

Financial institutions are very in tune with the phishing threat and how it can damage their brand.

Or are they?

I received this e-mail from ETrade yesterday.  I’m a security expert and I recognize spam and phishing. I had to look this one over a few times to distinguish whether it was real or not.

This isn’t helping customers. Instead, it’s training them to respond to *real* phishing mail by making phishing and real messages indistinguishable.

Here is the spam – um, I mean, e-mail:

* * *

Special Pricing Expiration Notification

Your discounted commissions on stock and options trades will expire in 7 days.

You can still get extraordinary value when you trade with E*TRADE. We customize our commissions(1), making it easy to qualify for our best pricing.

If you have any questions, please call 1-800-ETRADE-1 (1-800-387-2331) or log on to your account at http://www.etrade.com and contact us through the Help Center.

View our current commission schedule (https://us.etrade.com/e/t/estation/pricing?id=1206010000)

PLEASE READ THE IMPORTANT DISCLOSURES BELOW

1. For details and additional information about our trading commissions and options contract fees, please visit http://www.etrade.com/commissions.

(c) 2007 E*TRADE Securities LLC, Member NASD/SIPC (http://www.sipc.org). All rights reserved. The information contained in this Smart Alert does not constitute a recommendation by E*TRADE Securities, and is subject to the Smart Alerts Terms and Conditions (https://us.etrade.com/e/t/estation/help?id=1209038000) and the E*TRADE Securities Customer Agreement (https://us.etrade.com/e/t/estation/help?id=1209031000). We cannot respond to e-mails sent to this mailbox. If you have questions, please contact us through the Help Center (https://us.etrade.com/e/t/estation/help?id=1203000000).

ETrade teaching its customers to respond to phishing scams

ETrade is teaching its users to respond to phishing scams. I am an ETrade customer, and last week they sent me the message below.

ETrade isn’t helping its customers by sending messages like this, because it makes it all the more difficult for customers to distinguish genuine messages from phony ones.

* * *

Thu Mar 13 14:48:00 2008 – Account Service Fee
Dear PETER ,

Account #: XXXX-nnnn

On 03/26/08, your E*TRADE Securities account will be charged a $40 Account Service Fee (ASF) (https://us.etrade.com/e/t/estation/pricing?id=XXXXXXXX).
If your account does not have enough funds to pay for the fee, E*TRADE Securities may sell securities in your account to cover the charge.
If you have questions about your account, call 1-800-ETRADE-1 (1-800-387-2331) or send a secure e-mail through the Help Center (https://us.etrade.com/e/t/estation/help?id=1203000000). (To call from outside of the U.S., dial +1-678-624-6210).
Learn how to avoid incurring an Account Service Fee (https://us.etrade.com/e/t/estation/pricing?id=XXXXXXX)

Review all the ways you can deposit money (https://us.etrade.com/e/t/estation/help?id=XXXXXXXXXXX)
PLEASE READ THE IMPORTANT DISCLOSURES BELOW
The E*TRADE FINANCIAL family of companies provides financial services that include trading, investing, cash management, and lending.
Securities products and services are offered by E*TRADE Securities LLC, Member FINRA(http://www.finra.org/)/SIPC(http://www.sipc.org/).

(c) 2008 E*TRADE FINANCIAL Corp. All rights reserved. The information contained in this Smart Alert is subject to the Smart Alerts Terms and Conditions (https://us.etrade.com/e/t/estation/help?id=XXXXXXXX). We cannot respond to e-mails sent to this mailbox. If you have questions, please contact us through the Online Service Center (https://us.etrade.com/e/t/accounts/servicecenterhome).

* * *