Spoofing Emails Targeting Office365 Users
Spoofing emails are a big problem these days leading to compromised personal information and sometimes devastating financial loss. If you want to protect yourself from spoof emails, it helps to know what a phishing, or email spoofing attack looks like. So we have a great example for you here! One of our clients got an email recently that looked like it was from Microsoft about their Office 365 account. Looking at this email from the view point of someone who is not familiar with phishing or spoofing attacks, it is easy to see how people often fall for these spoof emails. So, we are going to break this email down in a way that that will hopefully help you, your friends or employees detect email spoofing.
Misspelled or Incomplete Email Address
The first give away on this email was the incomplete email address. The email appears to be from Microsoft, but its missing the .COM at the end of the email address. This can be very easy to miss especially if you just take a quick glance at the email.
Spoofing Logos / Fake or Abused Logos
Secondly, the logo was a bit off. If you look up the real Office365 logo you will know what I mean. The font is not right and the real Office365 logo does not even have the word Microsoft in front of it. But the color of the “logo” and the careful placement of the word “Microsoft” could make this “logo” evade a quick “sniff test.” This logo is placed there to give the spoof email an official look. By mimicking a trusted source, the spoof engineer hopes that their fake email will evade detection.
Masking Rogue Website Links
Last but definitely not least is the link. If you get any email with a link, you can check where the link goes just by hovering your cursor over the link. But please do not click on the link, unless the web address is consistent with the source of the email, or unless you recognize the site. In this case, when we hovered over the link we noticed that the “Cancel Disable Process” link did not go to Office 365. Therefore, my educated guess is that this link will either lead to a fake page that looks like your Office 365 login, or it will lead to a page that will deliver a nasty virus payload to the PC.
This is just one example of an email spoof, but as you can imagine, email spoofing comes in many forms. The biggest take away here is to look for consistency. Just because an email has a Microsoft, IRS, Chase, Fox News, or Bank of America logo does not mean it’s coming from that source. Always check for consistency before you click on any email links. If you just get in the habit of checking the 3 things highlighted by the red arrows in our example, you will be able to enjoy your emails without becoming a victim of phishing or email spoofing.
Recently many Windows 7 and Windows 8.1 users have been waking up only to find a new Windows 10 upgrade on their computers. To some, this may not be a big deal, assuming that the upgrade went well. However, sometimes the upgrades do not always go well due to incompatibility with the user’s choice of Anti-virus, or hardware that might not be supported by Windows 10. So, if want to have some control over when your computer upgrades to Windows 10 read on.
Imagine the “horror” if you were nicely content driving an automatic car and then you wake up one morning to a manual car that you do not have any experience with? That would be me! Manual transmissions HORRIFY me! Now, don’t get me wrong, I can put a boogie down to a beat, but let’s just say my coordination skills are immune to development when it comes to a stick shift! So, should I ever wake up to a stick shift, my wife will be driving – no ifs, ands or buts about that! At that point, she is the man! I will be happy riding shotgun like a pro! I imagine a sudden upgrade to Windows 10 might feel that way for some users. So, if you don’t want to be caught off guard, or you want to upgrade to Windows 10 at your own pace, this might help.
Why You Could Get The Windows 10 Upgrade Automatically
Most computers have a default setting to receive automatic updates, which is recommended to help keep current on bug and security fixes for your PC. The Windows 10 automatic upgrade has been coming in as part of these automatic updates, which are usually set to occur around 3 am. So, if you are not quite ready to upgrade to Windows 10 you have two options:
- Turn off your computer at night, or
- Exclude the Windows 10 Upgrade from your Windows Updates
The first option is straight forward, but you will still need to keep an eye on those automatic updates. The second option is the best option – for now at least, but it requires a few more simple steps. So let us get straight to it:
How To Stop The Automatic Windows 10 Upgrade For Windows 7:
- Click on the Start Menu button
- Click on All Programs
- Scroll through the list of items until you find Windows Updates
- Click on the Windows Updates
- If there are pending updates, click on the important updates and see if Windows 10 Upgrade is listed
- If Windows 10 is listed, just click to uncheck the box so that it’s not installed with the Updates
- If Windows 10 is not listed, go ahead and install the pending updates
- Once the Updates are installed, go back through the process and see if there are any more updates. If not, click on check updates and see if any updates exist. If there are more updates, click on the important updates once again to see if the Windows 10 upgrade is listed – and if it is, you know what to do.
If you have Windows 8, you may be better off upgrading to Windows 10. Windows 10 is actually more user friendly than Windows 8 in my opinion. Windows 10 upgrades go through just fine in most cases with no glitches. But if you are not sure if your Anti-virus might affect the upgrade, or if you have rare or expensive proprietary software that you are not sure will work with Windows 10, you may want to have some control over the upgrade of your PC to Windows 10. So, hopefully this helps. As the good ole technical adage goes, “If it isn’t broke, don’t fix it!” Best of luck!
Technology is advancing faster than we can cope with. Many new devices in today’s market bring the convenience of our digital life within our fingertips. However, if we do not factor in security as a critical part of using technology, the consequences that result from ignored security risks will outweigh its convenience.
The increasing use of computing devices of all shapes and sizes comes with the unintended effect of growing cyber-crime. So how can you protect your data?
Here are a few things that can help:
- Control your data: Do not put everything about yourself on social networks like Facebook. Your personal information can be easily used against you in hacking or in scams using Social Engineering tactics. These days it might not be a bad idea to use services like Lifelock, since even big companies are not immune to hacking. So, being able to monitor your personal information can be a life saver in this digital age.
- >Use different passwords: Using the same password can make it easy for a hacker to access your accounts once they have cracked your password. It is good practice to use different and secure passwords for your important online accounts.
- Keep your computer updated: Updates provide general fixes for security vulnerabilities. The most critical programs to update are your Anti-virus, Windows, Java and Adobe Flash. Please note: Only do these updates manually, (if you know how), or when your computer prompts you. Do not click on “update prompts” from websites, as those could be fake and malicious.
- Tech support frauds / remote access: Unless you know who is on the other side of the phone line, granting remote access to your computer to a stranger is a big security risk! It never ends well. The damage ranges from spyware on your computer, to wiped bank accounts. No joke, I have seen it! Attacks of this nature are often untraceable and difficult to solve. You are better off with local computer service that you can put a face to.
- Look over your emails carefully: One of the biggest frauds going on is that scammers are sending out official looking emails claiming to be the USPS, FEDEX, UPS or DHL with a link to check the status of your package. Once you click the link a virus could encrypt your files, or spyware gets on your computer. The scammers send out these emails in hopes that the recipient is expecting a package.
If you ever get one of these emails and you are really expecting a package, hover over the link and you will see where the link will take you without clicking it. That could save you some headaches. If your anti-virus has an email scanner it can usually detect malicious links and attachments. But, if not, you have to do the extra work. If that is the case, I highly recommend that you get an anti-virus with an email scanner like AVG.
- Do it yourself, or not do it yourself? It really depends on how much you know. Knowing enough to be dangerous can be dangerous for your computer. So, before you download that amazing program that is going to “fix” all your computer problems in one click, call a pro! You will be glad you did!
- Remember to back up your computer: Computers are easy to replace, but data is not. So remember to back up your irreplaceable documents, pictures, and music and video collections.
- Take action if your computer is slow: A slow computer could be a sign of either malicious software or imminent hardware failure. If your computer is running slower than usual, have it checked out for viruses or hardware problems.
- Do regular tune-ups and cleanups: Computers build up junk over time. The file system and file structure of any computer needs a little TLC every now and again to keep things running sooth.
A tune-up once every year or every 6 months, (depending on the user and usage), can help to extend the life of your PC.
Hope these tips will help you fortify security for your computer. If you know someone who could benefit from these tips, feel free to share this article. Thank you!
What The End Of Windows XP Support Means To Windows XP Users
Microsoft announced that they will be ending support for Windows XP and Office 2003 on the 8th of April 2014. So what does this mean for PC users running Windows XP? (more…)
A Simple Look at The Cloud
Do you ever get a foggy feeling when you hear mention of “the cloud”? We often hear about cloud computing, cloud services, cloud (more…)