See if your Marketing, PR and Compliance officers have a problem with something like this:
Dear <member>, Thank you for contacting <Credit Union> with this matter. As you probably know, any unusual activity associated with a financial institution website could be a serious matter and should be reported promptly. We at <credit Union> are committed to keeping your personal and financial information secure. We have analyzed your issue and have come up with the following conclusions which we at <credit Union> believe you should consider carefully as your private financial information may be at risk. 1) After numerous checks from various locations both inside and outside the Credit Union, we have determined that no system within the Credit Union is redirecting your web browser to <redirected URL>. 2) The most likely causes for your inappropriate redirect fall into two categories: a) Your browser cache is corrupted and needs to be cleared. Please follow the instructions at <trusted link to directions> to clear your cache. b) The computer you are using is infected with some sort of malware. If clearing your browser cache in the step above did not solve your problem, please consult with a trusted IT expert to determine the best way to identify and remove the infection. 3) If your computer is indeed infected with malware, it may be possible for a hacker to have collected your login information for our site as well as others. We Strongly urge you to contact all the financial institutions which you may have visited from your computer since the infection began and change the passwords to your accounts. We recommend that this be done as soon as possible via phone or in person or from a PC known to be secure. If you have any questions at all, please contact our help desk at <help desk number> and we will be happy to help you evaluate your options. Bill -----Original Message----- From: David McSpadden [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 10:07 AM To: NT System Admin Issues Subject: RE: Odd Redirects Fiddler .... Thanks for that. Looks like I will have to try and explain DNS poisoning to a user that believes my sites has been hijacked and all his personnel financial information is being leaked all over the Internet. I don't have the heart to tell him that my site has not been jacked but his personnel financial information is most likely being leaked all over the Internet, but by his PC not my website. -----Original Message----- From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 1:04 PM To: NT System Admin Issues Subject: RE: Odd Redirects Here is what I see from Fiddler on the url stream getting to that site. All http /1.1 with 200 Error codes except for http://www.imcu.org/includes/images/1p.gif which popped a 404 not found. NO redirects seen to the malicious site, which seems to look like dns poisoning on your end. Check dns, and check ya host files, and check another from another computer than doesn't have BHO's in IE. Z http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False http://www.imcu.org/css/imcu_text_link_styles.css http://www.imcu.org/SpryAssets/SpryTabbedPanels.js http://www.imcu.org/SpryAssets/SpryTabbedPanels.css http://www.imcu.org/images/bg_leftside.jpg http://www.imcu.org/images/1p.gif http://www.imcu.org/images/header-a.jpg http://www.imcu.org/images/small_promo_homeloans.jpg http://www.imcu.org/images/small_promo_auto_center.jpg http://www.netit.financial-net.com:443 http://www.imcu.org/images/BG-logon2.jpg http://www.imcu.org/ContentImageHandler.ashx?imageId=7144 http://www.imcu.org/images/title_latest_news.gif http://www.imcu.org/images/title_rate_check.gif http://www.imcu.org/ContentImageHandler.ashx?imageId=3571 http://www.imcu.org/ContentImageHandler.ashx?imageId=3787 http://www.imcu.org/images/small_promo_deposit_services.jpg http://www.imcu.org/includes/images/1p.gif http://www.netit.financial-net.com:443 http://www.netit.financial-net.com:443 http://www.imcu.org/images/logo-ncua.jpg http://www.imcu.org/images/logo-eq-housing.jpg http://www.imcu.org/images/bg_rightside.jpg http://www.imcu.org/images/red_texture.gif http://www.imcu.org/images/nav.jpg Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 1:00 PM To: NT System Admin Issues Subject: Re: Odd Redirects A walk-through? -- ME2 On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]> wrote: > How do I explain that to joe user? > > > > ________________________________ > > From: Sean Rector [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2008 12:40 PM > To: NT System Admin Issues > Subject: RE: Odd Redirects > > > > Check 4 hosts file? DNS poisoning... > > > > Sean Rector, MCSE > > > > From: David McSpadden [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2008 12:27 PM > To: NT System Admin Issues > Subject: Odd Redirects > > > > I have a customer that is trying to get to www.imcu.org. They are getting > redirected to www.manta.com. > > If the go to www.imcu.com they are fine. I can get to both .org and .com > with no issues. > > What is redirecting them to manta.com? What can I tell them to do to stop > this behavior? > > So far I have told them to delete temporary files and cookies as well as > ipconfig /flushdns but what > > is the real problem with their pc??? > > > > > > > > > > Data Security is everyone's responsibility. > > > > > > > > > > Information Technology Manager > Virginia Opera Association > > E-Mail: [EMAIL PROTECTED] > Phone: (757) 213-4548 (direct line) > {*} > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~