News Roundup – November 25, 2019

This week, we present the latest stories and events in the field of email, email security, phishing, data breaches, regulations, and trends.

Ransomware in the News

I’m old enough to remember life without a computer in the house, so I was a bit surprised to learn that the first ransomware attack happened 30 years ago!

Cybercriminals have come a long way since 1989 as they continue to employ a mix of oldWeekly Email Security and IT News and new tactics to scam businesses and end-users out of millions of dollars. For the second time this year, Louisiana’s state government systems were hit with ransomware. Fortunately, they were better prepared after the previous attack, so they suffered no data losses and did not pay a ransom.

Other reported incidents included:

Business Email Compromise Threats Continue

Business email compromise continues to be a growing threat due to the potential to extort large payouts from victims. A prominent incident reported last week included one in which fraudsters diverted $742,000 from the City of Ocala in Florida.

Reports of business email compromise typically discuss the facts about the incident itself – how it happened, how much money was lost, and actions taken to protect from future losses, but what is rarely reported is what legal action, if any, a company takes against the employee who was successfully tricked by one of these scams. But last week, a judge ruled on a case against an employee of a Scotland based company who was tricked into transferring approximately $200,000 to a cybercriminal.

Other Recent Incidents

Other recent incidents include:

New Trends We’re Watching

Other recent incidents show evolving threat vectors and attack techniques, including the Raccoon Stealer malware that bypasses Microsoft Messaging Gateways, a WhatsApp vulnerability that can remotely execute code, specially crafted ZIP filese used to bypass secure email gateways, Google Assistant on Android devices could be tricked into taking photos or videos, and the growing threat of fake Windows updates.

Staying  informed of current and emerging threats and tactics is the first step in protecting yourself and your business. Check back often for the latest updates..

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Business Email Compromise Discussed on NPR’s Morning Edition

business email compromiseEarlier this week, I heard an interesting interview on NPR’s Morning Edition with a recent victim of Business Email Compromise (BEC), a growing threat that uses social engineering to exploit human nature in order to divert massive amounts of money to cybercriminals.

Recent Business Email Compromise Trends show Evolving Tactics

First, let’s start with a little background information. In 2013, when Business Email Compromise scams were gaining popularity, attackers typically compromised a legitimate email account belonging to the company president, CEO or CFO in order to request the transfer of funds to an account controlled by the attacker. As awareness of BEC scams has grown, the tactics used by the scammers to avoid detection have evolved as well. These newer deception methods use compromised lawyer email accounts, requests for W-2 records, and the targeting of real estate transactions. Another recent trend involves spoofing a company executive or other position of authority and requesting the targeted victim purchase gift cards for personal or business reasons.

Over the past couple of years, BEC tactics have further evolved into a new trend known as Vendor Email Compromise in which cybercriminals target vendors or suppliers with phishing emails and then send realistic-looking invoices to their customers in order to steal money.

BEC scams have been wildly successful, with $1.2 billion in losses reported in 2018 by the FBI’s Internet Crime Complaint Center (nearly triple 2016 losses). Unfortunately, these are only REPORTED losses. Many incidents go unreported because companies don’t want to risk bad publicity.

While recent efforts by law enforcement agencies have led to many arrests, Michael J. Driscoll, FBI special agent in charge of the Criminal Division for the bureau’s New York Field Office, has named Business Email Compromise the #1 priority – replacing ransomware as the biggest threat facing businesses.

And that brings me to the interview I heard on NPR.

This week on Morning Edition, Martin Kaste interviewed “Mark” (not his real name), the owner of a Seattle-based real estate company and one of the earliest victims of Business Email Compromise. Mark discussed how the attack began and how it evolved.

It started with a scammer intercepting email traffic between Mark and a business partner. For a period of time, the scammer monitored this email traffic and studied their speech, writing patterns and message timing (see Step 1 here). When Mark and his partner discussed a $50,000 disbursement owed to the partner, the scammers took action and inserted their own wire transfer instructions (see Step 3 here).

Mark was convinced the request was legitimate, and transferred the $50,000 (Step 4) to the scammer’s bank account. His partner never received the money. By the time they alerted the bank, the money had already been transferred to an overseas account.

Mark said, “We’re somewhat experienced businesspeople. The idea that we’ve been duped makes you feel pretty stupid,” and as I mentioned, this “shame” element, along with fear of a damaged business reputation, is why many of these incidents often go unreported.

Kaste points out, “The banks weren’t much help, either. Since he was the one who gave the scammers the account number, they saw this as his responsibility. He has learned one thing – never again trust wiring instructions that are sent by email.”

And that sound advice is among other tips you’ll find in my earlier post on avoiding Business Email Compromise scams.

You can listen to the full interview from NPR’s Morning Edition here.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Security Gateway 6.5 – With Improved Attachment Handling & Database Support

If you’re in charge of managing your company’s email, whether you’re running an in-house Exchange server or Office 365, you’ve certainly become all too familiar with the latest threats posed by cybercriminals – threats that go far beyond the old-school Nigerian Prince email scam that has become the brunt of jokes over the past couple of decades. So if protecting your employees from email-borne scams is important to you & your business, a secure email gateway to protect against phishing, malware, data leaks and other threats would be a sound investment.

If you’re looking for email security solution that will block the most spam, viruses, and phishing threats, with user-friendly email traffic reports, email archiving, and Data Leak Prevention (DLP) at a price that’s affordable for small businesses, consider Security Gateway for Email Servers.

Announcing Security Gateway 6.5!

This week, we released Security Gateway 6.5, with improved attachment handling and external database support.

Macro Detection in Office Documents

Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5, the Cyren Antivirus engine can be configured to detect macros in Microsoft Office documents and flag them as infected.

SecurityGateway for Email Servers - Antivirus Flag Macro
SecurityGateway for Email Servers – Antivirus Flag Macro
Improved Handling of Restricted Attachments

Messages sent from Microsoft Outlook in Rich Text format are sent with an embedded file containing formatting data. Receiving email clients that do not understand this data may display it as a Winmail.dat attachment. To prevent users from bypassing the restricted attachments list by attaching restricted file types to rich text emails, SecurityGateway can now look inside Winmail.dat attachments for restricted file.

Security Gateway can now also scan RAR archives for restricted attachments.

External Database Support

Security Gateway installs with its own embedded Firebird database, however, in the latest release, administrators can configure Security Gateway to use an external Firebird database for improved performance.

Other Improvements

These are just the highlights. Additional features include email archive journal reports plus enhancements to manage archive and Sieve scripts via the API. You can read the full list of new features here in the release notes, or download your free trial to begin protecting your business against the latest threats!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Recent Business Email Compromise (BEC) Scams are Reminder to Educate Users

Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user.

Billions Lost to Business Email Compromise

Over the last three years, organizations all over the world have lost a collective $26B to a very specific type of email scam – Business Email Compromise, or BEC. Recently, a BEC scheme in Spain was brought down, but not before taking over €10M. A scammer in Canada impersonated a contractor and fooled city employees out of over $1M. And the FBI is investigating a network of over 80 people across multiple countries in an attempt to use a BEC plot to steal $46M.

Why do BEC Scams Work so Well?

Top 10 Business Email Compromise Protection Tips
Top 10 Business Email Compromise Protection Tips

BEC emails are advanced phishing scams, and they’re on the rise. But what makes a BEC attack so dangerous, and so effective?

BEC Scams are Highly Targeted

Scammers aren’t blasting thousands of the same email. They’ve done the research, monitoring the company’s website and social pages. They find the appropriate target, and groom them by sending multiple conversational emails, establishing trust.

They Contain No Malware

Unlike the old style of phishing, where users are told to click on a link, BEC emails have no spammy links. This means they can sometimes evade spam filters, and the end user doesn’t see any red flags.

They Exploit Human Nature

BEC emails imitate an actual person, complete with real-looking email addresses, formatting, company names, and titles. The victim has unknowingly been emailing back and forth with the scammer and trusts that they are who they claim to be. So when asked to send bank information, for example, the victim assumes the request is authentic and complies.

They are Often Under-reported

Victims often don’t realize they made a mistake until much later. And even upon realization, many companies don’t report the incident for fear of damaging their reputation with their customers. Not reporting such incidents allows perpetrators to simply move on to their next victim.

Learn How to Stay Protected Against these Email Scams

Preventing losses to Business Email Compromise is the responsibility of both the end user and the IT administrator. To stay protected, follow these tips:

End Users:
  • Double-check the sender email address & recognize spoofing and other impersonation tactics. MDaemon Webmail displays the full email header to help users identify spoofed emails.

    MDaemon Webmail Full Email Header Display
    MDaemon Webmail Full Email Header Display
  • Don’t overshare on social media
  • Don’t open email from unknown sources
  • Verify all wire transfer requests via phone or face-to-face
  • Know customers’ & vendors’ business practices
  • Run antivirus software often
  • Use two-factor authentication
  • Forward, don’t reply. Ensures you manually enter the appropriate email address.
Administrators:
  • Enable reverse lookups to verify the legitimacy of the sender
  • Use the antivirus features in MDaemon and SecurityGateway to scan all inbound and outbound email traffic
  • Require users to use SMTP Authentication
  • Use SPF, DKIM & DMARC to secure your domain against spoofing
  • Require two-factor authentication
  • Require strong passwords
  • Provide regular end-user training
  • Run antivirus software often and make sure virus signatures are up-to-date

While traditional security measures such as network defenses and email gateways can be effective at blocking most varieties of spam, the bottom line is that the most critical part of stopping BEC attacks is user awareness and education.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

3 Ways Security Gateway for Email Helps Businesses Stay Compliant

Staying informed of the latest data privacy regulations can be a challenging endeavor, with a plethora of different security and retention requirements based on industry. And as these laws and regulations continue to evolve, businesses will need to evolve as well to keep up.

The timeline for compliance with new data privacy laws is “yesterday”

As Cynthia Cole, special counsel in the Palo Alto technology practice at law firm Baker Botts says in a recent interview, the timeline for data privacy compliance is “yesterday”. And because cybercriminals continue to target users with phishing campaigns and malware downloads, user education continues be a top priority.

So whether you use Office 365, Microsoft Exchange, or any other on premise or cloud hosted email service, are you confident you are protected from accidental or intentional exposure of confidential information contained in email, such as Social Security or Tax-ID numbers, or bank account numbers?

Archiving with Data Retention & Legal Hold in Security Gateway

Security Gateway includes built-in archiving and data retention policies, plus legal hold, to help businesses meet evolving data retention laws. It’s simple to set up and can help your business avoid serious litigation headaches.

Prevent Leaks of Sensitive Data

Companies of all sizes continue to suffer data breaches, and while the larger victims often make the news, many smaller companies don’t, and as many businesses have reported losses, countless more have fallen victim but have chosen not to report the incident in order to protect their reputation.

A small, early investment in additional email security and compliance can help your business avoid much costlier losses later.

Security Gateway’s Data Leak Prevention feature can help protect businesses against the loss of confidential business data transmitted via email, such as PHI (protected health information), financial data, Social Security numbers, and much more. Messages containing sensitive data can be encrypted or sent to the administrative quarantine for further review.

If you’re ready to start protecting your business against regulatory violations and data leaks, sign up for a free trial of Security Gateway for Email, and if you have questions, leave us a comment or click here to contact us by phone or email.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Announcing MDaemon 19.5 – With Redesigned Mobile Webmail & More!

The news is out. There’s a new version of MDaemon Email Server, with new features and improvements to benefit both administrators and end-users alike!

New Features for Administrators

Centralized Management of Email Client Signatures

Most businesses follow certain custom branding practices in their email communications, but inevitably there will be those end users who have not updated their email signature to adhere to these branding practices, introducing inconsistencies in the company’s branding image. To help businesses maintain consistent branding and appearance of company email, MDaemon administrators can now configure default and per-domain email client signatures that are personalized for each user and pushed to supported email clients (MDaemon Webmail and MDaemon Connector for Outlook).

Both plain-text and HTML signatures are supported, and macros can be used (here’s a handy macro reference guide) to automatically populate various fields from the user’s account. You can even add images and links!

MDaemon Email Server - Client Signatures
Centralized management of email client signatures

When using MDaemon Remote Administration, adding signatures is made even easier using the available editing and formatting tools. You can even add your company logo by simply dragging the image into the window.

Centralized management of email client signaturs with MDaemon Remote Adminisration
MDaemon Remote Administration – Default Email Client Signature

Macro Detection in Email Attachments

Cybercriminals often attach Microsoft Office files containing malicious macros to their spam & phishing email messages. They then use social engineering to try to trick the user into opening the attachment (which may be disguised as an invoice, payment receipt or legal document) and enabling macros. From there, the macro goes right to work, unleashing malware that can take down your network, or ransomware that can take days to remove, costing your businesses thousands of dollars in lost revenue.

To help prevent these attachments from reaching users, MDaemon Antivirus has a new setting to detect macros in documents scanned by Cyren AV and flag them as infected for further review by the administrator.

MDaemon Antivirus - Macro Detection in Attachments
MDaemon Antivirus – Macro Detection in Attachments

New Features for End Users

New Mobile Theme for Webmail

These days, most people use their smartphones for just about everything, from banking or surfing the Web, to conducting business via email, so whether you’re using the largest Microsoft Surface tablet, or the smallest iPhone or Samsung Galaxy, you need access to your most important email and collaboration features at all times.

Redesigned MDaemon Webmail for Mobile Devices - with responsive design for mobile phones and tablets
Redesigned MDaemon Webmail for any Screen Size

To help users on the go stay organized, the Mobile Theme for MDaemon Webmail has been redesigned with a more modern look, and includes a variety of new features previously only found in desktop themes. New email management features include email templates, personalized categories, drag & drop email filters, email signature editor with support for multiple signatures, deferred delivery, message snooze, message recall, and sorting options.

Calendar features for the new Mobile Webmail theme include importing and exporting in CSV or ICS (iCal) format, support for external calendars, private access links, simultaneous multi-calendar view, and much more.

But that’s not all…

These are just the major highlights. You can read the full list of improvements in the MDaemon Release Notes.

Still using Exchange? Are you unhappy with your hosting provider’s product support? Try MDaemon free for 30 days, or visit our MDaemon Hosted Email Options page to sign up for hassle-free cloud hosted email!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Security Gateway a High Performer Again – G2 Crowd 2019 Fall Report

We’re proG2 Crowd High Performer 2019ud to announce that Security Gateway for Email has once again been named a High Performer in Secure Email Gateways by G2 Crowd in their Fall Report. And if you are looking for a hosted solution, Security Gateway also was recognized as a top Cloud Email Security solution.

Security Gateway for Email Servers - High Performer 2019
Security Gateway for Email Servers – High Performer 2019

G2 Crowd awards are based on honest reviews from users. In other words, the product is recognized because of the feedback from users just like you who use the product every day; awards that reflect a superior customer experience.

The data from G2 Crowd speaks for itself – Security Gateway received satisfaction ratings above 90% in the Ease of Set Up, Ease of Use, Ease of Admin, and Quality of Support categories; ratings that exceed the category average scores.

Why Users Love Security Gateway

Easy to Use 

Security Gateway Review from G2 Crowd

SecurityGateway is designed to be simple and easy-to-use. Set-up, configuration and maintenance is easy for the administrator, and every-day tasks like accessing quarantine reports is easy for the end user.

Best Results

Security Gateway for Email Review - G2 Crowd

With SecurityGateway you get results, which means you DON’T get malicious emails in your inbox. We protect email communications for businesses of all sizes and verticals, regardless of which email platform they use and whether it’s in-house or in the cloud.

Reliable

Security Gateway Review

Try Security Gateway for Free and Compare its performance and Cost to Your Current Solution

Security Gateway is one of the best email security gateways in the market. Find out what organizations of all sizes already know – Security Gateway saves you time, headache and money.

Click here to learn how Security Gateway can protect your email!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Office 365 Vulnerabilities Every Business Should Consider

While many businesses are moving their email from on-premises to the cloud, many that have already made the switch have discovered that cloud hosted email has its share of drawbacks to go along with the benefits these businesses had originally sought.

To help businesses make the right decision when choosing an email and collaboration solution, we’ve created the following infographic to illustrate key areas to consider when deciding whether to use an on-premise email server such as MDaemon or to go with G Suite, Office 365, or another hosted email provider.

Contact us if you’d like to learn more about MDaemon. We also offer personal demos for businesses needing an overview.

Infographic: Top 10 Reasons to use MDaemon Email Server over Office 365
Top 10 Reasons to use MDaemon Email Server over Office 365

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

We’re Extending our Summer Savings Discount on MDaemon Email Server & Security Gateway for Email Servers!

As we endure the heat of the “dog days” of summer here in the northern hemisphere, we start to see tell-tale signs of the approaching end of summer – kids going back to school, the sun setting slightly earlier each night. But not all good things must end in August. Therefore, I’m excited to announce the extension of our 15% off Summer Savings promotion – now through September!

Through September 30, when you make a new purchase of MDaemon or purchase, renew, or upgrade Security Gateway, you’ll automatically receive 15% off the regular price.

Whether you’re tired of the expense and headache of managing Microsoft Exchange Server, or are looking for a secure, affordable alternative to Kerio, IceWarp, or Gmail, MDaemon’s migration tools can help you migrate your business email and groupware data.  Additional migration information and how-to guides for Security Gateway can be found on our Literature page.

Compare MDaemon and Security Gateway for Email Servers with your current solution, or click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Phishing Email Uses Google Drive to Get Past Microsoft Security

Phishing, email scams, tips to avoid spear-phishing

This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients.  The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses.

Because the message was sent by a legitimate email service, it was able to bypass Microsoft Exchange Online Protection on its way to users’ inboxes.

You can read the full article here.

No Spam Filter or Email Gateway can Block 100% of All Spam

Spam Filters and Email Gateways have proven quite effective at blocking most of the junk email that gets sent by the thousands on a daily basis, but cyber criminals are always looking for new ways to bypass email security measures through social engineering, new strains of malware, and newly-discovered security flaws reported in  Microsoft Exchange Server and cloud email platforms. That’s why user training will continue to be a top priority for all businesses that use  email.

Tips to Avoid Phishing and Business Email Compromise (BEC) Attacks

In a prior post, I listed the following 10 tips to avoid falling victim to phishing emails.. Here’s a brief summary. You can read the entire post here.

10 Tips to Identify a Phishing Email

  1. Watch out for messages disguised as something expected, like a shipment or payment notification.
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors.
  5. Hover before you click!
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice!
  7. Check the Email Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam.
  8. Don’t download Attachments
  9. Don’t trust the From address –Know the difference between the “envelope From” and the “header From” addresses.
  10. Don’t Enable Macros –  Never trust an email that asks you to enable macros before downloading a Word document.

These 10 tips are explained in more detail in this post.

10 Tips to Protect Against Business Email Compromise (BEC) Email Attacks

Business Email Compromise goes beyond standard spam techniques by exploiting human nature and the trust established between employees and members of the executive team. Scammers use social engineering, CEO impersonation, and a variety of other techniques to trick users in accounting, finance, or other high-power positions into transferring money into the scammer’s accounts. These attacks are well-executed and targeted at specific individuals, and often take more time to plan and launch due to the amount of research that goes into these attacks. Cyber criminals use publicly available information on sites such as LinkedIn, Facebook and even the website of the targeted victim to gain insight into the company’s business practices. They will often study the writing styles of the executive team, allowing them to craft convincing emails that appear authentic to employees.

Because Business Email Compromise attacks are often so well-crafted, they are able to bypass standard security measures. These tips should help you identify a Business Email Compromise attempt if one should slip through your spam filter or email gateway.

  1. Train Users to recognize these Common Impersonation Tactics used by Cybercriminals
    • Domain Name Spoofing
    • Display Name Spoofing
    • Lookalike Domain Spoofing
    • Compromised Account
  2. Secure your Domain by registering similar domains.
  3. Don’t Over-share on Social Media
  4. Use SPF, DKIM & DMARC to protect your domain from spoofing.
  5. Use Two-Factor Authentication
  6. Use Strong Passwords
  7. Don’t trust unknown sources
  8. Establish strict processes for wire transfers
  9. Provide regular end-user training
  10. Run antivirus software often

You can learn more on how to avoid Business Email Compromise attacks here.

No business is too big or too small to fall victim to email-borne scams. In fact, cyber criminals often target smaller businesses based on the assumption that smaller companies are less likely to have the latest security systems in place. MDaemon Email Server and Security Gateway for Email Servers include a variety of features to protect businesses from spam, malware, and leaks of sensitive business data.

15% discount during August, 2019 for MDaemon Email Server and Security Gateway for Email Servers

Looking for a secure, affordable email and collaboration server or email security gateway for your business? This month, we’re offering a 15% discount off the price of MDaemon Email Server (new purchases), and Security Gateway for Email Servers (new, renewal, and upgrades).

Comments? Question? Let us know. We’re here to help!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •