Loading ...

Category: Email

Warning: Explicit SPAM Messages

Explicit Spam Message

Explicit Spam Message

Here are a couple recent SPAM emails that were received by clients and myself. They are explicit in nature but they a good lesson about the scare tactics of SPAMMERS. The first message seems to be the better SPAM message as it has better English and is even tries to be humorous, while the second is more direct and extortionary. Time to dissect these messages.

SPAM Message #1

  • Password – This message starts by stating that it knows your password. How can this be? There have been several information breaches from the government, retailers, healthcare, etc over the past couple of years. The majority of these breaches are eventually posted online with emails and passwords – hence the reason Farmhouse Networking has started offering Dark Web scanning and advises passwords be changed often.
  • Remote Access – The SPAMMER then goes on to provide a detailed explanation of how they got into the computer. It sounds convincing but deeper analysis by someone who is in the IT Security industry would reveal that their explanation is flawed. To do what they proposed would take several different exploits of various portions of the computer and would likely take longer than video would be playing.
  • Contacts – For their “computer software” to get contacts from all these various sources would require that the password mentioned earlier in the email be the same for all these services. It is recommended by Farmhouse Networking that different passwords be used for each service so that if one is compromised then the rest are not in jeopardy. It might be asked how to keep track and the answer is a password keeping software like LastPass.

 

SPAM Message #2

  • Threats – The message starts immediately with the intimidating remarks and threats. It may be true that alerting the authorities will not bring any immediate assistance, but if we are all upstanding citizens then there is nothing to worry about their threats. It is always good to submit these messages to the authorities (FBI) for analysis so they can take these guys down over time. I do find it sad that this SPAMMER did not take the time to explain how they gained access to my computer.
  • Webcam – It is very possible that if your computer is infected properly that the hacker could gain access to your webcam, but again if we are upstanding citizens and don’t do anything inappropriate in front of our computers then there is nothing to worry about here.
  • Bitcoin – The demands continue with a sense of expediency in the matter giving only 28 hours before the big reveal. This particular SPAMMER either knows the value of the first SPAMMERS creativity in producing a video or are selling themselves short at the $400 ransom in Bitcoin. Finally, they even try to give a bit of legitimacy to their claim by stating that they can send the video to a partial list of contacts.

If your company is interested in Dark Web Scanning for on-going breach protection or worried about SPAM, then contact us for assistance.

Is this really SPAM?

Thought that I would share a recently received new SPAM email variant that could easily be overlooked and possibly be a scammer looking to take your money. This one is strange to me and I wanted to share my insites.

Starting from the Top

Look closely at the From portion of the email:

This email is from a legitimate email marketing firm called AWeber. The SPAMMER is actually using a website designed to help bypass SPAM filtering to deliver mail. There is also the fact that the email is form someone that I don’t do business with. Always fight the urge to look at things that are not yours.

Stick to the Subject

Now to take a look at the Subject line of the email:

The email marketing firm this SPAM is sent from is required that you confirm someone who is joining your email campaign. Guess I would have to agree to be scammed by this person.

And now the rest…

The final thing that caught my eye was the title of the email campaign in the email:

The enticing title “Clickbank – 30k project” sounded interesting. By clicking on the button I would confirm my existence as a real person and would likely kick off a communication from someone who is likely an “African Prince” with a money making opportunity. Hope this little tutorial helps you detect other phishing attempts in the future.

If your company is having trouble with SPAM or phishing, then contact us for assistance.

ESET Antivirus Troubles

Eset Antivirus - Grants Pass, OR

Working with a webhost to tighten their security settings to get PCI compliant. In doing so we ended up breaking many of their clients email access by turning off SSLv3 and TLSv1.0. I was given the task of helping all the clients fix this issue (see seperate blog post for the fix). One in particular ended up not having issues beyond the normal problems with TLS and it turned out being ESET Antivirus. Here is the story:

Unable to Access Website:

The client first mentioned that they could not access a particular website that they needed to submit government paperwork. The error was related to the certificate being out of date. I checked the site on my own computer and it came up just fine, so looked at their certificate and it was current with plenty of time left before expiring. Cleared the cache and all the normal troubleshooting steps to no avail, so had to dig deeper. Remembered that some antivirus programs scan HTTPS traffic by putting their own certificate in place of the actual certificate from the site. Looked inside ESET Antivirus and found the culprit. Under Internet Protection > Web Access Protection I turned off the HTTPS Scanner. Restarted the browser and was able to surf to the site without issues.

Hidden Messages Stuck in Outlook Outbox:

The client then mentioned that some messages weren’t sending, so looked into it and found a couple messages that were 2MB+ which I told them were too large to send. We got rid of those but then messages were still stuck but were now hidden from view. I used the typical fix for read receipts that are hidden using the MFCMAPI tool but found nothing there. Tried removing the account and re-adding it to Outlook. After the clients 8,000+ emails downloaded via IMAP the same problem began occurring again. Remembering the issues with ESET Antivirus web filtering, I decided to take a look at that again. Under Internet Protection > Email client protection I turned off all the Email Clients, Email Protocols, and Antispam Protection. Restarted Outlook and the problem persisted. Had to remove the account and re-add it to Outlook. After the clients 8,000+ emails downloaded via IMAP the problem was fixed.

All that being said, these kinds of problems are another reason that I recommend Webroot to my clients for their antivirus protection. I prefer to have the Website filtering happen at the DNS level via a company like DNSFilter.com and the SPAM / Email filtering to happen via the email provider or an email protection service like Mailprotector.com.

If your company is interested in using a real layered approach to security not just putting a software band-aid on it, then contact us for assistance.

Got everything backed up? You sure?

SaaS Protection - Grants Pass, ORAs companies increasingly move data into cloud-based applications, many administrators think traditional best practices such as data backup are outdated. After all, a Software-as-a-Service (SaaS) application is always available, accessible from anywhere, and highly redundant, so why is backup necessary?

1 in 3 companies report losing data stored in cloud-based applications. That means the permanent deletion of potentially hundreds of work hours.

The truth is that even data in cloud-based applications are vulnerable to:

  • Malware damage or ransomware attacks
  • Accidental end-user deletion
  • Malicious end-user activity
  • Operational errors such as accidental data overwrites
  • Lost data due to canceled user account subscriptions
  • Misconfigured application workflows

Datto SaaS Protection won’t let your critical data slip through the cracks. Engineered to be the leading, one stop shop for cloud-to-cloud SaaS application backup, SaaS Protection gives you consistently reliable granular backups, quick and easy restores and exports, secured data for compliance and regulatory needs, and world-class 24/7/365 support.

SaaS Protection Supports the Following Applications:

G-Suite – Protect emails, documents, calendars, sites, and contacts in Google’s G Suite.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure G-Suite data is secure, easily recoverable, and protected:

  • Automatic 3X daily backups of Google Mail, Drive, Calendar, Contacts, and Sites data
  • SOC2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both in transit and at rest in the Datto Cloud
  • Advanced internal controls
  • Data controls and monitoring, including audit logs, uptime and availability SLAs, and export capabilities
  • Regular vulnerability management and testing

SaaS Protection saves you and your team time and stress with search filters that quickly locate backed up files and folders.. even if users can’t remember what they called them.

  • Easily track deleted items
  • Locate and browse any previous versions of documents
  • Lighten the help desk load: SaaS Protection lets users access their own backups

Office 365 – Protect Exchange Online, SharePoint Online, OneDrive, Contacts, and Calendars in Office 365.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure Office 365 data is secure, easily recoverable, and protected.

  • Microsoft Exchange, OneDrive, SharePoint, Calendar and Contacts are automatically backed up 3X a day
  • SOC 2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both at rest and in transit
  • Data controls and monitoring tools, including audit logs, uptime and availability SLAs, and export capabilities

SaaS Protection saves your team time and stress with robust search filters that make it easy to quickly locate backed up files and folders.

  • Manage backups, view restores, and monitor activity across all of your customers from an easy-to-use dashboard
  • Zero in on emails, contacts, individual files and entire folders with our search function
  • Restore files directly to a user’s account or download them directly

If your company is G-Suite or Office 365 and want a complete disaster recovery solution, then contact us for assistance.

New Phishing Email Variant

Thought that I would share a recently received new phishing email variant that could easily be overlooked and possibly cause damage to your network. The email appears to have come from Dropbox as a user sharing a folder with me, but a closer look shows many obvious signs that the email is a fake.

Starting from the Top

Look closely at the From portion of the email:

The lettering is actually another language where the font makes it look like English lettering. There is also the fact that the email is form someone that I don’t do business with. Always fight the urge to look at things that are not yours.

Stick to the Subject

Now to take a look at the Subject line of the email:

This has different lettering but it is again a different language used to look like English lettering.

And now the rest…

The final thing that caught my eye was the “button” in the middle of the email:

It actually looked fuzzy. It turns out the entire body of the email is a single image that is a link to their malicious site. Clicking anywhere in the body of the email would send you on your way to infection or account compromise. Hope this little tutorial helps you detect other phishing attempts in the future.

If your company is having trouble with SPAM or phishing, then contact us for assistance.

Is Email Down Again?

Email Down

While troubleshooting an email encryption issue after a WHM / cPanel web server migration, my thoughts turned to email down time and what it is worth to a small business. This is the core concept behind business continuity – “Business continuity encompasses planning and preparation to ensure that an organization can continue to operate in case of serious incidents or disasters and is able to recover to an operational state within a reasonably short period.” (Wikipedia) The best way to recover from a disaster is to have planned in advance for the eventuality and have systems in place that provide redundancy when the incident occurs. When it comes to business email continuity only one name comes to mind:

Microsoft Office 365

Guaranteed UptimeMicrosoft provides a Service Level Agreement (SLA) that financially backs their services based on a guaranteed amount of uptime per month. If service is down for more than 45 minutes (99.9% uptime) in a month then a 25% credit will be given, if service is down for more than 7 hours (99% uptime) in a month then a 50% credit will be given, and if for some reason they are down for more than 36 hours (95% uptime) in a month then a 100% credit will be given. Considering the literal billions of users of their products, having to give away credits for downtime would seriously cost Microsoft so it is in their favor to keep the services flowing.

Geographic Redundancy – Microsoft has Office 365 data copied to servers in no less than 8 datacenters around the United States including one nearby in Washington. This means that a hardware failure or lost data in one center will not effect the other 7 datacenters – email will continue to be routed through the others until services can be restored to the one. With redundancy like that there should be no worries about downtime or data loss.

Unparalleled Support – Office 365 email is running on Microsoft Exchange being administered and supported by the people who created it. There is nothing like going to the creator of something to talk to them when there is a problem. They have the breadth of experience that comes from using their own products for the past 20 years. This level of knowledge is unparalleled in the industry and it shows in the quality of service and support that is received. 

If your company needs the best in class reliability and service that comes from switching to Office 365, then contact us for assistance.

Xerox Scan to Email G-Suite (Fix Error 017-714)

Recently had trouble getting a Xerox VersaLink C7025 multifunction printer to Scan to Email correctly and found a couple solutions to the problem that I wanted to share. It all started when I configured the SMTP settings for the scanner to use G-Suite to send emails using the following article – “Send email from a printer, scanner, or app” but got the error 017-714 report from the printer. Did some searching online and found the following answer:

Using Google Insecure SMTP Server

As per the same article, the multifunction will work by using the following settings:

  • Device Email: clients scanner email address
  • SMTP Server: aspmx.l.google.com
  • Outgoing Port: 25
  • Connection Security: None
  • SMTP AUTH: None

This is great if the client wants the scans emailed only to people in their own domain. This will not allow sending to anyone outside their domain, which was not what this client wanted, so I contacted Xerox support and worked my way up to Level to support who pointed me to the following more secure answer:

Using Google Secure SMTP Server

The first thing to do is to make sure that Less Secure Apps setting is allowed for the Device Email account. This can be checked at – https://www.google.com/settings/security/lesssecureapps  but you might find that it has to be changed in the G-Suite Admin Console (disabled by default on all accounts). Once logged into https://admin.google.com,  click on Security then on Basic. Choose the option to allow each user to chose their own setting then go back to the less secure app setting page and change to allow for only that account. Now the multifunction can be configured as follows:

Xerox Scan to Email G-Suite

If your company has software that needs to be automatically updated or would like to sign-up for remote monitoring and maintenance, then contact us for assistance.

Received Hacker Email

Hacker Email

Here is a recent email that I received from a “hacker” that was threatening to expose some secrets. It was an obvious fake email, but I wanted to take the time to educate on how to know a fake when you receive one:

Hacker Email Exposed

Strange Email Address: This email comes from “auf@cesco.com.br” which is an address unknown to me and the domain itself ends in BR which stands for Brazil which again I don’t do business in Brazil so why would someone from there be emailing me.

Poor English: It starts out with the over-friendly greeting and continues with “I hack your computer” then just doesn’t stop. This was likely something typed into Google Translate then pasted into an email.

They Have Everything: Unless you really have something to hide, then this should not scare you. You need to assume that anything that you post online is public information anyways – there are no secrets on Facebook.

Invalid Help: They offer to help with acquiring Bitcoin to pay them in then offer a site to find local ATMs that have this feature. They have no understanding of the area or what local banking services are available. If they know everything about me then they know where I live and could easily look up the local economic structure.

Internet Extortion: They are using extortion tactics to try and scare me into action. They are trying to “sell” me information security for $120, but if I gave into their demands then my email address would become an even more valuable asset as they would have someone they could regularly extort for funds.

What To Do

  1. Unless you have something to hide, ignore the threats. If you do have something to hide then I suggest you quit so that no one can have anything against you.
  2. Forward these emails to me. Include the “header” information by copying it from the File > Properties menu in Outlook as this will help to track down where they are from.
  3. Farmhouse Networking will alert the proper authorities about the malicious activity to help shut these scammers down.

If your company is receiving tons of SPAM or hacker email, then contact us for assistance.

Oregon Cyber Task Force – Cyber Attack Mitigation

During a recent briefing from the FBI’s Oregon Cyber Task Force in Medford, OR they detailed best practices and industry standards for cyber attack mitigation. FBI special agents started with information and statistics about the most recent threats giving specifics of how the attacks were executed. Security Architect from the State of Oregon then outlined the specifics of how to mitigate these threats properly. Here is a summation:

Current Threat Landscape

Business Email Compromise (CEO Fraud): Involves cyber criminals posing as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the criminal requests employees to perform wire transfers to the criminal’s bank account. FBI Internet Crime Complaint Center (IC3) has reported over $3 billion of losses worldwide due to this threat.

Ransomware: Ransomware is a form of malware that targets weaknesses in networks to deny the availability of critical data by encrypting it and demanding a ransom for the encryption keys to decrypt the data. Ransomware is frequently delivered through spear phishing emails to end users.

Point of Sale (PoS) Malware: Cyber criminal steals payment card data by remotely infecting PoS systems with malware without the need to physically access the cards or the devices used to process them. This allows criminals to compromise PoS systems on a large scale with larger victim base.

Insider Threat: An insider is a current or former employee who has access to an organization’s network and intentionally misuses that access to negatively affect the company. IC3 has recorded business losses from insider threat to be between $5,000 to $3 million.

Internet Extortion: Victims are threatened by cyber criminal with Distributed Denial of Service (DDoS) attack that will make access to their e-commerce site severely degraded or impossible if they victim does not pay to appease them. These can be real or fake with price tags in the neighborhood of 50 bitcoin or about $30,000.

Cyber Attack Mitigation

Here is a list of items that will need to be addressed to comprise a complete mitigation plan:

  • Create company policy in regards to how wire transfers are handled that require verbal or in-person authorization from multiple company executives
  • Create company policy restricting details that can be shared  about job duties and company hierarchy on social media
  • Review National Institute of Standards and Technology (NIST) Cybersecurity Framework and  adopt risk management processes
  • Create, implement and keep up-to-date an incident response plan
  • Create company policy and implement lawful network monitoring
  • Have proactive relationships with law enforcement agencies – silence is letting cyber criminals win

Practical Security Best Practices

  • Network Segmentation – keep the guest wireless separate from the local network, keep payment processing in its own network and keep web servers in the Demilitarized Zone (DMZ) of the network.
  • Use firewall access rules, Active Directory Group Policy and physical security measures to limit unsecure access to every segment of your network.
  • Restrict usage of administrator level access by creating alternative accounts for these purposes that are not used for local login. Keep these accounts monitored.
  • Implement automated patching and managed virus scanning on all systems. Remove any unsupported / non-updateable software or sytems on the network.
  • Restrict remote access to the network to specific users and use only secure protocols like RDP through VPN
  • Conduct periodic testing of all security measures to identify weakness or failing procedures and adjust systems accordingly

Advanced Mitigation Processes

  • Use multi-factor authentication wherever possible
  • Establish baseline of applications used then implement application whitelisting
  • Standardize encryption for data both at-rest and in-transit
  • Conduct perimeter filtering via Intrusion Detection System (IDS)
  • Regularly backup system logs in a segregated portion of the network to prevent tampering

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Google Apps Migration for Microsoft Outlook

Had a small client recently that wanted to move from standard hosted email service (via WHM / cPanel based server) to Google Apps. In doing the Google Apps migration I found that they had a mix of POP3 and IMAP configured throughout the organization, so using the G Suite Migration for Microsoft® Exchange like I would for larger migrations that are based in IMAP only was out of the question. I found the Google Apps Migration for Microsoft Outlook® which was better suited for doing the job in this small mixed environment.

Google Apps Migration for Microsoft Outlook

If your company is going to use G Suite aka Google Apps migration needs to be performed, then contact us for assistance.

Recent Posts

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2018 - Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

Something went wrong, try refreshing and submitting the form again.