Immediately after release of the patch in question and prior to exploit code being released into the wild, along with most other major providers, XMission has patched its servers for this serious issue on both its primary nameservers as well as its dedicated resolvers.

Obviously, we find emails like this incredibly frustrating. Spam has cost us tremendously in time, money, and network resources, and forces our customers to feel increasingly suspicious of anything in their inbox. Like you, we have all received spam from companies claiming to be eBay, PayPal, our credit union, or even the IRS. Even though XMission successfully filters out the majority of phishing spam, be aware that some still does squeak through.

Many of these emails ask the user to enter information using a fake web address, while others request information via email directly. Spammers send out large numbers of emails betting on the odds that someone with a legitimate account will respond. Usually these emails have an urgent tone or even threaten penalty, suspension, or account closure.

Because of the volume and persistence of this threat, we wanted to share a few reminders from the Federal Trade Commission:

1. Simply do not reply. If you have concerns about an account, pick up the phone and call the business, or bring up a fresh browser and contact them directly using their website. No legitimate business will ask you for personal information over email.
2. Scammers can fake anything including “from” addresses, logos, websites, and phone numbers. Even if an email includes a local phone, donít take it at face value. Call the company using a legitimate number from a trusted source.
3. Update anti-virus and anti-spyware software regularly. Always use a firewall if you have a high-speed Internet connection.
4. Do not use insecure websites. Always confirm the security certificates of secure websites.
5. Review credit card and bank statements as soon as you receive them.
6. Even if you receive an email from a trusted source, be cautious about opening attachments or downloading files.
7. Report phishing emails to XMission (abuse@xmission.com), the FTC (spam@uce.gov), and to the legitimate company being spoofed.
8. If you have had your information compromised, report it immediately to the FTC, and then visit the identity theft website at: http://www.consumer.gov/idtheft.

http://www.ftc.gov/bcp/edu/microsites/idtheft/

Using this site, consumers can learn how to avoid identity theft, and find out what to do if their identity is stolen.  Businesses can receive information about helping their customers prevent and cope with identity theft. This site also includes resources for law enforcement to help victims of identity theft.