Phishing Email Uses Google Drive to Get Past Microsoft Security

Phishing, email scams, tips to avoid spear-phishing

This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients.  The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses.

Because the message was sent by a legitimate email service, it was able to bypass Microsoft Exchange Online Protection on its way to users’ inboxes.

You can read the full article here.

No Spam Filter or Email Gateway can Block 100% of All Spam

Spam Filters and Email Gateways have proven quite effective at blocking most of the junk email that gets sent by the thousands on a daily basis, but cyber criminals are always looking for new ways to bypass email security measures through social engineering, new strains of malware, and newly-discovered security flaws reported in  Microsoft Exchange Server and cloud email platforms. That’s why user training will continue to be a top priority for all businesses that use  email.

Tips to Avoid Phishing and Business Email Compromise (BEC) Attacks

In a prior post, I listed the following 10 tips to avoid falling victim to phishing emails.. Here’s a brief summary. You can read the entire post here.

10 Tips to Identify a Phishing Email

  1. Watch out for messages disguised as something expected, like a shipment or payment notification.
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors.
  5. Hover before you click!
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice!
  7. Check the Email Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam.
  8. Don’t download Attachments
  9. Don’t trust the From address –Know the difference between the “envelope From” and the “header From” addresses.
  10. Don’t Enable Macros –  Never trust an email that asks you to enable macros before downloading a Word document.

These 10 tips are explained in more detail in this post.

10 Tips to Protect Against Business Email Compromise (BEC) Email Attacks

Business Email Compromise goes beyond standard spam techniques by exploiting human nature and the trust established between employees and members of the executive team. Scammers use social engineering, CEO impersonation, and a variety of other techniques to trick users in accounting, finance, or other high-power positions into transferring money into the scammer’s accounts. These attacks are well-executed and targeted at specific individuals, and often take more time to plan and launch due to the amount of research that goes into these attacks. Cyber criminals use publicly available information on sites such as LinkedIn, Facebook and even the website of the targeted victim to gain insight into the company’s business practices. They will often study the writing styles of the executive team, allowing them to craft convincing emails that appear authentic to employees.

Because Business Email Compromise attacks are often so well-crafted, they are able to bypass standard security measures. These tips should help you identify a Business Email Compromise attempt if one should slip through your spam filter or email gateway.

  1. Train Users to recognize these Common Impersonation Tactics used by Cybercriminals
    • Domain Name Spoofing
    • Display Name Spoofing
    • Lookalike Domain Spoofing
    • Compromised Account
  2. Secure your Domain by registering similar domains.
  3. Don’t Over-share on Social Media
  4. Use SPF, DKIM & DMARC to protect your domain from spoofing.
  5. Use Two-Factor Authentication
  6. Use Strong Passwords
  7. Don’t trust unknown sources
  8. Establish strict processes for wire transfers
  9. Provide regular end-user training
  10. Run antivirus software often

You can learn more on how to avoid Business Email Compromise attacks here.

No business is too big or too small to fall victim to email-borne scams. In fact, cyber criminals often target smaller businesses based on the assumption that smaller companies are less likely to have the latest security systems in place. MDaemon Email Server and Security Gateway for Email Servers include a variety of features to protect businesses from spam, malware, and leaks of sensitive business data.

15% discount during August, 2019 for MDaemon Email Server and Security Gateway for Email Servers

Looking for a secure, affordable email and collaboration server or email security gateway for your business? This month, we’re offering a 15% discount off the price of MDaemon Email Server (new purchases), and Security Gateway for Email Servers (new, renewal, and upgrades).

Comments? Question? Let us know. We’re here to help!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

New Feature: Email Health Check for Optimal Security Settings

Our latest version of MDaemon, MDaemon 17, comes packed with lots of new features for administrators and end users, including new password security, support for Let’sEncrypt, DropBox integration, message scheduling, and much more. Today, I’d like to demonstrate MDaemon’s new Health Check utility. With this handy new tool, administrators no longer have to go through each feature to verify that it’s configured for optimal security. This new tool will analyze all security-related settings, display each setting’s current value, its recommended value, and where that feature is located in the MDaemon interface. This tool offers administrators the flexibility to change all settings to their recommended value at the same time, or to select and change individual settings. In this tutorial video, I demonstrate how to use the new Health Check utility.

Need additional help? More guidance on the MDaemon Health Check utility can be found in this knowledge base article.

If you haven’t yet upgraded to MDaemon 17, check out the release notes and our previous blog post to see what you’re missing!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Get Aggressive at Fighting Spam by Re-training the Bayesian Learning Process in MDaemon

Fight spam with Bayesian Learning in MDaemon

In certain situations, it may be necessary to retrain your Bayesian Learning database. This can be necessary when spam messages are inadvertently placed in the Bayes non-spam folder, or when non-spam messages are placed in the Bayes spam folder.

To reset your Bayesian Learning and start training it again from scratch, you can perform the following steps:

1. Stop the MDaemon service.
2. Verify that the MDaemon executables (MDaemon.exe, CFEngine.exe, MDSpamD.exe, WorldClient.exe) have all exited memory using Windows task manager.
3. Rename the folder “/MDaemon/SpamAssassin/Bayes/” to”/MDaemon/SpamAssassin/Bayes.old/”
4. Re-launch MDaemon.
5. Go to Security | Spam Filter | Bayesian Classification, then click on the Learn button.

At this point, MDaemon recognizes that the Bayes folder isn’t there when the learn process is triggered, so it builds a new Bayes folder.

You will then need to feed Bayesian learning at least 200 spam and 200 non-spam messages (although the more the better) to start the Bayesian learning process again. Here is a knowledge base article on training the Bayesian learning process in MDaemon.

The Bayesian learning engine won’t process new messages until the administrator has taught it 200 spam and 200 non-spam messages. So even if an administrator were to manually press the Learn button OR have MDaemon learn automatically at midnight, the Bayesian engine  wouldn’t apply itself to new messages even though the new folder is created.

Once MDaemon recognizes that Bayesian learning has learned more than 200 spam and 200 non-spam messages, it will start applying what it has learned to new messages.

You can run a script to determine how many messages the Bayesian filter has learned from. This will come in handy for administrators who need to know how many more messages to feed the Bayesian filter. This process is explained in this knowledge base article.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Teach SecurityGateway to Recognize Spam

Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).

Administrator Instructions

Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.

  1. Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
  2. Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
  3. Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.

    Enable SGSpamD
    Enable SGSpamD
  4. Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.

    Enable Bayesian Classification
    Enable Bayesian Classification
  5. By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
  6. By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.

    Bayes Schedule
    Bayes Schedule
  7. SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are  placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.

    Known Spam Directory
    Known Spam Directory
  8. In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to spamlearn@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.

    Spam Forwarding Addresses
    Spam Forwarding Addresses
  9. Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.

    Bayes Size Limit
    Bayes Size Limit
  10. You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.

    Bayes Automatic Learning
    Bayes Automatic Learning
  11. Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
  12. Click Save and Close to save your changes.

End User Instructions

Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.

There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.

To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:

  1. Log into SecurityGateway.
  2. Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
  3. Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
    Mark Message as Spam
    Mark Message as Spam

    You will receive confirmation that the message was marked as spam.

    Marked as Spam Confirmation
    Marked as Spam Confirmation

To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: spamlearn@example.com). Note: SMTP authentication must be used.

If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.

Forward as Attachment
Forward as Attachment

When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.

Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Stop Spam & Malware with SecurityGateway – New SlideShare Presentation

Can you imagine what life would be like if we didn’t have anti-spam and anti-virus protection on our email servers and gateways? Users would be so flooded with spam, phishing attempts and malware that they’d have to scroll through many pages of email messages before finding a message that’s legitimate. A good anti-spam/anti-virus mail server or gateway will filter out the vast majority of this nonsense so that the end user can focus on his job.

Most mail servers have some form of built-in spam protection, however, administrators are often faced with these challenges

  • Not enough security features on the mail server to catch many of today’s evolving threats
  • The need for an extra layer of defense between the mail server and the internet
  • Lack of reporting features, which can be used to assess the effectiveness of your email security solution
  • Cumbersome configuration & confusing settings

SecurityGateway was created to address these issues. Many small-to-medium businesses trust  SecurityGateway to protect their inbound and outbound email from spam, phishing attempts, and malware.

The following is a brief presentation that describes SecurityGateway’s features.

 

Would you like to learn more about SecurityGateway? Click here to visit the SecurityGateway overview page, or click here to download your free trial.

 

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

How to Deal with Spam in SecurityGateway

SecurityGateway is a powerful email spam & malware filter & gateway that can be used to protect any type of mail server. It offers a layered approach to security, with protection features including data leak prevention, attachment filtering, heuristic and Bayesian analysis, zero-hour Outbreak Protection, and much more.

In today’s video tutorial, we demonstrate best practices for handling spam in SecurityGateway. Topics covered include:

  • How to mark a message as spam to teach the Bayesian learning process how to identify junk email messages, which helps to make the spam filter more accurate over time.
  • How to use whitelists and blacklists.
  • How to manage messages in your quarantine.
  • How to find specific messages in the Message Log.

If you’d like to learn more about SecurityGateway, then visit our SecurityGateway product page.

Or download your free trial to see how easy it is to use, and let us know if you have questions!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Training the Bayesian Spam Learning Engine in WorldClient

MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.

It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.

This knowledge base article provides a more thorough explanation of Bayesian Learning and how to train the Bayesian Learning engine.

This video explains further.

If you are an end user and you do not see the thumbs-up and thumbs-down icons in WorldClient, the MDaemon administrator can take steps outlined in this video and blog post to make those icons appear.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Messages based on Keywords in SecurityGateway

If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.

SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

MDaemon Spam Filter Deep-Dive Webinar

In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Rebuilding the Bayesian Learning Process in SecurityGateway

SecurityGateway and MDaemon both feature Bayesian learning, which allows administrators (or users, when authorized) to feed samples of spam and non-spam email messages to designated public folders. By default, when 200 samples of spam and 200 samples of non-spam have been placed in these folders, the Bayesian learning process will process these folders and feed their contents to a database of what are known as tokens – snippets of spam-like and ham-like (non-spam) content, basically. We all know that we humans are not infallible – people make mistakes, so it’s possible for messages to be fed to the wrong folders. When this happens, users may begin to receive more false-negatives (spam that was not caught by the spam filter) or you may accumulate a number of false positives (legitimate email messages that were flagged as spam by the spam filter). When this happens, it may be necessary to rebuild the Bayesian database. You may recall that I posted  a blog entry awhile back on how to rebuild the Bayesian database for MDaemon. You can read that post here. For SecurityGateway, the concepts are the same, but the navigation and file locations are different. The following tutorial video explains how to rebuild the Bayesian database in SecurityGateway.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •