Let’s Talk Phishing – Part 2

30 Jan, 2020 John W. Account Controls, Education, Email, Encryption, Hosting, law, legal, Mail Server, Multi-Factor Authentication, News & Updates, Phishing, privacy, Security & Safety, Technical Support, Tips & Helpful Information, Zimbra

Earlier this week we talked about what phishing is and how these criminals try so hard to trick you out of your sensitive personal data. Now, we will cover how to identify phishing and discuss steps you can take to protect yourself and/or your company.

Tips to identify a phishing email

Watch for items that stick out such as:

• Manny spelling errors
• Grammåticål errors (Unusual çharacters, Case, bold text, or italics use.)
• Hidden or incorrect links. To test, hover over link to see an unauthorized address.
• From: or To: address that seems unusual.

Here is an example of a real phishing attempt (malicious links removed). See if you can identify clues in the example below.

From: “XMISSION IT Help Desk” <landspeedrecord@example.com>
To: user@yourdomain.example.com
Subject: Dear XMISSION Email User

Do you see any signs that it’s a scam?

Let’s take a look.

• The email looks like it’s from a company you may know and trust: XMission. It even uses our logo (from 1999) and faked headers.
• The email says your account is at risk because of unusual activity. If an account really has suspicious activity, most service providers will lock your mailbox and have you call in.
• The email has a generic greeting with unusual case and spelling errors, “Dear XMISSION Zimbr Email User.”
• The email urgently invites you to click on a link to update your authentication details by entering your username and password.

Protect yourself

The easiest steps to stay safe are:

• Do not click links in emails unless you were expecting the email.
• Never reply to emails that ask for personal/confidential information.
• Tell someone right away. If you are at work, tell your manager. As well, all XMission customers can forward the email to spam@xmission.com and then promptly tag it as spam or move it to Junk folder. 

After the above steps it is time to review you password practices, browser and mail application settings, and understand training options.

Passwords

Strong passwords, which you never share, are always the best practical step to securing your mailbox.

• Use a password manager. Quality password managers include; Bitwarden, KeePassXC, 1Password, and LastPass
• Do not use the same password for multiple accounts.
• Never re-use old passwords from previous websites as phishing criminals can and will track your meta data and will try your previously compromised passwords on other websites. (This is the second most successful way mailboxes are compromised.)
• Use passphrases for your password as they have very reasonable security when using 17+ characters. Password managers will create secure passwords. Update your password once a year.
• Create unusual login credentials using suffix-support on sites that allow it.

Multi-factor authentication

Business mailboxes on our Zimbra system and Personal Premium @xmission.com mailboxes should use multi-factor authentication. Even if you were to accidentally provide a phisher with credentials, the authentication would fail because they are missing the second authentication factor required after the password. It’s like having different keys for your door handle and deadbolt.

Be aware of your browser and application settings.

• Webmail and mail application settings should always be set to show the full email address of the sender rather than only the friendly name of the sender. Example: Sender may show as “XMission Support” for the friendly name but the phish uses a non-matching domain, “XMission Support” <landspeed@unusualdomain.example.net>
• When using webmail and email applications, set preferences to never open images by default. “[ ] Display external images automatically in HTML email.” Make sure this is unchecked.
• Hover over the web links first and make sure the destination link matches the sender and that it uses https. If the link looks unusual, or is not shown, do not open it and go directly to the vendor website.
• If the website has requires unexpected verification or has a URL that does not match the logos and proper provider name, do not open it.
• Web browser settings should be changed to prevent fraudulent websites from opening. Modern browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown. The settings of the browser should only allow reliable websites to open up.
• Install and use privacy and protection browser plug-ins from trusted vendors such as Privacy Badger and UBlock Origin.

Other tips and training

• Take the FTC phishing quiz!
• Watch phishing and scam awareness videos on YouTube.
• Ask your organization to provide security awareness training to employees to recognize the risks.
• Companies are encouraged to set SPF and DKIM records for your mail domains to prevent spoofing.

Final few notes from XMission

The accurate and safe ways to contact XMission support team are published on our site.

Call our office: 1-877-XMISSION (877-864-7746) or 801-539-0852
Chat with support
Online help
Status updates

If your XMission account becomes past due and is subject to disconnection, we will refer you to login to the XMission Control panel to make payments or changes to your account.

John Webster, XMission Email Product Manager and Zimbra evangelist, has worked at XMission for over 24 years doing his favorite thing: helping companies securely communicate with customers through technology to grow their business. When he’s not uncovering Zimbra’s secrets you might find him in our beautiful Utah mountains.  Connect with him on LinkedIn today!

Let’s Talk Phishing – Part 1 Call Screening from XMission Voice Will Ease Your Spam-call Pain