Block Hackers from Guessing Passwords with MDaemon’s Improved Dynamic Screening

If you have an email account (and in 2017, you probably have more than one), you are a target. More specifically, your email password is a target and a coveted prize for hackers. And let’s face it – hackers are not going away anytime soon. Because the barriers to entry are so low and the potential payoffs so large, hackers are more motivated than ever to try to steal your login credentials. As an MDaemon administrator, you are tasked with making sure your users use strong passwords, but here are a few things to consider when evaluating your password & security policies:

  • People often reuse passwords.
  • People tend to use the same password across multiple sites.
  • Hackers have access to a variety of password-generating tools that are freely available on the Internet.
  • Automated systems installed in botnets can crack complex passwords in a matter of minutes.
  • Password dictionaries reduce the effectiveness of password complexity policies.

To address these threats, MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). When a specified number of authentication attempts from a given IP address fail in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. The affected email account can also be frozen – meaning the mailbox can collect mail, but the user cannot login to check email or send out email messages.

Watch our latest tutorial video to learn more!

In the event that a hacker or spammer still manages to guess an account’s password, MDaemon’s Account Hijack Detection feature will disable or freeze the account after a specific number of messages have been sent from an authenticated session in a given timeframe.

Do you have questions or comments? Let us know via the Comments section!

Block Incoming Connections by Country with MDaemon’s New Location Screening Feature

Block connections by country with Location Screening
Block connections by country with Location Screening

As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:

New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.

So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.

In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added.  In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.

Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!

Outlook Connector 5.0 Adds New Control & Reporting Features

In addition to all of the new security & collaboration enhancements introduced in MDaemon 17.5, our latest release of Outlook Connector adds additional control for administrators as well as configuration reporting for end users.

Allow or Block Certain Third-Party Outlook Add-ins to Improve Performance

With the wide variety of Outlook add-ins that users can install, one common challenge is making sure these add-ins don’t negatively impact Outlook performance. Beginning with MDaemon 17.5 and Outlook Connector 5.0, administrators can control which add-ins are enabled or disabled on client machines.

Administrator Control of Outlook Add-Ins
Administrator Control of Outlook Add-Ins

New Outlook Connector Features for End Users

Generate an Outlook  Configuration Report to Assist with Support Requests

When submitting an Outlook Connector support request, it is helpful for our support staff to know as much as possible about the Outlook configuration settings on the client computer. Beginning with Outlook Connector 5.0, users can generate a configuration report containing information such as:

  • All Outlook Connector Profiles, including the email address plus the location and size of the local cache file
  • Information about when the Outlook Connector database was last compacted, and the size of the database
  • The current version of the Outlook Connector plug-in
  • Send/receive intervals
Outlook Connector - Generate Configuration Report
Outlook Connector – Generate Configuration Report

In addition to these major updates, we’ve included various minor fixes & enhancements. More information can be found in the release notes, or if you can download our free trial to start using Outlook Connector today!

New Security & Collaboration Features for MDaemon 17.5!

Our continued focus to make email safe and simple to use has resulted in some great new features in the most recent release of MDaemon 17.5. We’ve highlighted some of the features for email administrators and end users below. So, let’s have a closer look.

New MDaemon Features for Administrators

Stop Spam and Malware Sent from Specific Countries

Many email administrators want an easy way to block connections from specific countries that send spam and malware. New country screening settings allow administrators to block incoming SMTP, POP, and IMAP connections from designated countries. This benefits businesses by allowing them to block messages from countries with which they do not do business, and provides an extra layer of spam protection when certain countries are known sources of spam.

MDaemon Location Screening
Block incoming connections by country via the new Location Screening feature

Prevent and Set Alerts When Hackers Try to Access Your Email

MDaemon’s new Dynamic Screening features can be configured to track authentication failures for all protocols, including SMTP, POP, IMAP, WorldClient, and ActiveSync (among others). After receiving a specified number of failed authentication attempts from a given IP address in a designated period of time, subsequent connections from the IP are blocked for a specified period of time. This helps prevent further connection attempts and password guessing by hackers & spammers.

MDaemon Dynamic Screening & Authentication Failure Tracking
MDaemon Dynamic Screening & Authentication Failure Tracking

If you’re looking for the previous dynamic screening settings, they are still located under the Security Settings screen, but this screen has been renamed to SMTP Screen.

Flexible Filtering to Manage Messages

Administrators can set multiple IMAP filtering parameters based on the message size or the contents of any message header, and perform actions such as moving, deleting, forwarding, or redirecting the message.

Complex IMAP filters
Complex IMAP filters

Improving Server-Side Encryption Key Exchange

An option has been added that allows the process of exchanging public keys for OpenPGP to take place during the SMTP message delivery process. When this feature is enabled, authorized users will no longer need to manually send their public key to another user from whom they wish to receive encrypted email.

Automatic Encryption Key Exchange
Automatic Encryption Key Exchange

Improved Message Search Capabilities

A new Message Search page has been added to MDaemon Remote Administration, allowing administrators to search a single user’s messages based on keywords in the sender, recipient, subject, or attachment name. Searches can be performed on all messages, or only messages within a specified date range.

New Message Search for MDaemon Remote Administration
New Message Search for MDaemon Remote Administration

New MDaemon Features for End Users

Flexible Search Filters for Inbox Management

Improved search filters have been added to MDaemon’s web-based email (WorldClient) allowing users to specify filtering rules based on the message size or any message header. Message results based upon the filter criteria can be moved to another folder, deleted, forwarded, or redirected.

Complex filters for WorldClieint, MDaemon's web-based email client
Complex filters for WorldClieint, MDaemon’s web-based email client

Custom Buddy List Groups for Instant Messaging

WorldClient Instant Messenger users can now arrange their buddy lists into custom groups.

WorldClient Instant Messenger - Buddy List Grouping
WorldClient Instant Messenger – Buddy List Grouping

Adding Attachments to Calendars, Contacts, Tasks and Notes

Attachments can now be added to calendar items, contacts, tasks, and notes via WorldClient, Outlook (using Outlook Connector) or your favorite CalDAV or CardDAV client.  When scheduling a meeting, attachments added to calendar events will be sent to all meeting attendees.

Attachment Support for Meetings, Contacts, Tasks
Attachment Support for Meetings, Contacts, Tasks

Import and Export Groups/Distribution Lists to/from a Contact Folder

WorldClient users can now import and export groups/distribution lists to & from their Contacts folders. The ability to import groups allows users to avoid the extra steps needed to add group members individually.

Import Groups
Import Groups

Using Email Voice Memos

WorldClient’s new voice recorder allows users to record voice memos and attach them to email messages, save them to their WorldClient Documents folder, or save them to the desktop.

WorldClient Voice Recorder
WorldClient Voice Recorder

Simplified Folder Management Options

WorldClient users can now perform the following folder management tasks without having to go to the Options | Folders menu:

  • Move folders from one parent folder to another via drag & drop.
  • Add folders to Favorites via drag & drop.
  • Rename folders in the Favorites list by clicking on the folder name.
  • Show folders by type in the LookOut theme (previously only available in the WorldClient theme).
WorldClient Folder Drag & Drop
WorldClient Folder Drag & Drop

Export a Contact in vCard 4.0 Format

WorldClient users can now export individual contacts in VCard format, a file format standard for electronic business cards supported by a wide variety of email clients. VCards contain various details about a contact, including name, company name, email address, postal address, phone number, and additional comments. They can be downloaded locally or sent to a designated email address, and then imported into any email client that supports the VCard format.

WorldClieint - Export Contact in vCard Format
WorldClieint – Export Contact in vCard Format

Password Protected Chat Rooms

For added security, WorldClient Instant Messenger users can now chat with others via password protected chat rooms. When creating a new chat room via the WorldClient Instant Messenger application, simply enter the password that is required to join in the new Password field.

WorldClient Instant Messenger - Password Protected Chat Rooms
WorldClient Instant Messenger – Password Protected Chat Rooms

Other Enhancements

In addition to all of this, other improvements include:

  • By default, messages that cannot be scanned by SecurityPlus are quarantined. The antivirus quarantine exclusion settings have been improved. In previous versions, administrators could configure exclusions from antivirus scanning based on attachment file type. Now, administrators can also configure antivirus scanning exclusions based on the sender or recipient address.
  • When using the WorldClient theme, the look of WorldClient Notes has been updated. An option was added that allows users to change the color of the note by clicking on the note icon in the top left corner of the note.
  • When using the LookOut and WorldClient themes, WorldClient users can now search for attachment names using advanced search.

For more information please refer to the following resources:

MDaemon Release Notes
Click here to download MDaemon

If you’ve got questions or comments, let us know via the Comments link below!

Email Help for Texas & Louisiana Businesses Affected by Harvey

Hosted Email Help for Businesses Affected by Hurrican Harvey

Our hearts go out to all who have been impacted by hurricane Harvey. As a provider of email messaging software and services, we understand that many businesses have lost communications infrastructure, including their email services, which for many, are the primary channel of communication with customers. We want to help, so we are offering free, temporary email services for businesses who have experienced email disruptions due to Harvey.

Learn more about how we can help your business during this time of disruption:

http://www.altn.com/Harvey2017-Business-Email-Help/

MDaemon Has been Updated to Version 17.0.3

Update_stickyAs any software company knows, it’s important to listen to our customers and address any issues that may be reported. With this in mind, our development team has released MDaemon 17.0.3. This minor update includes various improvements to WorldClient Instant Messenger and other minor fixes.

Click here to read the release notes, and click here to download the latest MDaemon.

If you’re not yet an MDaemon user, you can find more product information here, and click here to compare us to your current messaging solution.

Do you have questions or comments? Let us know via the Comments section below!

 

Don’t Get Hit by the Whaler’s Harpoon

What is Whaling?Harpoon-Whaling

Chances are you’re familiar with the term Phishing, where scammers use social engineering tactics to get users to give up personal information such as financial data, Social Security numbers, or other highly confidential and valuable information. That email you received from the “IRS” asking for your Social Security number? Don’t fall for it!

You may have also heard of spear-phishing, a more targeted form of phishing where specific individuals on any staff level may be targeted. But are you aware of the dangers of whaling? No, I’m not talking about the kind that keeps marine conservationists up at night. I’m talking about phishing attacks that are highly personalized to target high level executives.

While phishing emails are sent out to multiple recipients in the hopes that one or more will fall for the scam, whaling emails are usually only sent to select individuals who have a great deal of influence in a company. They are designed to masquerade as critical business communications sent to someone of importance, such as a CEO or other business authority, in an attempt to get the recipient to give up personal or financial information. Often, these messages contain spoofed addresses claiming to come from someone within the company. It is also common for a whaling email to claim to be from the Better Business Bureau or FBI.

Many whaling emails will contain a link that installs malware or leads the user to a familiar looking website that will likely ask for your login information. What happens next is when the problems begin. You submit your username and password, and are told that your credentials are incorrect and that you should try again. Sounds pretty harmless so far, right? Behind the scenes, however, your information has already been captured, and you are then redirected to the legitimate website, where you are able to successfully login on your next attempt – completely unaware that you just submitted valuable information to a scammer. This is why we always stress that you never click on links in an email message unless you’re 100% certain that the message is legitimate and from the purported sender.

How do “Whalers” get past Spam Filters?

Cybercriminals often use similar domain names or free email addresses, pretending to be business executives. They are able to bypass many security measures because their messages often don’t include malware links or attachments. And because they don’t typically contain links, and are often more well-written than the standard phishing attack, they are able to slip past spam filters more easily.

Do Executives Really Fall for These Scams? The Scary Statistics on Whaling

Whaling works because people often fall for these scams. The following high-level cases illustrate how lucrative the whaling business is for scammers:

In the 2008 US District Court subpoena whaling scheme, 20,000 CEOs were targeted. Approximately 2000 of them fell victim to this scheme & clicked on the malicious link in the email, which led to a key logger that secretly recorded the CEO’s passwords. It then led to further hacking attacks on the affected companies, resulting in significant financial loss or damage to company reputation.

Here is an example of the fake subpoena email. It looks official to the untrained eye, but notice the From address, which uses the domain of uscourts.com. The official domain of the US Court system is uscourts.gov, not uscourts.com. Also, it’s worth noting that official court business is never sent via email.

USCourtsWhaling

In 2015, Mattel lost $3 million in a whaling scheme in which a finance executive responded to a bogus funds transfer request claiming to come from the company’s new CEO.

In the first quarter of 2016, 41 companies were hit with phishing attacks targeting employee tax records.

More recently, the CEO of an Austrian aircraft parts manufacturer was let go after the company lost €40.9 million ($48 million USD) to a whaling attack.

And earlier this year, a 48 year-old Lithuanian man was charged with attacks on Facebook and Google. In his high-profile phishing attacks, he used forged invoices, contracts, and letters that looked like they had been signed by a company whose name he had mimicked by registering a company in Latvia with a name similar to that of a legitimate Asian-based vendor.

How do I recognize a whaling email?

So how do you know when you’re being targeted in a whaling attack? Here are some common whaling identifiers to look for in inbound email messages:

  • Is the name of the sender the same as one of my user names?
  • Is the sending domain similar to one of my domains?
  • Is the domain well-established, or is it a newly-created domain used specifically for attack purposes?
  • Does the email contain common whaling keywords, such as wire transfer, payment, etc.?

An email containing just one of these characteristics may not necessarily be a threat. For example, if the CEO’s name is John Smith, an email from another John Smith might not raise any red flags, especially considering how common this name is. But if you receive an email from John Smith that has one or more of the other characteristics listed above, such as one containing a request for payment, then you should treat it with extra scrutiny.

Avoiding whaling attacks is the responsibility of both management staff and employees alike. Follow these tips to help protect your business from falling victim.

Educate Senior Management Staff

One of the reasons spear phishing and whaling are so effective is that they target named individuals in executive or financial positions within an organization, and they often appear to come from someone known and trusted by the recipient, such as a colleague. Clever social engineering techniques are used to reel in these “big fish.” Senior management, financial staff and employees in other key roles should be educated on the effects of whaling attacks and how to spot them. They should learn to recognize common characteristics of phishing attacks like spoofed sender addresses, requests for funds transfer, unrecognized attachments, and spoofed hyperlinks. Let’s look at a few examples.

Example: Sender registered a domain similar to the company’s domain.

As you can see in this example, the sending domain looks similar to a legitimate domain, but if you look further, the domain is one digit off from the real domain.

SimilarDomain

Example: Display Name spoofing.

Does the display name in the From field match the email address?  In this example, I know my bank does not own the “fakedomain.com” domain. This is an example of display name spoofing, which is very common.

Spoofing

Example: FROM address spoofing.

Another common spoofing technique is From address spoofing. Any spammer can spoof any email address, making it look like the message came from a legitimate source. This works because email messages contain two sets of addresses – the envelope address and the message header address. I’ll explain further using U.S. postal mail as an example.

When sending a letter via US Mail, the sender needs an envelope, the address of the intended recipient, and the contents of the message (e.g. message body or letter). The sender places the address of the intended recipient on the envelope, but the recipient’s address usually appears inside the envelope as well, usually at the top of the letter. The address on the envelope is where the letter is sent, not the address on the letter itself. Thus, these addresses can be completely different.

Email works in a similar way. Like U.S. Mail, email messages also have two sets of addresses – the envelope addresses, where the message is actually from and who it is addressed to, and the address in the message header, which is what the user sees in the To: and From: fields in the message. These addresses do not have to match for the message to be delivered. Most spam messages contain spoofed From (header) addresses.

In the following example, the message appears to come from john.smith@example.com, but closer examination reveals that it actually came from frank.thomas@example.com. Most mail servers and email security products should have mechanisms in place to detect this kind of spoofing, such as reverse lookups, SPF, DKIM and DMARC, but users should be aware of this common technique used by spammers.

AddressSpoofing

Keep Personal Information Private

Scammers who want to steal your personal and financial information will look for publicly available information on social media and various other sites. Management staff should have as little personal information visible to the public as possible, including birthdays, interests, and friends and family. Social media users should review their privacy settings to ensure that this data remains hidden from the public.

Establish a Verification Process

If an employee receives an email requesting financial information, funds transfers, or other business-critical information that is not typically handled by email, verify the request from the sender via another channel such as a phone call. Companies should have documented processes on how these requests should be handled.

Protect against Data Leaks

Implement a software-based data loss prevention solution such as SecurityGateway that intercepts sensitive data and quarantines it before it has a chance to leave your network. Data Leak Prevention techniques scan email messages and attachments for highly sensitive information such as Social Security or Tax-ID numbers, bank account numbers, and passport numbers.

SecurityGateway for Email Servers

Questions or Comments?

Phishing and whaling scams have been going on for years, and they will continue as long as human nature dictates that people will fall for these scams. Don’t be the next victim. Arm yourself with the facts and your email infrastructure with the tools to avoid the whaler’s harpoons! If you have questions about our email safety recommendations, leave us a comment below!

Search your Archive from WorldClient in 3 Easy Steps

With the prevalence of data-destroying malware, more businesses are using an archiving solution such as MailStore to create backup copies of all email communications. Archiving is crucial for recovery when the unexpected disaster strikes, and useful for e-discovery and meeting legal requirements & regulations. I’ve written this article to help explain the value of archiving and why it’s so important:

If you’re not archiving your email, you should be!

For end-users, it’s important to have easy access to your archived messages, with the ability to search through your archives based on key words. With the addition of a custom button in the WorldClient toolbar that points to the MailStore login screen (performed by the MDaemon administrator), users can access their archive and perform a search in three easy steps. I’ll show you how in the following video:

MailStore works with virtually all email platforms and clients, and is the recommended choice for small-to-medium businesses worldwide. If you have questions or would like a personal demo, leave a comment below & let me know!

Outlook Connector 4.5.1 is Now Available – Addresses Issues with Windows 10 Creators Update

MDaemon mail server software update availableThe release of Microsoft Windows 10 Creators Update introduced various issues for Outlook users related to certain DLL files. Today, we’ve released Outlook Connector 4.5.1, which fixes these issues.

Click here to download Outlook Connector 4.5.1.

Remember – there are two components to Outlook Connector – one for the server, and one for the client. There is a link to the latest Outlook Connector client on the above link. We recommend installing this update on the server as well as on all clients.

If you have questions, feel free to leave a comment below!

Outlook Problems Caused By Creators Update for Microsoft Windows 10

Note: July 27 – A fix to Outlook that was caused by the Windows Creators Update is now available by upgrading to most current version of OutlookConnector – version 4.5.1. Click here to download the update.

The Creators Update for Microsoft Windows 10 has introduced various technical issues. One of the issues is that it may cause Outlook to become unstable when Outlook Connector is used. The issues with Outlook are not isolated to Alt-N products.

Our technical team is working to find a solution to address the issues as soon as possible.

Who is affected?

Customers using Outlook Connector with the Windows 10 Creators Update are affected.

What is the issue?

After installing the Creators Update, Outlook may, under some circumstances, crash or stop working. We have also had reports of searches not returning results.

How do I fix it?

There are a number of workarounds available but the only solution at this time is to uninstall the Windows Creators Update and install the Windows 10 Anniversary Update (version 1607). Using older versions of the Windows operating system can put your system at risk; please use caution.

How do I install  the Microsoft update – version 1607?

To get the earlier cumulative Microsoft update version 1607, please follow this link:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019472

Additional information, including updates & fixes, will be published to the following knowledge base article, so check back often for the latest updates.

Windows 10 Creator Update and Outlook Connector:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1183

Questions? Let us know via the Comments section below, or click here to if you need additional support.