10 Tips to Identify a Phishing Email

Don’t Risk Losing your Life Savings to Scammers. Follow these 10 Tips to Identify a Phishing Email.

From October 2013 to December 2016, phishing scams cost businesses approximately $1.6 billion, averaging roughly $500 million each year. While these figures are staggering, they continue to rise as scammers reap huge payouts from BEC (Business Email Compromise), CEO fraud and other phishing scams.

The real estate industry is a prime target for phishing because large sums of money change hands and there are various weak links in the transaction process. If any step within the transaction process becomes compromised with a successful phishing email, the attacker could gain access to a legitimate email address from which to launch other attacks. The fraudster could then lie in wait, scanning email messages for financial or transaction related details, and then send off fraudulent wire transfer instructions to an unsuspecting buyer, seller, or agent. For example, this happened to a 31 year-old first-time homebuyer in San Antonio, Texas. You can read details about this case here, but the short version of the story is that she felt that she was in a time crunch to send in her down payment and finalize other closing tasks, and felt that the title company was dragging its feet. This state of high anxiety made her a prime target for a phishing email she received stating that she had previously been given the wrong wire transfer information, and that she needed to wire her down payment to a new account. With 5 hours left to get everything done, she attempted to contact her title company to confirm the change, but no one responded, so in a panic, she hastily ran to the bank and wire transferred her $52,000 down payment. Unfortunately, she sent her life savings to scammers.

The phishing industry is so lucrative for scammers because the barriers to entry are low relative to potential huge payouts. With botnets-for-hire and Malware as a Service (Maas), spammers have an impressive arsenal of tools at their disposal to propagate their campaigns, so to fight this scourge, an educated user is the best defense against phishing scams. With this in mind, here are my top 10 tips on how to identify and protect yourself from phishing attacks.

  1. Watch out for messages disguised as something expected, like a shipment or payment notification. These often contain links to malware sites. Hover your mouse over any links to make sure they’re safe. Think before you click! Here’s an example using a phishing email I received claiming to come from HSBC.

    Payment notification phishing email
    Watch for unexpected payment or shipment notices
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors. While legitimate companies are very strict about emails they send out, Phishing emails often contain poor spelling or grammar.
  5. Hover before you click! Phishing emails often contain links to malware sites. Don’t trust the URL you see! Always hover your mouse over the link to view its real destination. If the link claims to point to a known, reputable site, it’s always safer to manually type the URL into your browser’s address bar.
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice! Legitimate businesses will often use your real first and last name. In our HSBC example, notice the generic greeting.

    Watch for generic greetings in email messages
    Watch for generic greetings in email messages
  7. Check the Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam. In our HSBC example, the sender’s name and contact information are missing from the signature.

    Watch for generic signatures in phishing email messages.
    Watch for generic signatures in phishing email messages.
  8. Don’t download Attachments – With the proliferation of Ransomware as a Service (Raas), spammers have an easy mechanism for distributing malware-laden spam messages to thousands of users. And because the payout for ransomware can be quite high, even one successful ransomware infection could net the spammer large amounts of money. If there’s ANY doubt about the identity of the message sender or the contents of an attachment, play it safe and don’t download the attachment.
  9. Don’t trust the From address – Many phishing emails will have a forged sender address. The From address is displayed in two places. The Envelope From is used by mail servers to generate NDR messages, while the Header From is used by the email client to display information in the From field. Both of these headers can be spoofed. MDaemon Webmail has built-in security features to help users identify spoofed emails. Many mail clients hide the From address, only showing the From name, which can be easily spoofed. In MDaemon Webmail, the From address is always displayed, giving users a clearer view into the source of the email and helping them identify spoofed senders. Using our HSBC example, I’ve highlighted the actual sender.
    Phishing email highlighting the actual sending address
    Phishing email highlighting the actual sending address

    MDaemon Webmail will also display information in the Security tag to help users identify messages from verified senders, as shown here.

    MDaemon Webmail - DKIM-Verified Sender
    MDaemon Webmail – DKIM-Verified Sender
  10. Don’t Enable Macros – And while we’re on the subject of ransomware, another common vector for ransomware infections is through macros in Microsoft Word documents. These documents often arrive in phishing emails claiming to have important content from HR, Finance, or another important department, and to trick the user, they request the user to enable macros. Never trust an email that asks you to enable macros before downloading a Word document.

While anti-spam and anti-malware tools are quite effective at filtering out the majority of scams, there’s really no substitute for good old-fashioned user education. Know the potential costs to your business and don’t become the next victim!

If you’re the MDaemon or SecurityGateway administrator and need help with your security settings to help block as much phishing as possible before it reaches your users, give us a call or drop us an email support request.

 

 

 

With MDaemon Webmail, you can use the same keyboard shortcuts found in your favorite email client!

If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook, Thunderbird or Eudora, MDaemon’s webmail client has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in MDaemon’s web-based email client is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcuts drop-down menu, as shown here:

MDaemon webmail keyboard shortcuts
MDaemon’s webmail client lets you continue using the same keyboard shortcuts found in your favorite email client!

More information on this feature can be found in the following page from our online manual:

http://help.altn.com/mdaemon/worldclient/en/index.html?shortcut_keys.htm

If you have questions or comments about this feature, let us know! If you’re not an MDaemon user, but would like to learn more about its features, visit the MDaemon product page and have a look around!

A New Year and a New Name

As we welcome in a New Year, we are also welcoming a new company name. Alt-N Technologies is transitioning to MDaemon Technologies. This change is now in motion and will be implemented gradually across our many company assets.

We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server. The new name will consolidate our brand and align the company around a globally recognized name.

With the name change also brings the new tag line: Simple Secure Email. We believe this tag line summarizes the value many of our global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

We may have a new name but our mission and focus remain the same: develop features in our email server and email gateway products that deliver value (reliability, security, and flexibility) to the IT professionals that put their trust in us.

For more than 20 years we have succeeded by listening to our global customers and delivering exceptional service. We treat our employees, customers and channel partners like family and we believe this is just one of the many reasons why we remain a trusted vendor in an ever changing and competitive email and email security market. We may not be the biggest company you will deal with, but we strive to be the best company you deal with!

To our current customers we thank you for allowing us the opportunity to earn your business. To prospective customers, we ask that you give us a try. Download a free 30 day trial of our products or look at our hosted services and partners.

We look forward to an exciting 2018 and the opportunity to serve you!

Happy New Year,
Kevin

Kevin Beatty
VP, Marketing & Business Development

Alt-N Technologies is Renamed MDaemon Technologies

New Name to Leverage Global Brand Equity of Company’s Flagship Email Server

Grapevine, TX (USA) January 2, 2018 Alt-N Technologies announced today that, effective immediately, the Company’s legal name will be MDaemon Technologies, and that it will begin doing business under the new company name.

“We are adopting the new name to better leverage the brand equity and recognition we have built over the many years with our trusted email server,” said Jerry Donald, CEO of MDaemon Technologies. “The new name will consolidate our brand and align the company around a globally recognized name.”

With the name change also brings a new tag line: “Simple Secure Email. This tag line summarizes the value many of the Company’s global customers and partners have expressed over the years and is synonymous with the attributes that have made MDaemon a popular email server with many IT professionals and resellers.

More information about the name change can be found by visiting the MDaemon Technologies Blog.

About MDaemon Technologies

MDaemon Technologies develops email and email security software for the global small and medium enterprise business market. Founded in 1996, its products are trusted by organizations in over 140 countries and 25 languages. The company’s flagship products, MDaemon Messaging Server and SecurityGateway for Email Servers can be deployed in virtual, hosted cloud or private on-premise environments. The company’s products include the latest security technologies and require minimal support and administration to operate and maintain. The company uses a network of global distributors and resellers for the sale and support of its products.

###

Media Contact:
Kevin Beatty
MDaemon Technologies
(817) 601-3222 x214
kevin.beatty@mdaemon.com
www.mdaemon.com

Improve Outlook Performance – Archive your Email to MailStore!

MailStore email archive server

One of the most common complaints of Outlook users is slow performance. We all know how frustrating it is when you launch Outlook, and right away, it freezes or takes a long time to start up, or when the Send/Receive process takes too long. Message search can also slow to a crawl.

So what causes Outlook to behave like this? The most common cause is having a mailbox that’s too large. This problem is so common because many users like to save every email they send and receive over time, resulting in a mailbox that’s bloated and out of control.

The solution is to implement an archiving solution such as MailStore, and configure message deletion rules so that archived messages are removed from the mailbox after a given period of time.

Whether you use POP (MailStore can archive PST files, too), IMAP, ActiveSync, or Outlook Connector, reducing the amount of data stored in user mailboxes improves Outlook performance by lowering the amount of data that it has to process on the server. While this can improve Outlook load times, it has the added benefit of improving mail server performance.

In addition to improving Outlook performance, archiving has these benefits for administrators:

  • Reduced storage requirements on the mail server
  • Disaster recovery
  • Improved mail server performance
  • Simplified backup & restore processes
  • Elimination of mailbox quotas
  • Elimination of PST files
  • Less reliance on users adhering to email retention guidelines
  • Adherence to compliance regulations
  • Prevent users from deleting email messages

Check out this post for more details on these other benefits of archiving.

Would you like to learn more about MailStore and how it can improve Outlook performance and help your business? Then visit our website and download your free trial!

SecurityGateway saves administrators time by letting users manage their own quarantines!

Email spam quarantine

You’ve probably heard that the vast majority of  all email traffic is spam, but did you know the volume of spam as a percentage of all email traffic has gone down over the years? In April of 2014, spam made up almost 70% of all email traffic. The most recent records show spam at about 59% of all email traffic. While these numbers are down slightly, they are still quite significant, and thus email providers need to be armed with a variety of tools to combat spam.

For email administrators, one of the challenges of fighting spam is balancing tasks performed by the administrator with tasks that users can perform to take some of the workload from administrators. With SecurityGateway’s quarantine management features, users can be granted permissions to manage their own quarantines.

SecurityGateway can be configured to handle spam in various ways. Messages can be refused, quarantined, or accepted, and their spam scores can be adjusted accordingly. When messages are quarantined and held on the server, the administrator can determine whether, and how often, to send the user an emailed quarantine summary report. The administrator can also grant users permissions to view and manage their own quarantine folders in the SecurityGateway interface. The quarantine summary email allows users to release the message from quarantine, and whitelist or blacklist the sender. When the quarantine is viewed in the SecurityGateway interface, users have additional options, such as the ability to feed messages to SecurityGateway’s Bayesian spam learning engine. Giving users the ability to manage their own quarantines allows administrators to focus on other tasks.

We generally recommend using the Bayesian feature to mark a message as spam, rather than blacklisting the sender. Thus, to avoid any confusion, we’ve put together the following best practices guide on quarantine management in SecurityGateway.

Click here to view the new SecurityGateway Quarantine Management guide.

Following the suggestions outlined in this guide will help ensure that you receive the messages you want, and block the messages you don’t want.

If you have questions, let us know in the comments section below!

 

Why Passwords May Not Keep Your Email Safe

Two-factor Authentication using phone pin and passwordWe live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

The problem is made worse by the prevalence of weak passwords. Did you know that, even in 2017, one of the most common passwords is 12345678? In an experiment conducted in 2013, with the help of a list of hashed passwords obtained online, hackers were able to crack about 90% of a list of over 16,000 passwords.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

  1. Something you know
  2. Something you own
  3. Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

  • An ATM card (something you own) and a PIN (something you know)
  • A credit card (something you own) and a zip code (something you know)
  • A phone (something you own) and a fingerprint (something you are)

MDaemon includes two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

  • It provides an extra layer of defense when a password isn’t strong enough.
  • It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
  • It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
  • It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Download the latest version of MDaemon to take advantage of this extra security!

Introducing SecurityGateway 5.0, with New Location Screening, Terms of Service Agreements, and More!

SecurityGateway provides businesses with additional layers of email security for their mail server. Developed with over 20 years of email security expertise, SecurityGateway is loaded with anti-spam, anti-abuse, and anti-malware features, as well as email encryption, data leak prevention, and more. With our latest release, SecurityGateway 5.0, businesses can benefit from the following new features.

Block Traffic from Specific Countries with Location Screening

Location Screening, a feature that was also recently introduced in MDaemon, allows administrators to block email from specific countries. This is useful if you don’t have users in certain regions. By default, all email traffic is blocked, but if you prefer to only block authentication attempts from these regions, you can simply check the box to block these attempts.

Block connections by country with Location Screening
Block connections by country with Location Screening

 

Enhanced Compliance Options with Terms of Service Agreement

In order to assist administrators with compliance to laws such as the General Data Protection Regulation in the EU, administrators can now add a terms of service statement which must be accepted by the users each time they login.

Terms of Use Agreement
Terms of Use Agreement

 

Download Message in Readable Format from Within the Logs

When viewing the message logs, administrators can now download a message in EML format by clicking on a link in the log. These EML messages can then be viewed in various email clients.

Download EML File
Download EML File

These are the main highlights. For a complete overview of new features & enhancements, click here to view the latest release notes, or click here to download SecurityGateway.

Questions? Comments? Let us know!

MDaemon 17.5.1 is Now Available – with Improved Logging for Let’s Encrypt, WorldClient Enhancements, and More!

Today, we released a minor update to MDaemon – MDaemon 17.5.1. This update includes various minor improvements, including:

  • Improved logging for Let’s Encrypt.
  • Defaults for the Dynamic Screening settings have been changed. Account freeze is off by default and fewer notifications are enabled.
  • Enhanced WorldCient Instant Messenger chat room experience to prevent spoofing.
  • When using the WorldClient and LookOut themes, users can now display their saved searches in the Favorites folder list.

These are just a few highlights. For a complete rundown of all new features & enhancements, visit our Downloads page to to view the MDaemon release notes or to download MDaemon.

Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:

  • People often reuse passwords.
  • People tend to use the same password across multiple sites.
  • Hackers have access to a variety of password-generating tools that are freely available on the Internet.
  • Automated systems installed in botnets can crack complex passwords in a matter of minutes.
  • Password dictionaries reduce the effectiveness of password complexity policies.

To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.

Watch our latest tutorial video to learn more!

In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.

Do you have questions or comments? Let us know via the Comments section!