Loading ...

Category: Email

Local Church Hit By Ransomware

Got a call a couple weeks ago from a local church:

“we came in and open the computer and we have ransomware on there. We can’t even get to any of our stuff. It’s telling us to email somebody and so that they can free up the computer.”

How does this happen?

Generally these things happen because people click on things they shouldn’t. Whether in an attachment in email from someone they don’t recognize, a link in social media that sounds too good to pass up, or an advertisement for something they can’t live without. Once the user gives permission for something to open or run on their computer the game is over and the hacker wins.

What to do when it happen?

  • Stop using the computer.
  • Leave the computer alone! Do not carry out any further commands, including commands to Save data.
  • Do not close any of the computer’s windows or programs. Leave the computer alone.
  • Leave everything plugged in and do not turn off the computer or peripheral devices.
  • If possible, physically disconnect the computer from networks to which it is attached.
  • Call us immediately. Write down any unusual behavior of the computer (screen messages, unexpected disk access, unusual responses to commands) and the time when they were first noticed.
  • Write down any changes in hardware, software, or usage that preceded the malfunction.
  • Do not attempt to remove a suspected virus! Let the professionals do the dirty work.

How to prevent this from happening?

Layers of protection is the simple answer. A good antivirus installed to stop the bad programs from running, DNS filtering to keep users off of bad sites / advertisements, a good backup of all data to recover when this does happen, and most important of all EDUCATION – teaching users what safe internet usage looks like and having policies in effect to train them can mitigate 60-70% of infections. 

If your company is would like to discuss the layers of security you have in place, then contact us for assistance.

Voicemail to Email Service

Voicemail to Email Service

These days, you only need to step away from your desk for a few minutes to have a heap of missed calls and new emails awaiting your return:

What Voicemail to Email Does:

As the name suggests, a Voicemail to Email solution uses artificial intelligence (AI) technology to automatically transcribe voicemails received by a user’s voice mailbox. Voicemail to Email is ideal for busy professionals who can’t be accessible at a moment’s notice, are often in meetings, or in an environment where it’s not feasible to listen to messages in sequential order. Voicemail to Email offers a practical, at-a-glance way to keep up with the messages that need your attention and prioritization. With Voicemail to Email transcription, you can consult your voice messages at a time and place that’s most convenient for you. Users can efficiently hone in on specific transcribed messages to find exactly the information they need – from contact information to payment details to an address for their next meeting.

What are the Benefits of Voicemail to Email?

Maximum Accuracy: Voicemail to Email solution uses Google’s Cloud Speech API for Speech to Text transcription which has better accuracy than many voice transcription solutions. The transcriptions made over our platform represent the truest content of your customers’ voicemails.

Efficiency and Flexibility: Users can read their Voicemail to Email transcriptions at their own convenience – via email, SMS, or a mobile app.

Flexible Billing: Users can choose between a flat rate per line ($4.95 per month) or choose to be billed per transcription ($0.14 per voicemail).

Future Features: We are looking to add Spanish Voicemail to Email transcription to our services in the future. We are also looking to add live call transcription, so that a user can have a complete text transcript of their phone calls in writing emailed to them.

If your company is looking to expand what their phone system can do for them, then contact us for assistance.

Warning: Explicit SPAM Messages

Explicit Spam Message

Explicit Spam Message

Here are a couple recent SPAM emails that were received by clients and myself. They are explicit in nature but they a good lesson about the scare tactics of SPAMMERS. The first message seems to be the better SPAM message as it has better English and is even tries to be humorous, while the second is more direct and extortionary. Time to dissect these messages.

SPAM Message #1

  • Password – This message starts by stating that it knows your password. How can this be? There have been several information breaches from the government, retailers, healthcare, etc over the past couple of years. The majority of these breaches are eventually posted online with emails and passwords – hence the reason Farmhouse Networking has started offering Dark Web scanning and advises passwords be changed often.
  • Remote Access – The SPAMMER then goes on to provide a detailed explanation of how they got into the computer. It sounds convincing but deeper analysis by someone who is in the IT Security industry would reveal that their explanation is flawed. To do what they proposed would take several different exploits of various portions of the computer and would likely take longer than video would be playing.
  • Contacts – For their “computer software” to get contacts from all these various sources would require that the password mentioned earlier in the email be the same for all these services. It is recommended by Farmhouse Networking that different passwords be used for each service so that if one is compromised then the rest are not in jeopardy. It might be asked how to keep track and the answer is a password keeping software like LastPass.

 

SPAM Message #2

  • Threats – The message starts immediately with the intimidating remarks and threats. It may be true that alerting the authorities will not bring any immediate assistance, but if we are all upstanding citizens then there is nothing to worry about their threats. It is always good to submit these messages to the authorities (FBI) for analysis so they can take these guys down over time. I do find it sad that this SPAMMER did not take the time to explain how they gained access to my computer.
  • Webcam – It is very possible that if your computer is infected properly that the hacker could gain access to your webcam, but again if we are upstanding citizens and don’t do anything inappropriate in front of our computers then there is nothing to worry about here.
  • Bitcoin – The demands continue with a sense of expediency in the matter giving only 28 hours before the big reveal. This particular SPAMMER either knows the value of the first SPAMMERS creativity in producing a video or are selling themselves short at the $400 ransom in Bitcoin. Finally, they even try to give a bit of legitimacy to their claim by stating that they can send the video to a partial list of contacts.

If your company is interested in Dark Web Scanning for on-going breach protection or worried about SPAM, then contact us for assistance.

Is this really SPAM?

Thought that I would share a recently received new SPAM email variant that could easily be overlooked and possibly be a scammer looking to take your money. This one is strange to me and I wanted to share my insites.

Starting from the Top

Look closely at the From portion of the email:

This email is from a legitimate email marketing firm called AWeber. The SPAMMER is actually using a website designed to help bypass SPAM filtering to deliver mail. There is also the fact that the email is form someone that I don’t do business with. Always fight the urge to look at things that are not yours.

Stick to the Subject

Now to take a look at the Subject line of the email:

The email marketing firm this SPAM is sent from is required that you confirm someone who is joining your email campaign. Guess I would have to agree to be scammed by this person.

And now the rest…

The final thing that caught my eye was the title of the email campaign in the email:

The enticing title “Clickbank – 30k project” sounded interesting. By clicking on the button I would confirm my existence as a real person and would likely kick off a communication from someone who is likely an “African Prince” with a money making opportunity. Hope this little tutorial helps you detect other phishing attempts in the future.

If your company is having trouble with SPAM or phishing, then contact us for assistance.

ESET Antivirus Troubles

Eset Antivirus - Grants Pass, OR

Working with a webhost to tighten their security settings to get PCI compliant. In doing so we ended up breaking many of their clients email access by turning off SSLv3 and TLSv1.0. I was given the task of helping all the clients fix this issue (see seperate blog post for the fix). One in particular ended up not having issues beyond the normal problems with TLS and it turned out being ESET Antivirus. Here is the story:

Unable to Access Website:

The client first mentioned that they could not access a particular website that they needed to submit government paperwork. The error was related to the certificate being out of date. I checked the site on my own computer and it came up just fine, so looked at their certificate and it was current with plenty of time left before expiring. Cleared the cache and all the normal troubleshooting steps to no avail, so had to dig deeper. Remembered that some antivirus programs scan HTTPS traffic by putting their own certificate in place of the actual certificate from the site. Looked inside ESET Antivirus and found the culprit. Under Internet Protection > Web Access Protection I turned off the HTTPS Scanner. Restarted the browser and was able to surf to the site without issues.

Hidden Messages Stuck in Outlook Outbox:

The client then mentioned that some messages weren’t sending, so looked into it and found a couple messages that were 2MB+ which I told them were too large to send. We got rid of those but then messages were still stuck but were now hidden from view. I used the typical fix for read receipts that are hidden using the MFCMAPI tool but found nothing there. Tried removing the account and re-adding it to Outlook. After the clients 8,000+ emails downloaded via IMAP the same problem began occurring again. Remembering the issues with ESET Antivirus web filtering, I decided to take a look at that again. Under Internet Protection > Email client protection I turned off all the Email Clients, Email Protocols, and Antispam Protection. Restarted Outlook and the problem persisted. Had to remove the account and re-add it to Outlook. After the clients 8,000+ emails downloaded via IMAP the problem was fixed.

All that being said, these kinds of problems are another reason that I recommend Webroot to my clients for their antivirus protection. I prefer to have the Website filtering happen at the DNS level via a company like DNSFilter.com and the SPAM / Email filtering to happen via the email provider or an email protection service like Mailprotector.com.

If your company is interested in using a real layered approach to security not just putting a software band-aid on it, then contact us for assistance.

Got everything backed up? You sure?

SaaS Protection - Grants Pass, ORAs companies increasingly move data into cloud-based applications, many administrators think traditional best practices such as data backup are outdated. After all, a Software-as-a-Service (SaaS) application is always available, accessible from anywhere, and highly redundant, so why is backup necessary?

1 in 3 companies report losing data stored in cloud-based applications. That means the permanent deletion of potentially hundreds of work hours.

The truth is that even data in cloud-based applications are vulnerable to:

  • Malware damage or ransomware attacks
  • Accidental end-user deletion
  • Malicious end-user activity
  • Operational errors such as accidental data overwrites
  • Lost data due to canceled user account subscriptions
  • Misconfigured application workflows

Datto SaaS Protection won’t let your critical data slip through the cracks. Engineered to be the leading, one stop shop for cloud-to-cloud SaaS application backup, SaaS Protection gives you consistently reliable granular backups, quick and easy restores and exports, secured data for compliance and regulatory needs, and world-class 24/7/365 support.

SaaS Protection Supports the Following Applications:

G-Suite – Protect emails, documents, calendars, sites, and contacts in Google’s G Suite.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure G-Suite data is secure, easily recoverable, and protected:

  • Automatic 3X daily backups of Google Mail, Drive, Calendar, Contacts, and Sites data
  • SOC2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both in transit and at rest in the Datto Cloud
  • Advanced internal controls
  • Data controls and monitoring, including audit logs, uptime and availability SLAs, and export capabilities
  • Regular vulnerability management and testing

SaaS Protection saves you and your team time and stress with search filters that quickly locate backed up files and folders.. even if users can’t remember what they called them.

  • Easily track deleted items
  • Locate and browse any previous versions of documents
  • Lighten the help desk load: SaaS Protection lets users access their own backups

Office 365 – Protect Exchange Online, SharePoint Online, OneDrive, Contacts, and Calendars in Office 365.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure Office 365 data is secure, easily recoverable, and protected.

  • Microsoft Exchange, OneDrive, SharePoint, Calendar and Contacts are automatically backed up 3X a day
  • SOC 2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both at rest and in transit
  • Data controls and monitoring tools, including audit logs, uptime and availability SLAs, and export capabilities

SaaS Protection saves your team time and stress with robust search filters that make it easy to quickly locate backed up files and folders.

  • Manage backups, view restores, and monitor activity across all of your customers from an easy-to-use dashboard
  • Zero in on emails, contacts, individual files and entire folders with our search function
  • Restore files directly to a user’s account or download them directly

If your company is G-Suite or Office 365 and want a complete disaster recovery solution, then contact us for assistance.

New Phishing Email Variant

Thought that I would share a recently received new phishing email variant that could easily be overlooked and possibly cause damage to your network. The email appears to have come from Dropbox as a user sharing a folder with me, but a closer look shows many obvious signs that the email is a fake.

Starting from the Top

Look closely at the From portion of the email:

The lettering is actually another language where the font makes it look like English lettering. There is also the fact that the email is form someone that I don’t do business with. Always fight the urge to look at things that are not yours.

Stick to the Subject

Now to take a look at the Subject line of the email:

This has different lettering but it is again a different language used to look like English lettering.

And now the rest…

The final thing that caught my eye was the “button” in the middle of the email:

It actually looked fuzzy. It turns out the entire body of the email is a single image that is a link to their malicious site. Clicking anywhere in the body of the email would send you on your way to infection or account compromise. Hope this little tutorial helps you detect other phishing attempts in the future.

If your company is having trouble with SPAM or phishing, then contact us for assistance.

Is Email Down Again?

Email Down

While troubleshooting an email encryption issue after a WHM / cPanel web server migration, my thoughts turned to email down time and what it is worth to a small business. This is the core concept behind business continuity – “Business continuity encompasses planning and preparation to ensure that an organization can continue to operate in case of serious incidents or disasters and is able to recover to an operational state within a reasonably short period.” (Wikipedia) The best way to recover from a disaster is to have planned in advance for the eventuality and have systems in place that provide redundancy when the incident occurs. When it comes to business email continuity only one name comes to mind:

Microsoft Office 365

Guaranteed UptimeMicrosoft provides a Service Level Agreement (SLA) that financially backs their services based on a guaranteed amount of uptime per month. If service is down for more than 45 minutes (99.9% uptime) in a month then a 25% credit will be given, if service is down for more than 7 hours (99% uptime) in a month then a 50% credit will be given, and if for some reason they are down for more than 36 hours (95% uptime) in a month then a 100% credit will be given. Considering the literal billions of users of their products, having to give away credits for downtime would seriously cost Microsoft so it is in their favor to keep the services flowing.

Geographic Redundancy – Microsoft has Office 365 data copied to servers in no less than 8 datacenters around the United States including one nearby in Washington. This means that a hardware failure or lost data in one center will not effect the other 7 datacenters – email will continue to be routed through the others until services can be restored to the one. With redundancy like that there should be no worries about downtime or data loss.

Unparalleled Support – Office 365 email is running on Microsoft Exchange being administered and supported by the people who created it. There is nothing like going to the creator of something to talk to them when there is a problem. They have the breadth of experience that comes from using their own products for the past 20 years. This level of knowledge is unparalleled in the industry and it shows in the quality of service and support that is received. 

If your company needs the best in class reliability and service that comes from switching to Office 365, then contact us for assistance.

Xerox Scan to Email G-Suite (Fix Error 017-714)

Recently had trouble getting a Xerox VersaLink C7025 multifunction printer to Scan to Email correctly and found a couple solutions to the problem that I wanted to share. It all started when I configured the SMTP settings for the scanner to use G-Suite to send emails using the following article – “Send email from a printer, scanner, or app” but got the error 017-714 report from the printer. Did some searching online and found the following answer:

Using Google Insecure SMTP Server

As per the same article, the multifunction will work by using the following settings:

  • Device Email: clients scanner email address
  • SMTP Server: aspmx.l.google.com
  • Outgoing Port: 25
  • Connection Security: None
  • SMTP AUTH: None

This is great if the client wants the scans emailed only to people in their own domain. This will not allow sending to anyone outside their domain, which was not what this client wanted, so I contacted Xerox support and worked my way up to Level to support who pointed me to the following more secure answer:

Using Google Secure SMTP Server

The first thing to do is to make sure that Less Secure Apps setting is allowed for the Device Email account. This can be checked at – https://www.google.com/settings/security/lesssecureapps  but you might find that it has to be changed in the G-Suite Admin Console (disabled by default on all accounts). Once logged into https://admin.google.com,  click on Security then on Basic. Choose the option to allow each user to chose their own setting then go back to the less secure app setting page and change to allow for only that account. Now the multifunction can be configured as follows:

Xerox Scan to Email G-Suite

If your company has software that needs to be automatically updated or would like to sign-up for remote monitoring and maintenance, then contact us for assistance.

Received Hacker Email

Hacker Email

Here is a recent email that I received from a “hacker” that was threatening to expose some secrets. It was an obvious fake email, but I wanted to take the time to educate on how to know a fake when you receive one:

Hacker Email Exposed

Strange Email Address: This email comes from “auf@cesco.com.br” which is an address unknown to me and the domain itself ends in BR which stands for Brazil which again I don’t do business in Brazil so why would someone from there be emailing me.

Poor English: It starts out with the over-friendly greeting and continues with “I hack your computer” then just doesn’t stop. This was likely something typed into Google Translate then pasted into an email.

They Have Everything: Unless you really have something to hide, then this should not scare you. You need to assume that anything that you post online is public information anyways – there are no secrets on Facebook.

Invalid Help: They offer to help with acquiring Bitcoin to pay them in then offer a site to find local ATMs that have this feature. They have no understanding of the area or what local banking services are available. If they know everything about me then they know where I live and could easily look up the local economic structure.

Internet Extortion: They are using extortion tactics to try and scare me into action. They are trying to “sell” me information security for $120, but if I gave into their demands then my email address would become an even more valuable asset as they would have someone they could regularly extort for funds.

What To Do

  1. Unless you have something to hide, ignore the threats. If you do have something to hide then I suggest you quit so that no one can have anything against you.
  2. Forward these emails to me. Include the “header” information by copying it from the File > Properties menu in Outlook as this will help to track down where they are from.
  3. Farmhouse Networking will alert the proper authorities about the malicious activity to help shut these scammers down.

If your company is receiving tons of SPAM or hacker email, then contact us for assistance.

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2018 - Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

Something went wrong, try refreshing and submitting the form again.