Does Oracle really send security alerts from @oracle-mail.com that look like malware phishing attempts? Including vague language, admonitions to act immediately, and requiring you to click through to links where the link text is www.oracle.com, but the actual URL is not?
Reference:
--------------------------------------------------------------------------------------------------------
Dear Oracle Customer,
Security Alert CVE-2015-3456 ("Venom") was released on May 15th, 2015.
Due to the severity of CVE-2015-3456, Oracle strongly recommends applying the patches as soon as possible.
The
Advisory for Security Alert CVE-2015-3456 is the starting point for relevant information.
It includes links to other important documents that provide a list of affected products and the patch availability information.
Also, it is essential to review the Security Alert supporting documentation
referenced in the Advisory before applying patches, as this is where you can find important information.
Am I the only one paranoid enough to think this looks like an attempt to get you to download malware?
John Wade