Google & Yahoo Tighten Email Rules: What to Expect

Major email providers including Google, Yahoo and AOL are set to tighten rules on incoming email – making accounts more secure against SPAM and demanding more of bulk senders who want to see their emails delivered.

Google and Yahoo alone represent more than two billion email accounts, many of them belonging to individual consumers for personal use. Estimates suggest around 70% of these have no protection against domain spoofing.

Until recently, even many basic security protocols such as SPF (checking whether email header and ‘sent from’ address match) were not enforced on major email platforms such as gmail – allowing fraudulent emails to unsuspecting users. This made phishing emails easier to circulate, harder to detect, and has been recognised as one of the biggest enablers for cyber security attacks.

DKIM – a protocol that signs both the real domain and email with a cryptographic signature that email clients can cross-reference for authenticity – is also often absent, with email providers increasingly looking to demand better standards from email senders.

From February 2024, bulk email senders must adhere to the following requirements outlined by Google and Yahoo:

 

New Sender Rules

SPF & DKIM Enforced – Business and organisations that need their emails to be delivered safely will have to add SPF & DKIM settings to their domains and mail servers that verify whether emails purporting to be from them are genuine, and have not been tampered with. Without checks in place, Gmail and Yahoo may reject those emails altogether.

Easy Unsubscription – bulk emails must offer ‘one-click’ unsubscribe options for recipients, making it easy for email recipients to opt-out of repeated unwanted messages, and keep clutter under control.

DMARC, the most challenging of the requirements, will be enforced for bulk email senders sending more than 5,000 emails per day, aimed at preventing rapid phishing scams and other mass attempts at fraudulent communications.

 

For those communicating with the public, the changes are likely to prove crucial, and IT managers need to prepare carefully to ensure their emails continue to be trusted.

 

For Cyber Security assistance and expertise, please contact our team today.


The Secure Email Standard

The NHS have updated their ‘secure email standard’ which other organisations are expected to follow.

First published in 2016, the minimum standards for email security are designed to protect NHS staff and systems against supply-chain attacks caused by weaknesses in the cyber security of third-parties.

The standard anticipates that one of the biggest risks to the NHS originates with the rest of us: outside organisations, who need to be trusted not to put the health service in danger via email compromise.

There are two ways to meet the NHS secure email standard:

1. Implement an existing compliant service such as NHSmail, Microsoft 365 or Google Workspace [and follow configuration guidelines for that service.]

2. Demonstrate your own [email] service is compliant with the secure email standard by following the NHS secure email accreditation process.

For those using the biggest platforms – NHSmail, Microsoft 365 or Google Workspace, the to-do list of requirements are simpler and include such steps as ensuring there is a process for notifying the NHS if you have been breached, policies and procedures for using mobile devices, risk assessment, documented policies and universal use within the organisation.

There are also a set of specific configuration settings which the NHS has documented for Microsoft 365 and Google Workspace, which you can learn more about here.

For organisations operating their own mail servers or other email systems, the requirements are more extensive, and require the organisation to manually achieve DCB1596 certification with documented evidence that their setup meets the NHS Secure Email Standard. This applies to organisations hosting their own Exchange, hybrid configurations, and other lesser-known business email platforms.

 

For cyber security assistance and support, please contact our team today.


Exchange Emails Face Blocking

Microsoft have announced plans to throttle, and eventually block, emails sent from on-premises and hybrid Microsoft Exchange Servers that remain unpatched.

“Persistently vulnerable” servers will receive incrementally stricter controls, beginning with throttling (delayed delivery) up to and including a complete block beyond 90-days, preventing onward delivery to other Microsoft-based email accounts such as those in Microsoft 365/Exchange Online and Outlook.com.

The dramatic move puts yet another large question mark over organisations relying on on-premises Exchange server hardware. While Exchange 2003, 2007, and 2010 are now rare, Exchange 2016 still remains in surprisingly widespread use, and many copies of Exchange 2019 are not regularly patched against known vulnerabilities.

Extra controls will apply to servers that run on outdated or unsupported software or haven’t been patched against known security bugs – to help Exchange admins identify unpatched or unsupported on-premises Exchange servers, and allowing them a chance to upgrade or patch before they become security risks.

Recent times have seen a string of major vulnerabilities against Exchange server – including by the Chinese hacking group Hafnium.

Even in 2023, A simple Shodan search still shows thousands of Internet-exposed Exchange servers, with many still waiting to be secured against attacks targeting them with ProxyLogon and ProxyShell exploits, two of the most exploited vulnerabilities from 2021.

 

For cyber security advice and expertise, please contact our team today.


Dangerous New Outlook Exploit Triggers Automatically

Microsoft have acknowledged a critical new zero-day vulnerability with Outlook, that does not require any user interaction with an email to be triggered.

Reported by the Ukrainian Computer Emergency Response Team (CERT) to Microsoft and graded 9.8/10 on the severity scale according the NIST, the exploit is believed to have already been used by a “Russia-based threat actor” in attacks against European targets across government, transport, energy and military sectors.

The exploit (CVE-2023-23397) abuses the way Microsoft Outlook attempts to follow links in emails to retrieve remote content, even before they’re opened or viewed in the preview pane – allowing a remote attacker’s server to request authentication via an old technology known as NTLM, and automatically receive poorly encrypted username and password details from Outlook. NTLM was officially retired by Microsoft after Exchange 2003, but the technology remains available in current versions.

This is dangerous because with a username, password and corresponding email address, hackers have effectively completed a credential theft without any interaction from the end user. Many users use their email account as a single-sign on for other applications, putting numerous other services at risk.

CVE-2023-23397 is not yet fully documented however Microsoft believe the vulnerability occurs “when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat-actor controlled server. No interaction is required.” Once a connection is made, the server sends the user a new technology LAN manager (NTLM) negotiation message which is relayed for authentication – none of which requires the user to even view the email itself.

The exploit affects only the Microsoft Windows version of the Outlook Desktop client. Outlook for Mac, the Outlook Web & Mobile Apps (as well as Outlook.com) are not affected – since these do not support NTLM authentication. Estimates vary but Outlook is said to be used by over 400 million users worldwide, in its various forms.

System administrators are advised to urgently patch with the latest Outlook updates from Microsoft within 24 hours.

Where this is not possible, system administrators are advised to add users to the Protected Users Security Group (blocking NTLM), or Block TCP 445/SMB outbound from network firewalls or via VPN settings, cutting off any NTLM authentication messages at the perimeter of your network. In both cases, Microsoft warn this may affect other services from working correctly.

 

For Cyber Security expertise and support, please contact Lineal’s Cyber Security Team today.


Updated: Phishing Email Examples

It’s 2021 but somehow the phishing email scams just keep coming.

You could almost miss the days when ‘Bill Gates’ would get in touch by email to offer you a shipment of diamonds. Modern email scams are much more sophisticated, the designs more convincing, and the payloads more dangerous – than ever.

Our advice remains the same:

  • Be wary of any unsolicited email or unknown contact.
  • Always look to see if an email is being sent from the correct domain.
  • Don’t open any unexpected or mystery attachment, or click links to unrecognised destinations.
  • If unsure, verify information with someone by asking via a communication method other than email (eg: by looking up a phone number separately from the email, and calling direct.)

Here’s our pick for some of the sneakiest our team have seen ‘in the wild’:

 

The Dodgy File Share (Deluxe Edition)

As useful as a crowbar in the arsenal of the burglar, cybercriminals have been using these ever since file sharing and collaboration apps took over the world – this one appeared even more persuasive for it’s nearly spot-on branding imitating a Microsoft 365 file share link.

But the Deluxe edition takes this scam to a whole new level – with just a mistaken click giving cybercriminals an automated account access, and even replying affirmatively to emails between users asking if these are genuine. Nasty.

fake file share email

 

The TV License

TV licensing is something many people buy once a year, often never receiving physical proof, and don’t think about much – making this a clever way to steal card details without arousing too much suspicion.

These often go the extra mile – making up fake customer numbers and renewal dates – to seem real, which can also identify the email as a scam if cross-referenced in your own records.

 

The Pandemic Phish

Cybercriminals don’t let little things like ethics get in the way of a good scam – with widespread public fear, and the NHS Covid vaccine roll-out in full swing, everything is an opportunity to hack accounts, steal information, or extort money.

Please be aware the real NHS will contact you via a combination of text message and/or post, and certainly won’t threaten you with the loss of your vaccine appointment if you don’t click a suspicious link.

fake nhs email

 

Divine Intervention

OK, perhaps not a threat to everyone – but it’s easy to imagine this inheritance scam prompting a click from someone more spiritually-minded. Technology aside, a compelling story is sometimes the most persuasive scam of all.

fake inheritance email

For Cybersecurity expertise and support, please contact our team today.


Urgent Patches issued for Microsoft Exchange Server

Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.

The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.

All four breaches were announced on Wednesday under the Microsoft Security Response Centre (MSRC) and graded ‘Critical’ – requiring urgent patching.

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.

HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.

As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.

 

For Cybersecurity advice and expertise, please contact our team today.


Reply All Email Storm Protection launches for Exchange Online

Microsoft have announced Reply All email storm protection for Exchange Online – designed to prevent crushing organisational reply all email chains.

By default, the feature will detect ten reply all emails to over 5,000 recipients within 60 minutes, (what IT admins jokingly call a ‘reply-allpocalypse’) and will block further sending to prevent the problem escalating.

A particular problem in large organisations, email storms begin when large numbers of recipients click ‘reply-all’ either to respond or ask to be removed from the chain – massively multiplying the overall number of emails passing through Exchange servers.

If you find yourself stuck in a big reply all email storm, the guidance is simple: Do nothing. Do not reply to the email. Replying only makes the problem worse for everyone in the email chain, including you.

reply all email storm protection

Reply all email storms have plagued large organisations. The NHS was infamously struck by a server-crushing 500 million emails in less than two hours on 14th November 2016, after an IT contractor accidentally sent a test email to everyone with an NHSmail email address – approximately 840,000 people.

Microsoft itself became one of the first test cases during the “Bedlam DL3” incident of 1997, when a user emailed 13,000 company addresses. Other users unaware of how many replies they were sending asked to be removed, and by the time the storm had subsided a terrifying 15 million emails had been sent – far beyond the capacity of late-90s email servers.

Reply-all email storm protection is currently being rolled-out to Microsoft Exchange Online and packaged services including Microsoft 365.

 

For IT Support and expertise, please contact Lineal today.


Number of Covid-19 Scams Explodes

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Barracuda Covid-19 email scams graph

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

covid-19 scam sms phishing example

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

 

For cybersecurity expertise and assistance, please contact Lineal today.


4 Ways Email Filtering Rescues Your Inbox

Email remains a, if not the, key threat vector for protecting organisations from cyber crime – with around 90% of cyber attacks beginning by compromising an unsuspecting user via email.

Today we take a closer look at some of the clever tricks of Barracuda’s email filtering & security service, and why the small investment to protect your inbox  is worth it:

 

Attachment Scanning

In addition to profiling every email which passes through its live email filtering service in seconds, Barracuda scans each email attachment for signs that the contents might be malicious.

As cyber criminals begin to use more sophisticated means, it’s worth implementing this to prevent macro-enabled office documents, infected PDFs and similar file download tricks from catching out users who might be curious to open a dangerous attachment.

 

Outbound

Barracuda email filtering scans not just incoming, but outgoing emails from your hosted mail service or mail server, ensuring not only that your clients are protected from suspect emails, but that staff cannot circulate threats further within your organisation.

Anybody familiar with being caught in a reply-all ’email storm’ knows how quickly bad email can spread internally – be part of the solution yourself, not the problem.

Email Spooling

In the event that your email service falters, clients quickly begin receiving bounce-backs, which leave a poor impression of customer service.

This is avoidable – routing via Barracuda’s email servers, emails will temporarily ‘spool’ like planes stacking over an airport, ensuring onward delivery later when the service comes back online. This ensures any unfortunate interruption to communications is not immediately visible to your clients.

 

Long Term Recovery

Hosting your email in the cloud with Microsoft Office 365? Everything is backed up in the cloud, correct? Not quite – even Office 365 has a 30-day recovery period on deleted email, and emails can ultimately only be restored individually.

This retention period can be longer, or even unlimited, with Barracuda email backups, making sure that emails can be recovered long after staff have deleted them, accidentally or otherwise.

This extra silo of automated email backup protects not just against employee negligence or malpractice, but also common digital breaches such as compromised accounts.

 

For cyber-security and IT expertise – please contact our team today.


Phishing emails – how to teach others to avoid being hooked

Phishing emails that attempt to steal sensitive information or defraud funds are a growing threat to small businesses – and the root cause of roughly 90% of business cyber attacks.

Educating your staff to be wary of clicking on a suspicious email is arguably one of the simplest and most effective cyber-security practices for small businesses. But how should you approach this?

 

Nobody is Immune

There’s no telling when or where a phishing email will arrive at your business, and any single compromised computer might be a cyber-criminals ‘way-in’ to the company – so a good place to start is the idea that it is everyone’s responsibility to watch out for suspicious emails.

Phishing email traffic is estimated to have increased by around 65% last year, and approximately 30% of those phishing emails get opened by IT users.

You’re the CEO of a global multi-national conglomerate? Then you’re MORE, not less likely to be targeted. Such ’Spear Phishing’ attacks are often highly specific to key individuals, aiming squarely at users with privileged information, responsibility over finances or higher levels of access.

Email awareness applies to anyone and everyone with access to email, so training efforts to make your company secure need to apply up and down the hierarchy.

 

Use Examples

Getting hands-on with real examples of phishing emails is the single best way to immunise your team against being caught out. Cybersecurity companies increasingly recognise the ‘human’ factor as the most critical ’threat vector’ – put simply, there’s (ultimately) no substitute for human intuition about what might be suspicious.

Show your team key warning signs to look out for – suspicious email addresses in the email header, bad grammar, or links to dodgy URLs that display when you hover your mouse pointer over them.Fortunately ‘Fake bank’ or ’Nigerian Oil Minister’ type scams have become quite notorious over the last decade, so even the least tech-savvy user will soon catch on to the idea that if an email seems odd, it’s worth checking before clicking or typing-in any sensitive details.

Lineal have published examples of some particularly dangerous phishing emails we’ve encountered, here.

 

Defeatism is Expensive

Studies suggest many IT users increasingly feel that cyber-security breaches are inevitable, and that there’s ‘nothing they can do.’ This security ‘fatigue’ is partly the fault of cybersecurity providers, who have bombarded companies with this idea.

Avoid this mindset. Yes, 76% of companies reported being the victim of a phishing attack in 2017, but 24% did not. Those exemplary organisations will (at least partly) be making their own luck with good working practices, cybersecurity training for users, and strong IT security.

Defeatism also ignores that not all cybersecurity breaches are created equal – a breach could result in a negligible cost to recover a single PC, or cripple a major organisation worldwide, as NotPetya ransomware did to Maersk Shipping in 2017. Under GDPR, the scale of the fines issued by the Information Commissioner’s Office are directly related to the severity of the breach.

The lesson is clear: limiting your organisation’s exposure to attack also limits the potential ‘scale’ of the damage. Never surrender!

 

Do Your Part

It’s helpful to be able to show you’re also investing in your users’ safety at work – that you’re leading by example. Fortunately, there are many ways to reinforce end-user security when using email:

Cloud-based email hosting services (such as Microsoft Office 365) include multiple layers of spam filter as standard, which prevents the end-user ever coming into contact with a considerable volume of suspicious communication, and usually represents greater security than would be typical for your own on-site Exchange Server.

More secure antivirus providers (such as ESET) maintain their own lists of suspicious websites likely to be imitations used for phishing important credentials (such as bank details) and blocking these when encountered.

Email filtering services, such as the excellent Barracuda, are an inexpensive security bolt-on to work email that can dramatically cut down on each person’s day-to-day exposure to dodgy emails. Barracuda Phishline is also available as an automated training service – building a program of dummy phishing emails that can be used to raise awareness among your staff. Clever!

 

 


How to Set Email Out Of Office

Setting your email out of office is something most people do only occasionally, and therefore can be unfamiliar to many. However, an auto-reply helps present a professional face for your business or organisation while you’re away enjoying the holiday season, and provides reassurance to those trying to contact you.

Here are our handy guides for setting up your auto-reply:


 

outlook web

 

Outlook 2019 Web / Outlook.com

1. Open Outlook from your Office 365 Apps, and click the ‘Settings’ cog icon in the top right of your browser. Click ‘Automatic Replies’.

(If using Microsoft’s Outlook.live.com free personal service, you may need to click ‘View All Outlook Settings’ in your Settings tab for Automatic replies to be visible.)

2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the text box.

Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’

 


 

outlook for mac

 

Outlook 2019 (for Mac)

1. Open Outlook from your Applications, click ’Tools’ from the Menu Bar and select ‘Out Of Office’.

2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the top box.

Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’.

 


 

outlook 2019

 

Outlook 2019 (for PC)

1. Open Outlook and click to the ‘File’ Menu from the top toolbar.

2. From the ‘Info’ Tab click the ‘Automatic Replies/Out Of Office’ Button to open the Automatic Replies Window.

3. Click ’Send Automatic Replies’ at the top – choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Outside My Organisation’ text field, and click ’OK’.

 


mac mail

Mac Mail

1. Open Mac Mail

2. Right click on the left hand navigation panel and select get Account Info.

Mac Mail out of office

OR – If you right click on a file stored in your own mailbox you will have a direct link to your Out of Office

Mac Mail out of office

3. Click ’Send Out of Office Replies’ – choose the date and time period you wish your Out of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Internal Reply and External reply’ text fields, and click the red close icon in the top left.

Mac mail set out of office

 


gmail icon

Gmail

1. Open Gmail in your web browser, and click the cog icon in the top right.

2. Open ’Settings’, click ‘See All Settings’ and scroll down to the section named ‘Vacation Responder’.

3. Switch Vacation Responder to ‘On’. Choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ‘Save Changes’.

 


kerio

 

Kerio Webmail

1. Sign in to Kerio Webmail, and click your email name in the top right of the browser window. Choose ‘Out Of Office’ from the dropdown Menu.

2. Tick ’Send Out Of Office Message’, choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ’Save’.

 


yahoo mail

Yahoo! Mail

1. Sign in to Yahoo! Mail and click the cog icon in the top right corner of your browser to access your settings. Click ‘More Settings’

2. Click ‘Out Of Office’ Response from the left hand menu. Toggle the ‘Turn On Out-Of-Office Response’ Switch to ON.

3. Enter the to and from dates you wish your out of office to remain on for, enter the auto-response in the text box, and click ‘Save’.

 


windows 10 mail app

Windows 10 Mail App
  1. Open Mail and click the settings cog in the bottom right of the menu.

windows 10 mail settings

2. Select ‘Automatic Replies’ from the settings menu

windows 10 mail app settings

3. Select your email account, toggle Automatic replies to ‘ON’ and enter text for your automatic reply for internal and/or external contacts.


 

For IT support advice and guidance, contact Lineal today.


iOS 11 Mail App hits the rocks

iOS 11 users who updated their iPhones and iPads this week have been given a nasty shock, upon discovering Microsoft email services will no longer function correctly.

Apple are reported to be ‘working closely’ with Microsoft to resolve the issues – affecting compatibility with Microsoft Exchange 2016, Office 365 and Outlook.com – which display an error message informing users that their mail account “Cannot send mail. The message was rejected by the server.”

One week on from Apple’s flagship iPhone X launch, the problem leaves the tech giant with a public relations headache, as early adopters of the newest touchscreen operating system rush to complain online.

Until this recent development, Office 365 had proved hugely popular with iPhone and Mac users – allowing them to plug Microsoft cloud infrastructure, for dull company email and calendars behind the scenes, into their favoured Apple devices and applications for a a more enjoyable user experience.

Rubbing salt in the wound, Microsoft also published an official support warning on Tuesday, rather mischievously entitled: “You can’t send or reply from Outlook.com, Office 365, or Exchange 2016 in iOS 11 Mail.app”. According to MacRumors, beta testers (including engineers at Lineal) were raising the Microsoft email service problem as early as July, although it appears to be unresolved by Apple’s developers.

Users urgently needing email are advised to download the Outlook for iOS app from the App Store as a lifesaving alternative, suffer a more Microsoft branded email experience, and await rescue from Apple bug fixers.


Fake DVLA Emails: Tracing a Trojan Scam

Continuing our recent series on email phishing trickery including fake invoices and Apple ID theft, this week we discovered a new scam involving a fake communication claiming to be from the Driver & Vehicle Licensing Agency (DVLA).

You haven’t sent them your vehicle details: but never fear, enter them below and avoid a hefty ‘1000 GBP’ fine. Never mind that your garage should have organised a V5 document for you, just click the link and type in your details. This couldn’t be a scam? Right?

We set Lineal’s security trainee Lewis on the fake DVLA emails case – who found that the email links to a private (non Gov.uk) web-page with a extensive bit of PHP code running in the background. A classic Trojan, this webpage invited you to download your casefile – and likely something dangerous along with it.

trojan

Despite poor grammar, the format matched a GOV.UK page quite closely and the ‘official’ nature of the styling might easily have tricked unsuspecting motorists.

Avoiding the page itself, Lewis completed an HTTPS lookup on the domain hosting the fake web page – but found two servers running the same scam. The email itself appeared to be routed via the USA, in an effort to mask the attacker(s) identity.

Tracing both IPs seperately led back to the same address in Germany, registered under two different names which could either be part of an organisation (or more likely) both assumed identities stolen from others fallen victim to the scam.

German privacy law prevents Google StreetView from being completed across most of the country, so an aerial view of an unknown industrial building on the outskirts of Lippstadt was a close as we could get to sourcing the suspicious email itself.

Clearly a sophisticated operation, fake DVLA emails like this highlight the growing technical ability of online scammers and the need for solid IT security precautions.

 

For IT Security advice and support, contact Lineal today: 01271 375999


Hunting Down Email Scammers

 

Here at Lineal we check a lot of suspicious emails – containing everything from fake invoices, dodgy downloads and even new ‘Zero-day’ ransomware threats not yet seen elsewhere on the internet. Cyber-security is a rapidly developing battlefield.

Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.

‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.

The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.

The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.

Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.

Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.

A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)

Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.

Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.

As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.

 

For IT Security advice and support – contact Lineal today.


How Your Outlook Stops Spam Emails

Outlook Stops Spam Emails

At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?

On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.

Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.

But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.

Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.

Office 365 business packages (which can be trialled for free via Lineal) have been made increasingly secure over the past year – with Microsoft opening new UK based data centres and introducing new admin centre for power users to manage system usage in large organisations more effectively. 97% of people can’t identify a phishing email, so it’s important to know that Office 365 will remain vigilant.

Lineal are a Gold Microsoft Partner: for Cloud help and support contact our team today.


Microsoft opens new UK Data Centres

UK data centres –

Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.

The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.

Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.

Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.

In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.

For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.

The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.

 

Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.

 


How to Fix emails stuck in iPhone Outbox

emails stuck
If you’ve received an “Unsent Message” status in the iOS mail app on your iPhone or iPad, it could be because you have emails stuck in your outbox, with mail refusing to send correctly.

As always, it’s worth firstly re-booting your device (something most of us won’t normally do more than once or twice a week) to check whether the problem persists. This will prompt iOS both to refresh the mail app, and install any necessary updates from Apple.

You attempt to can send the email again by going to the outbox, selecting the message with the red [!] warning icon, and touch the send command to attempt to re-send the message. If your connection dropped whilst sending, this can be used to prompt a successful second attempt when the connection is restored.

If your outgoing email still remains stubbornly unsent, it may be best to delete the un-sent email and re-draft (some artful copy-pasting can alleviate this frustration considerably) by selecting the failed email in the outbox, choosing ‘edit’ and choosing ‘trash.’

Should your device remain uncooperative, putting it into ‘Airplane Mode’ should turn off wireless connection searching – which can help Mail stop searching for a way to send the email, and give you the chance to ‘trash’ the offending draft.

For Apple hardware expertise, support and supplies, contact Lineal today.


Exchange Server 2007 support to end in 2017

Exchange Server 2007

Lifecycle support for Microsoft’s Exchange Server 2007 email will end in April 2017, Microsoft has confirmed.

Existing email servers will continue to work past this date initially, but will receive no further patching without purchasing ‘custom support’ at an unknown extra cost. Each version of Exchange is predicted to last only around 10 years, with the 2016 edition lasting until 2025.

Exchange 2007 was included as part of Microsoft Small Business Server 2008 which went end of mainstream support last year. With the challenges of ensuring systems are secure, upgrading from SBS 2008 sooner rather than later will be the order of the day for many businesses.

Unfortunately, upgrading old copies of Exchange Server 2007 to Microsoft’s latest version of Exchange Server (2016) may be more challenging than many organisations will expect, as a direct migration is not available.

This forces users to stepping-stone via the 2010 or 2013 versions, a restriction that will be familiar to any business that has tried to upgrade a legacy Windows XP system to Windows 10, who must buy a redundant Windows 7 license just to make the transition.

The best alternative solution for many will be to abandon their on-site Exchange Server entirely and take the option with a much smoother transition: instruct a Microsoft partner to seamlessly migrate their email to Microsoft’s excellent Office 365 cloud offering.

Lineal can offer consultancy services for upgrade and migration planning in addition to being a certified Microsoft Partner. We specialise in Office 365 and hybrid deployments across the entire Microsoft product set.

 

Please get in touch to find out how easy and cost effective it can be to move your email to the cloud with Lineal.

 


Phishing Emails that know your home address spread

 

Hundreds of people have received new types of phishing emails which knows the individual’s home address.

Clicking the link in the dangerous email, which as a appears very authentic request to pay an overdue invoice, installs devastating cryptolocker ‘ransomware’ on the user’s computer.

The virus then begins encrypting files, demanding a ransom be paid to unlock the user’s data.

According to the BBC the unconnected company cited in the email, cotton fabric manufacturer British Millerain Co Ltd, have received more than 150 phone calls from individuals concerned that they owe money.

Phishing emails and websites, which typically mimic official bank or company communications to trick vulnerable users into making payments to criminals, are becoming increasingly sophisticated.

The use of an individual’s personal address, and higher quality written English, suggests the original creator of the email has gone to greater lengths to make the email look convincing and to avoid detection.

It is also likely that the matching address originates from stolen, legitimate customer data, accounting for users’ recognition of the way they write their own home contact details.

New threats are constantly developing, and Lineal recommend installing an antivirus software with a strong record of catching emerging online threats – such as ESET.

 

Always follow some simple rules:

  • Never click a link or open an attachment from any suspicious email whose origins you do not recognise.
  • Banks and similar will NEVER request your private passwords, pin numbers or other confidential information. Do not disclose these to anyone.
  • If hit by cryptolocker style ransomware, every second counts – seek professional technical support immediately.
  • Always keep a regular, separate backup of your files.

 

Photo Credit: BBC News