Secure by Design

Helping You Make Sense of the Internet.

My Homepage
My Account
Web Mail

Archive for the ‘Security Alerts’ Category

* Recent Email Scams

Posted on December 28th, 2016 by Kirk. Filed under Security Alerts.


There has been an increase in the last 4-6 weeks in “Phishing” email scams that are looking to trick people into either giving out their email login information or financial information. The increase is most likely timed to take advantage of the holidays, when people are busy and IT departments have staff on holidays.  In all cases, the links do not point to the real site, and most from addresses are fake as well.  Most of these have been sent from real email accounts on legitimate systems that have been hijacked and used to send out spam, so the server and account aren’t on any blacklists. The account is only used for a short time and then a new account is selected.

What to do:

  • Flag the message as “Junk” or “Spam” in your email program (Outlook, Mail, and Thunderbird all have this option)
  • Use a strong password for your email account
  • Do not use your email account password for any other service
  • Look at the from email address and check that it’s valid
  • Hover your mouse pointer over the link (don’t click), to see where it goes on the bottom of the screen

What to look for:

.

    Comments Off on Recent Email Scams


* Are you receiving emailed links from Facebook friends?

Posted on January 22nd, 2013 by Kirk. Filed under Security Alerts.


Since last August, we’ve been receiving junk emails that appear to be a Facebook friend and contain a single link (see sample below). The actual email address used is usually a yahoo address. It’s not terribly frequent but it is annoying. We had a customer call in about it, so it seems to be more widespread.

The usual advice applies: Delete the message on sight, and don’t trust strange links even if it seems to be from a friend.

Facebook Scam

Example Facebook Scam Email

I found a couple articles about this problem:

  1. http://www.forbes.com/sites/davidewalt/2012/08/29/facebook-spam-email-spear-phishing/
  2. http://news.cnet.com/8301-1009_3-57507648-83/spam-from-friends-is-actually-result-of-facebook-hole/

.

    Comments Off on Are you receiving emailed links from Facebook friends?


* Two Email Scams on the Weekend

Posted on December 17th, 2012 by Kirk. Filed under Security Alerts.


Two different email scams were launched over the weekend by criminals looking to trick unsuspecting people into providing their email usernames and passwords. One email appeared to come from Microsoft, and the other from “Netidea.com Customer Service”. Both emails used convincing fake webmail login forms that look quite real, but are not and are designed to provide your username and password to them. Once they have access to a stolen email account, it is used to sent out spam through our servers to avoid blacklists and spam filters.

If you have filled in either of these two forms, you will need to change your password right away. You can change your password yourself on our web site by clicking on the Account icon on the top right corner of our screen. The proper internet addresss (URL) for our online account page always starts with: https://www.secure-by-design.com/

Valid email login pages for our webmail service are:

  1. https://mail.secure-by-design.com/
  2. https://mail.netidea.com/
  3. https://zimbra.sbdemail.com/

The domain (mail.secure-by-design.com) should always be followed by a slash, and come immediately after the https:// or http://. For example, https://mail.secure-by-design.com.someothersite.com//wp-content/images/login.htm looks almost right, but has a period instead of a slash, and would point to a fake page.

As always, be careful when visiting any site that you have to provide a username and password for. Be sure to watch for changes in the address bar, as often that is the only thing that gives away a forgery!

Here are some screen grabs of the fake emails and the fake login pages:

Fake Microsoft Email

Fake Microsoft Email

Fake Outlook Web Access

Fake Outlook Web Access

Email from netidea.com "customer service"

Fraudulent email from netidea.com “customer service”

False Webmail Login Page

False Webmail Login Page

Sincerely,
Kirk Ismay

Secure by Design Technology

.

    Comments Off on Two Email Scams on the Weekend


* New Phishing Scam – New Secure Mail Regarding Your Net Idea Webmail.

Posted on October 17th, 2011 by Kirk. Filed under Security Alerts.


If you get an email that looks like the following, do not click on the link. There’s nothing wrong with our webmail, and we never need to email you and ask for your password. Our spam filter has been picking this up, so not many people will actually see it.

Regards,

Kirk

From: Net Idea Webmail Service <online.service@netidea.com>
Date: October 17, 2011 12:39:16 PM PDT
Subject: New Secure Mail Regarding Your Net Idea Webmail.

You have 1 important mail alert!

We strongly advise you should update your account and resolve the problem.

Click here to proceed

Failure to do this will lead to your account been suspended or de-activated.

Thanks for your co-operation.

Yours Sincerely

Net Idea Webmail Service

.

    Comments Off on New Phishing Scam – New Secure Mail Regarding Your Net Idea Webmail.


* New ‘MACDefender’ Malware Threat for Mac OS X

Posted on May 5th, 2011 by Kirk. Filed under Security Alerts.


There is a malware (malicious software) threat that can affect all Mac OS X systems.  Users running with Administrator level accounts with Safari set to open safe files automatically are particularly at risk.  This program pretends to be an AntiVirus program for Mac OS, but isn’t really.  If you see this on your screen, close it immediately:

MacDefender Malware Screenshot

Those responsible for spreading the malware are exploiting users’ interest in late breaking news about Bin Laden’s death, however, other avenues are possible.

For more information see the following bulletins:

http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/

http://isc.sans.edu/diary.html?storyid=10813

Tags: , .

    Comments Off on New ‘MACDefender’ Malware Threat for Mac OS X


* Scam: Secure by Design / Account User…

Posted on October 29th, 2010 by Kirk. Filed under Security Alerts.



The following message is a phishing scam and should be deleted on sight.  Whoever it is is after your password, most likely to send out more of the same.

From: “Secure by Design Service” <dbricket@colby.edu>
Friday, October 29, 2010 2:36 PM
Subject: Secure by Design / Account User Upgrading Exercise!

Attn: Mail-Box User Quarantine Notification:

This is to inform you that the www.netidea.com Web Mail is migrating to a new spam filtering service, which improves the ability to identify and block spam,“phishing” attempts and other undesirable messages  that flood our email system on a daily basis. and also a mail box user quarantine exercise is currently going on. we are carrying out a (inactive email-accounts / spam protecting) clean-up process to enable service upgrade efficiency.

Please be informed that  we  will delete all mailbox account user that do not adhere to this notice. You are to provide your email account details as requested by Clicking Here for Quarantine exercise and  protection against spam and for secure upgrading.
This will confirm your www.netidea.com Mailbox login/usage Frequency):

— – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
—- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Secure by Design Service.
Copyright © 2010 Secure by Design. All rights reserved.

.

    Comments Off on Scam: Secure by Design / Account User…


* Norton Safeweb False Alarm

Posted on October 1st, 2010 by Kirk. Filed under Security Alerts, Support.


The Norton Safeweb service is presently identifying our site as having a “Malformed container violation“. Clicking on their link to read about this threat does not contain any useful information.  I am presently exchanging some emails with the staff  at Symantec to determine what the problem is.  It seems to have a problem with our RSS feed, at: http://www.secure-by-design.com/feed/

I uploaded the feed file to VirusTotal, an online service that will scan a file using multiple antivirus products.  It did not detect any problems. Neither did AVG’s Linkscanner.  Here are the VirusTotal Reports:

One possibility is that our feeds include some examples of phishing and virus infected emails, which might be the trigger. Or there is an invalid html tag or code in the feed itself.

Unless Norton can produce some concrete evidence of an infection that I can verify with another tool, I am treating this a false alarm.

.

    Comments Off on Norton Safeweb False Alarm


* Scam: Final Warning!!! We Will Delete …

Posted on September 15th, 2010 by Kirk. Filed under Security Alerts.


Another scam email is making the rounds today.  Delete the message ‘Final Warning!!! We Will Delete Your E-mail Account.. So Update.’ on sight.  A common feature of these scams is the email appears to be from @netidea.com, but the Reply To address is not.

Here’s an example:

Date: Wed, 15 Sep 2010 07:57:01 +0300 (EEST)
Subject: Final Warning!!! We Will Delete Your E-mail Account.. So Update.
From: "Net Idea." <info@netidea.com>
Reply-To: chenguandesk@aol.com
Dear Email Account User,

We are advising you to change the password on your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated, all Mailhub systems will undergo
regularly scheduled maintenance. Access to your e-mail via the Webmail
client will be unavailable for some time during this maintenance period.



We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.



In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.


To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.


Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)



Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.



We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.


It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.



COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.




.

    Comments Off on Scam: Final Warning!!! We Will Delete …


* ‘ACCOUNT UPGRADE’ emails are fake.

Posted on June 18th, 2010 by Kirk. Filed under Announcements, Security Alerts.


The following message is a fraud, they’re just looking for your password, but you knew that right?

From: NETIDEA WEBMAIL ACCOUNT <nana@cebridge.net>
Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK.
Reply-To: nana@cebridge.net
Date: Fri, 18 Jun 2010 08:31:18 -0400

We are currently performing maintenance for all our NETIDEA CUSTOMERS
WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for
better online services. In order to ensure you do not experience service
interruption, Please you must reply to this email immediately and enter
your password here () and username (). Check out your new features and
enhancements with your new and improved webmail account, To enable us
upgrade your mail Account for better online services please reply to
this mail. Thank You for Using our WEBMAIL ACCOUNT.

.

    Comments Off on ‘ACCOUNT UPGRADE’ emails are fake.


* Two New Email Scams

Posted on April 27th, 2010 by Kirk. Filed under Announcements, Security Alerts.


Delete the following messages on sight, as they are bogus emails.  They are fairly suspicious looking.

The first one contains a link to a suspicious settings.exe file. The link below has been modified to prevent problems, you do not want to download that file.

From: "netidea.com support" <abolishingsn@rivieramail.com>
To: <nobody@netidea.com>
Subject: netidea.com account notification
Date: Mon, 26 Apr 2010 20:25:03 +0800

Dear Customer,

This e-mail was send by netidea.com to notify you that we have temporanly prevented
access to your account.

We have reasons to beleive that your account may have been accessed by someone else.
Please run this file and Follow instructions:

http://mailservicessss DOT bravehost DOT com/settings DOT exe

(C) netidea.com

The second includes an attached PDF file (doc.pdf) that is infected with a virus:

From: "customersupport@netidea.com" <customersupport@netidea.com>
To: <user@netidea.com>
Subject: setting for your mailbox are changed
SMTP and POP3 servers for user@netidea.com mailbox are changed. Please carefully read
the attached instructions before updating settings.

<doc.pdf>

.

    Comments Off on Two New Email Scams


css.php