Vol. 24, #10 - March 11, 2019 - Issue #1222

WServerNews: Reader feedback - Identifying email extortion

Enterprise protection at an SMB price

Image

Limited-time offer: small and medium-sized customers get a FREE Enterprise Edition to upgrade — a savings of up to 57% — when buying 12 CPU sockets or less of Veeam Availability Suite, Veeam Backup & Replication or Veeam Backup Essentials plus maintenance. Learn more

Editor's Corner

Last week in Issue #1221 Identifying email extortion of this newsletter I shared a story of how I identified a threatening email message I received about my machine being hacked as being a spoofed email. I ended by asking how our readers identify and deal with flood of spoofed emails and the threats they sometimes contain, and several of you responded with helpful comments on this subject. So in this week's newsletter we have a selection from the feedback we received from our readers on this topic. Enjoy, and don't forget to check out all the other useful, informative and entertaining stuff in this issue of WServerNews!

Cheers,
Mitch Tulloch, Senior Editor
WServerNews.com

 

Using an offending IPs list

Prof. PhD. Rafael Hernandez wrote to us as follows sharing how the company he manages handles emails like the one I received last week:

Hi Mitch, I had a nice reading of your newsletter today regarding email extortion. Interesting analysis. As you have asked us to tell you how we deal with such emails, I can tell you that the company I manage has been creating an Offending IPs list:

http://www.wservernews.com/go/i9v708z8/

for the last few years and that the IPs from where I receive such emails are included into such list. This way I do not keep receiving such emails from the same IP and I force the extortionist to get and use another IP before he can send me any other letter, be it from a mobile phone or from a pc/laptop. They usually change email address and subject to fool your spam filters, but they do not have a wide number of IPs to use for such. The most insistent one I remember was using about 23 IPs. Once I added them to the offending IPs list I never received any other extortion mail from him. I here below include the list of IPs and the address names he used for you can check he was using a network of hacked systems to do his extorting attempts.

181.192.62.208 [email protected]
139.255.83.123 [email protected]
182.160.112.66 [email protected]
160.19.101.126 [email protected]
117.4.236.98 [email protected]
2.134.171.216 [email protected]
31.47.136.194 [email protected]
61.1.52.232 [email protected]
36.47.141.142 [email protected]
37.212.30.96 [email protected]
139.5.28.207 [email protected]
103.108.157.25 [email protected]
27.3.192.240 [email protected]
113.22.115.103 [email protected]
124.239.251.7 [email protected]
94.128.86.39 [email protected]
125.214.56.235 [email protected]
92.125.135.114 [email protected]
147.30.139.68 [email protected]
186.35.64.125 [email protected]
2.133.180.218 [email protected]
145.255.9.81 [email protected]
182.185.7.180 [email protected]
62.182.200.78 [email protected]

No need to say that I am sure about the fact that nobody is going to send you an extorting email from his own mobile because he can be caught as soon as you file the due complaint against the extortionist and include the sender's IP. The extorter is probably sending you the mail from a hacked device. Once said so, if you are thinking about the loss of functionality of my Offending IPs list customers systems (web, email, online databases, etcetera), they do not worry about at all due to the fact that a few IPs that may be used for extorting are a water drop in the ocean of Internet. If the ISPs do not mind about preventing such abuse on their resources, we do not mind of putting their misused IPs into our list. 

Much more important is the number of IPS used for hacking and abusing attempts that have been recorded inside our Offending IPs list. It has now more than 70.000 IPs that we offer our customers, for a very low monthly fee, so they can upload it to their firewalls and update it several times a day. I do believe that a good security infrastructure for our connected systems begins with the best perimeter defense.

Have any other of our readers used this service provided by i4conAnalytics or use a similar service from some other cybersecurity company? Email us your comments and experiences: [email protected]

 

Steps for verifying emails

Longtime reader Ian S. Lindsay also had some tips he shared on how you can verify whether an email you received might be a spear phishing attack:

Hey Mitch, Funny, I got that exact same email. Almost word for word. It was actually in my Junk mail, not the inbox. I usually give my junk mail a cursory look, to check for thinks that may get there when they shouldn't. This only caught my eye because they referenced an old mail password that had gotten hacked years ago, like 8 to 10 years. And that password had long been changed and not used again. That was the only reason I even gave it a second look.

I do 3 main things to 'verify' the emails. First, I verify the from email address. If it is a 'friend', I make sure it is the right address. If it purports to be form a company I deal with, I make sure the domains are correct. Next, I look for proper grammar in the email. It is pretty easy to tell when a non-English person wrote the message. Simple typos, verbs in the wrong tense, etc. Lastly, I check the URLs they are trying to send me to. But this is getting more difficult as Microsoft has added a URL checker service to Outlook. Now you get this which is more difficult to verify:

Image

 

My first check (email address is correct) led me to an interesting one. There is an even more interesting spear phishing attack going on right now. The attackers are going after contacts from accounts that they already captured. My Mother's account was compromised. I got an email from her, and the address was correct, so I looked a little deeper. They sent me an email saying it was a link to OneDrive, with an attached PDF which I assume was infected. The link goes to a site "specialeventcruises . com" and tries to get you to enter your credentials on a fake web page. 

The more interesting thing is they are monitoring the accounts and replying to emails. I verified my mother was not on the computer at the time, then I opened my mother's email to watch it. I sent my mother some emails that AM. My 'mother' replied to them, trying to tell me that the site was fine. So, I asked for my sister's name, they got that right, must be checking social media. However, they got my older brothers name wrong. :) Oops, I don't have one! All while I was on the phone with my parents; who were not on the PC. The funny part it that my mother had been complaining to me that she would be in Outlook and see an email appear in her Inbox, and then disappear. I could not figure out what was going on, until this.

So, be careful out there!

Thanks, and have a great day!

What other tips to you readers have for identifying possible phishing and extortion emails? Email us your suggestions so other readers can benefit from your expertise: [email protected]

 

False warnings

Finally, reader Bruce Millar wrote to us to tell us that last week's WServerNews email triggered a warning when he opened it in Gmail:

Your recent issue came up with a gmail warning:

Image

I found this quite funny given the topic of last week's issue. It only goes to prove I suppose that even a zillion dollar company like Google (Alphabet) that says it's betting the company on AI still has trouble identifying whether emails are phishing attempts.

Bruce then continued by asking a question that perhaps some of our readers may be able to respond concerning:

I wonder if one could set up a server in it's own domain to receive forwarded emails and strip the intermediate addresses and stuff and then reply to the originator with a standard undeliverable response. If every spammer got a flood of those from all their output it might equate to a DOS attack on their machines. I read a comment (that I cannot find to copy and paste now) in one of Randy Cassingham's This is True series. Mike from Michigan commented that he collected a lot of spams to "analize" them. That made me think of the email address for such a referral server being 'butthole of the [email protected]'

Email us at [email protected] if you're an email expert and have any thoughts about this or any other aspect of dealing with phishing emails, one of the biggest security issues companies face today. 


 

Tip of the Week

Got any IT pro tips you'd like to share with other readers of our newsletter? Email us at [email protected]

Previewing PDFs in File Explorer

The Electric Wand has a helpful tip on how you can preview PDFs in File Explorer a.k.a. Windows Explorer:

http://www.wservernews.com/go/0kva88l4/

 


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without 

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Join Veeam for a series of global webinars about Veeam’s partnership with AWS! We’ll cover all sorts of information about the AWS cloud, Veeam cloud tier and Veeam Availability for AWS.

http://www.wservernews.com/go/10ly74dp/

Do your co-workers ask you to find and restore emails from backups? With a professional email archive users can restore emails on their own. Try MailStore Server and its ‘One-Click Restore’ free for 30 days.

http://www.wservernews.com/go/h6bl6hgp/

Host Profiles CLI Fling (hostprofilescli) is a command-line utility that allows vSphere administrators to perform several operations with Host Profiles that are either not currently possible through existing user interfaces, or possible only through graphical interfaces:

http://www.wservernews.com/go/nncseurw/

Active Directory Replication PowerShell Module makes checking Active Directory replication easier and richer than repadmin.exe:

http://www.wservernews.com/go/u0junv95/

SBGuard Anti-Ransomware is a free tool which can protect your Windows PC against Ransomware like CryptoLocker, CryptoWall, TeslaCrypt, CryptoXXX, CTB-Locker, Zepto and others:

http://www.wservernews.com/go/rizp6grf/

 



Factoid - The downside of electric cars

Last week's factoid and question  was this:

Fact: Starbucks' music is driving employees nuts!

Question: What kind of music would you prefer your local coffee shop to play over their speakers?

Doug a Systems Administrator in Iowa answered this one for us:

Answer: The Ruttles, Garfield and Oats, Spinal Tap, Weird Al Yankovic, Sing along with Mitch (Miller).

I knew the last two but I had to look the other ones up and I couldn't find Garfield and Oats anywhere…

Oops. Typo. Its Garfunkle and Oats, not Garfield. My mistake.

That's better :-/

Now let's move on to this week's factoid:

Fact: Electric cars may be good for the environment but they're likely to be bad for America's system of highways and roads. That's because federal, state and local governments rely on fuel taxes for the money needed to fix potholes and repair crumbling roads:

Sourcehttp://www.wservernews.com/go/iu1mkuzh/

Question: How do you think U.S. federal, state and local governments will respond to this problem? And what about other jurisdictions like the UK, Europe, Australia, Canada etc? Is road maintenance funded differently in your country? 

Email your answer to [email protected]

 

 

Conference calendar

>> Got an IT conference happening in North America that you'd like to promote in our newsletter? Email us at [email protected]

Microsoft Ignite 2019

Nov 4-8, 2019 in Orlando, Florida

http://www.wservernews.com/go/d9xi0005/

 

Microsoft Ignite -- The Tour

Register for your city's Tour event here:

http://www.wservernews.com/go/okhpsmfz/


More Microsoft conferences

Microsoft Business Applications Summit - June 10-11 in Atlanta, Georgia

http://www.wservernews.com/go/yui2tnpn/

Microsoft DevDays - June 17-21 in Redmond, Washington USA

http://www.wservernews.com/go/p78mouq1/

Microsoft Inspire - July 14-18 in Las Vegas, Nevada USA

http://www.wservernews.com/go/qeezs2nz/


Infosec conferences

Black Hat Asia - March 26-29 in Singapore

http://www.wservernews.com/go/cebhl86y/

Cyber Security Summit - April 4 in Denver, Colorado USA

http://www.wservernews.com/go/kxz22as6/

Cyber Security Summit - April 25 in Philadelphia, Pennsylvania USA

http://www.wservernews.com/go/dftvpw2f/

European Identity & Cloud Conference - May 14-17 in Munich, Germany

http://www.wservernews.com/go/g7u3hhj7/

Cyber Security Summit - May 15 in Dallas, Texas USA

http://www.wservernews.com/go/hf72jmbf/

Infosecurity Europe - June 4-6 in London, England

http://www.wservernews.com/go/zz0h6wxg/

Gartner Security & Risk Management Summit - June 17-20 in National Harbor, Maryland USA

http://www.wservernews.com/go/502kt8ez/

Cyber Security Summit - June 27 in Washington D.C. USA

http://www.wservernews.com/go/ywyrbvrk/


Other conferences

IT Nation Connect - March 25-27 in Gold Coast, Australia

http://www.wservernews.com/go/0z9hp3e6/

Dell Technologies World - April 29 to May 2 in Las Vegas, Nevada USA

http://www.wservernews.com/go/89b485yg/

SharePoint Fest - April 29 to May 3 in Washington D.C. USA

http://www.wservernews.com/go/brw5xzcr/

VeeamON (Veeam) - May 20-22 in Miami, Florida USA

http://www.wservernews.com/go/usmusfxm/

Citrix Synergy - May 21-23 in Atlanta, Georgia USA

http://www.wservernews.com/go/g1afpxyg/

SharePoint Conference - May 21-23 in Las Vegas, Nevada USA

http://www.wservernews.com/go/qp1qbp49/

Computex - May 28 to June 1 in Taipei, Taiwan

http://www.wservernews.com/go/i3mythcf/

Microsoft Azure + AI Conference - ;June 10-13 in Atlanta, Georgia

http://www.wservernews.com/go/vonr1bbb/

Cloud & DevOps World - June 12-13 in London, England

http://www.wservernews.com/go/0azcmcc0/


 

New on TechGenix.com

Cisco Intersight virtual appliance provides improved data control features

The Cisco Intersight virtual appliance is for organizations that have security requirements for systems stored on the edge or in traditional datacenters.

http://www.wservernews.com/go/evz4q3ao/


Microsoft: No more updates for OS using SHA-1 encryption

SHA-1 encryption was determined to be ineffective 14 years ago. Microsoft is finally taking steps to eliminate it once and for all.

http://www.wservernews.com/go/zmzwbqx3/


Top 6 biggest cloud computing acquisitions of 2018

As cloud computing becomes the norm, bigger companies are snapping up smaller ones. Here are last year's top cloud computing acquisitions.

http://www.wservernews.com/go/aezw2qut/


Slack vs. Microsoft Teams: The battle is heating up

Slack is the go-to collaboration tool for many, but Microsoft Teams is closing the gap. This battle between startup and established giant is just beginning.

http://www.wservernews.com/go/wl2vukz5/


Xtreme Podcast: Is Microsoft boarding up Windows?

This week's Xtreme Podcast: Hey Microsoft and Apple — what's the big idea? Also, cash isn't king, but cloud service providers are.

http://www.wservernews.com/go/5bwknbgp/

 

 

Fun videos from Flixxy

Image

Dog Works At The Information Desk

Wouldn't you be happy to see a dog at an informational kiosk?

http://www.wservernews.com/go/6hfb8yz7/


Free Solo Slacklining Untethered - World Record

Spencer Seabrooke breaks the world record for the longest free solo slackline ever - untethered:

http://www.wservernews.com/go/qirjweyg/


Real Life Trick Shots - Part 3 - Dude Perfect

The guys from Dude Perfect, a Texas-based trick shot group, are back with another impressive round of trick shots involving household objects and everyday tasks:

http://www.wservernews.com/go/8z8es33g/


Freddie Mercury Wind Tunnel - Bohemian Flightsody

A flying tribute to Freddie Mercury performed by Fred Fernandez at The Wind Games 2019:

http://www.wservernews.com/go/evrhzzqm/

 

 More articles of Interest

Understand Microsoft Windows Virtual Desktop and its benefits

Microsoft is bringing its virtual desktop offerings into the cloud era. Learn more here.

http://www.wservernews.com/go/lgy9yjle/


Windows Server 2019 RDSH Drops Office 365 ProPlus Support

Microsoft hopes to accelerate customer cloud desktop adoption when it makes the Office 365 ProPlus suite a cloud-only product for Windows Server 2019 RDSH users. Keep reading now.

http://www.wservernews.com/go/nqvwgpv1/


Explore New iOS Security Features

Discover the latest features from Apple and the new iOS 12, an operating system that will give IT more control over iOS device management and security in the enterprise. Learn more here.

http://www.wservernews.com/go/guxdlp8e/


How to Start Using Ansible for Windows Management

Ansible is a configuration management offering that runs on Linux but controls Windows systems with PowerShell. Find out how to get the tool running in your data center.

http://www.wservernews.com/go/el3hva1m/

 

Need help from the IT pro community?

WServerNews goes out each week to more than 500,000 IT pro subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected] 

 

Send us your feedback!

Got feedback about anything in this issue of WServerNews? Email us at [email protected]

 

WServerNews - Product of the Week

Enterprise protection at an SMB price

Image

Limited-time offer: small and medium-sized customers get a FREE Enterprise Edition to upgrade — a savings of up to 57% — when buying 12 CPU sockets or less of Veeam Availability Suite, Veeam Backup & Replication or Veeam Backup Essentials plus maintenance. Learn more

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.