Mark as Junk to Fight against Cybercriminals

If you see any suspicious email, you should mark it as SPAM or JUNK or Phishing, instead of deleting it. I have seen many users who just delete suspicious file and unfortunately, there are people in area of security who ask users to delete unknown and suspicious emails. The question is when should we delete email and when mark them as spam? We are deleting emails, when we know it is trustworthy and we could ask sender to stop sending such email or unsubscribe from the email and to free up our mailbox, we will delete them. But if email came from unknown source and we couldn’t trust the email or it has any suspicious behavior, we shouldn’t just delete them and instead we should mark it as spam. This would help our email spamming system to fight against spammer and cybercriminals. It also help legal authorities to have better evidence when fighting against spammers and they could say thousands of our user requesting us to block this guy and we ask them to stop spamming and they refused so we bring them to court. Sometimes, email might come from your trusted friend and it seems suspicious, in this case, you should call your friend and ask them to check basic security steps like check for malwares, change passwords and check with email provider to see whether is there any suspicious behavior with their email or not. If you are using Microsoft Account, there are good description about things you could do here. It is better to contact them by phone or other mean of communication than email, because we are not sure whether your friend’s email have been hacked or not. One interesting feature in Microsoft Outlook.com email is you could mark your friend’s email have been hacked and this would help your friend. It is drop list near the Junk in Outlook.com, where you mark email as Junk or Spam.

We as security professional, should teach our users to mark suspicious emails as Junk or Spam, instead of deleting them. So we will know what emails are trying to harm users and which one are just taking some extra space. In term of Junk or Spam, it is matter of cybercrime and in some cases, they might carry dangerous attachments which might contain new malwares and report as junk or spam, would help us to identify new threats and even unknown or 0-days vulnerability. To make this matter clear for users, I would ask them to consider your home, sometimes, you need to do cleaning and remove dusts and you will see some piece of paper like old receipts which you don’t need them any longer , but they won’t harm you and you just throw them out , to make your home cleaner. But imagine, if someone send you something dangerous. Let say it is a package which might contain bomb or it is a letter convince you to leave your home at specific hour (so may be someone could come into your home during those hours and commit robbery), you won’t just throw it out. You will place it outside your home and call police or other legal authorities. Marking email as Junk or just Delete them is like this. So you should be careful, whether you should delete email or mark it as junk.

 

My Email been Hacked!!!!

It might happen to everyone that someone or something gain access to your email. Your contact list could expose to others. Email on your behalf might send to others or your friends. Some of these emails, might contains Malware (Virus, Worm, Trojan, Spyware..,) and infect the receiver. You might not be able to login in your email and many other bad things might happen. In order to prevent such incidents, let’s discuss about how someone could gain access to your account. One common possible way is using hacking tools, someone might use tools to discover vulnerability in your system or ask you download some tools that gain unauthorized access. Another possible scenario is type of social engineering attacks. For example, you might use same password as your email for other websites and then one of those websites might get hacked and your password expose or it could be a phishing website. Another case, could be if you write down your password somewhere and someone read it or when you type your password, someone see it from your typing or record your typing using video and slow it down and view it later. It is possible to find password using recovery password methods, for example your security question could be “what is your favorite football team?” and many of your friends would know the answer. In other case, you might wrote your favorites or what you do in a website or you did an interview with press or someone find you lost diary and find about your favorites and answer question to password recovery. Such methods been around for many years and there been several warnings about such incidents, however every day many people report about their accounts been hacked by such techniques.

In case that someone trying to hack into your account using software (it could be someone that know you or someone who just looking for some target without knowing about them), you should keep your system protected. There are cases that certain software known as bots would randomly search PCs and finding vulnerability and use those vulnerabilities to copy them into the system and collect information such as username and password and send it to a server or from your email send unauthorized email to all your contact or certain people. In order to protect yourself, update your Windows and make sure your have Anti-Malware Software and Firewall and they are on. One easy way to check is open Control Panel  and then open Windows Security Center (Windows XP & Windows Vista) or Action Center (Windows 7 & Windows 8) and see your security status, is it okay or at risk? And do actions if needed (such as Update Windows, install Anti-Malware, etc). Other than that, you should make sure that all other software in your PC is update. For example, if you are using Java, make sure it set to check for update and you install all updates. Such actions would help you a lot and protects you against most of email hacking. If you want to do a quick test for Malware infection, you could run Microsoft Safety Scanner and make sure you run a full system scan. If there was any infection, you could click on that and if you have internet access read detail about it or write down their names and search later. Those details will give you good idea of what happened in your system. For example, it explain that one particular Malware is sending email on your behalf and if there is any other action that you should take to fully remove it.

You should concern about password recovery, just imagine if you don’t have access to your email or it been hacked, how could you reset your password? If you use security question, make sure it is known only to you and not something that everyone knows. You could also use different ways such as configure to do password recovery using SMS or Trusted PC or another email. Your password should be strong and not guessable. Strong password consist of alphabet uppercase (A-Z) and lowercase (a-z) and symbols (! @, #…) and numbers (0-9) and should mix of them and is long at least 7 to 8 character. Also, don’t write your password and make sure it is something that you only know and could memorize it. Your password recovery question that you chose when you want recover your password is as important as password itself and should not be guessable.

In case that you or anyone faces email hacking, do these steps:

  1. Run a full system scan with Microsoft Safety Scanner and read detail description of Malwares
  2. Update your Windows and check Action Center or Windows Security Center and see if something is wrong with your Windows Security or not?
  3. Change your email password
  4. Report it to your IT Admin (in company) or Email Provider and follow their guidance.
  5. If you are using any of below emails please follow their help in case of email hacking:

Use it once…

In order to access your account or check you email, you have to enter your username and password. Your username is usually your email and other people for example your friends might know it, but the main important thing is your password. Without password you could NOT enter your account in most of the time and the bad thing about password is that if bad people know your password then they could access your account. Microsoft comes with interesting idea in Windows Live ID that protects your password. What is happening is that instead of using your password and enter your password to enter your account you will use single use code that send to your mobile and after it been used it will expire and you should use another one. It is great thing for public area or public networks. Sometimes you should check your email and you don’t have your mobile phone to check your email using Hotmail mobile or your mobile is out of battery, then you will use your public network such as School, your friend’s PC or other public internet. The bad thing here is that the PC might be infected with software that store whatever you type, they are known as keylogger. Keylogger will store whatever you type and bad people could refer that to find your password. When you are in public it is hard to exam and find whether PC is safe or not, sometime they don’t have Anti-Virus or PC run in Standard or Guest user and not Administrator. And if someone access or find your password then could access everything. We always suggest and recommend user to check privacy statement of public network and do quick security test in order to make sure system is safe. New feature in Windows Live ID will give you better protection against this type of attacks that you don’t have to enter your original password and you enter temporary could that will expire after usage or after a time. If this could capture then it could NOT be use because it is temporary and will expire. System is work very simple, in first step you will browse to login page such as when you want to check your email and you will see option: Get a single-use code to sign in with

 

 If you click on it then a new page will come up, then you could type your Windows Live ID and Single use code, it will send to you be SMS, therefore you should request to send it by SMS by click on: Request a code, then select your country and then type your information such as phone number and you will receive SMS that contain that code.

 

 Once you use it that’s it. If bad guys get your code then they could NOT reuse it and your account is safe because you didn’t use your original password. If system is not available in your country you could click on feedback and request it, it wills NOT available right away but Windows Live Team will review and make service available base on request.

 

 

 

 

 

 

 

Delete or Set Spam?

Spam or Junk mail is email that will send to you without your knowledge and without your permission and mostly try to do advertising or sometimes try to act as phishing or infecting your PC. Many of technologies and tools are help us to protect ourselves against these things. In industry level Microsoft introduced a great product called Exchange Server. It come with new technology to help Mail Administrators or IT Administers, have control over their mailing environment and also make possibility for them to access from any where and any place . This product come with Anti-Spam filter and if you configure it correctly most of the Spam will block in Mail Server without reach to clients PC or Clients Emails. However sometimes Spam might get into your email client software and you should do some actions or may be your Email provider does NOT provide you a good Anti-Spam (May be you don’t have Exchange Server  J ) in that case you should make sure your email client is configure with Anti-Spam filter. In email Client, you use some email software such as Microsoft Windows Mail (NOT Hotmail) or Microsoft Office Outlook or any other email application. These programs will help you to connect to email server and download or send your email and save you action in your hard disk and keep synchronies with email server. They usually come with Anti-Spam solution. In webmail service you could access your email by webmail service that you login to website using your browser such as Internet Explorer and you check your email. In all cases you have option that you could mark your email as Junk Mail or Spam. Each Anti-Spam has its own method to detect and block Spam (Junk Mail), they block spam by blacklist (which contain domain or emails that send Spam) or by behavior or rule that apply keyword or some functions or link cause email to move to spam. However, as a user you should know when you delete a message and when you should mark email as Spam (Junk). It is making different and you should know when you mark as Spam or delete a message. The different is that when you delete a message then message could keep send you from same sender or with different senders with same contain and you just keep delete them and they keep coming but when you mark as Spam it could help you that message will define as spam and if it come it will go right to Junk filter or Anti-Spam and also if you chose to participate in customer experience program then this email will report and it will help to make Anti-Spam engine even more powerful. You should delete spam when it is email that you won’t need such as when you receive email from someone that you know and later on you feel like you don’t need it. For example you might subscribe to email newsletter from a company in order to give you promotions and after promotion time is over then you will delete message when you don’t need it. But let say you will receive an email that is suspect or send from someone that you don’t know and you feel it is spam then you should NOT delete it at the first, but instead you should mark it as junk or spam. If you don’t have Spam or Junk option then you should delete it. When you mark as Junk or Spam then email that spamming you won’t come to your index and if you chose to participate in customer experience program then it will send for analyze and in some cases it might help to stop and arrest Cybercriminals. Delete and Mark as Spam or Junk is different only in clicks but the reality is that your action would help you and many other people. I discuss customer experience program, it is option in many Microsoft Products that if you chose to join it then some information will send about your experience with program that follow your privacy (NO PERSONAL COLLECTION) which mean your personal information won’t send and you could see privacy statement and chose to join program or not and know that join this would help you and many people because it helps Microsoft or other Anti-Spam companies to make their Anti-Spam more powerful and also help legal party to arrest Cybercriminals and spammer faster and easier. In many websites you heard that delete emails that you don’t know or they are spam but better practice is to mark email that are suspect of spam as Spam. In other hand check you Anti-Spam filter (or Anti-Junk) often, because some NON-SPAM email might wrongly move to spam filter due to their behavior as Spam. In this case the best practice is instead of move them to index or normal email folder is to mark them as NOT SPAM. It also helps Anti-Spam to add NON-SPAM email as NON-SPAM and it cause email Anti-Spammer to don’t block it in future. Remember when something is a spam, then mark it as Spam instead of delete it. But when something is marked as Spam and is in junk mail then mark is as NOT Spam if it is trusted such as trusted email from friend.

Note that is some case of Malware (Virus, Worm, Spyware, Trojan …), Sometimes if your friend’s email or someone you trusted infected, and then Malware could send a message on behalf of your friend. Therefore DON’T trust any email from your friend. It is possible that your friend’s email might hacked or infected and someone or something else sending email on behalf of his or her. In this case review contains of email and if it was suspect don’t open it and don’t mark as safe or not spam. First confirm with your friend that email send from him or her and then use it and if that person is NOT aware of that then give him advise to do full scan in system with updated Anti-Virus and check Firewall and also contact Email provider that provide email service for get help with this.

 

 

BCC, your old friend

Have you ever receive an email with hundreds of email that it sent to you and many more people, people that you might or might not know them? You also might do the same and send an email to several people. To the user this might NOT be a problem, however, to the bad guys it is a chance for spamming. Have a look at this scenario:

I am sending following email:

 

From: me@…

To: friend1@…., friend2@…, friend3@…, friend4@….

Subject: Hi

Message:

Hi everyone,

This is a test mail.

 

What I mean by me@…, friend1@…, is the email address that I am going to send an email, it could be @hotmail, @yahoo, @msn.com , @aol.com and such these things. Message is not important I just put it as example. Now here is the problem, I know friend1, friend2, frined3, friend4, but friend1 and friend2, friend3, friend4 are NOT know each other means that they don’t have email from each others. When I send email this way, then all friends (friend1, friend2, frined3, friend4) will find out email address from each other. The problem is that email address of people that they do NOT know each others will reveal.

In order to prevent these kinds of problem you could use something called BCC. BCC stands for blind carbon copy; it is inside almost all of email client and webmail. In order to prevent these kinds of problem you should use BCC. In email’s BCC, then you type email address of receivers and when you send email then the other emails will be hidden for example if you type email in BCC instead of To or CC (carbon copy), then email will show your email address and your friend’s (e.g. friend1@….) email address and NOT your friends email address to all (friend1@…., friend2@…, friend3@…, friend4@….). This would hide email address of your friends that will NOT know each other and preserve more privacy for them. In order to make it clearer have a look at following example, in this example you will see that what receivers (in this case friend) will see.

From: me@…

Receiver: friend1@…., friend2@…, friend3@…, friend4@….

Subject: Hi

Message:

Hi everyone,

This is a test mail.

(Message sent using To or CC)

 

From: me@…

Receiver: friend1@…. (friend2@…, friend3@…, friend4@…. are hidden and not viewable by friend1)

Subject: Hi

Message:

Hi everyone,

This is a test mail.

(Message sent using BCC and friend1@… received it, in this case friend2@…, friend3@…, friend4@…. are hidden and not viewable by friend1)

 

CC and To are similar in a way that both shows address of all receivers.  In BCC will add all email addresses (friend1@…., friend2@…, friend3@…, friend4@….) but each receivers , will only sees its own email address and the rest will hidden. This would help to protect privacy of each receiver that you will send a message to many people but they won’t see that message sent to whom other than themselves. Message will send to all but each receiver will view its own email and NOT the others. It will preserve more security and privacy and reduce chances of spamming. BCC option might NOT viewed in compose or new mail ,which you are writing you message and in this case you should chose show BCC , depend of your webmail or client mail , you should see how to enable BCC. One of common scenario of using BCC is when you send invitation or interesting email to all of your friends, instead of use CC and To , you should use BCC, because they might be some people in your contact list that you might NOT want the others know their email address. In the large organization and enterprise user also consider to use RMS (right management service), that you could apply certain policy such as chose email policy regarding to receivers and also apply policy that to whom email allowed to be forwarded.

 

 

 

Hoax

Hoax is refer to fraud and scam in computer security. This type of hoax is sometimes called chain email. Have a look at the following message:

“A new virus is circulating!!!!

This information came from Microsoft, and Norton.

Please, transmit it to anybody that you know that has access to the

Internet.

You may receive an e-mail about an offensive Powerpoint Presentation, entitled "Life is beautiful.pps".

If you get it, DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCE and delete it immediately.

If you open that file a message will appear on your screen,  "Now it is late, your life is no longer beautiful" after that you’ll lose EVERYTHING IN YOUR PC and the person who sent it will have access to your name, e-mail address, and password.

It is a new virus started to run Saturday night.

We need TO DO ALL THAT is POSSIBLE TO DETAIN THAT VIRUS.

UOL already confirmed its danger and antivirus software cannot destroyed it. The Virus was created by a hacker that denominates himself as the owner of life and wants to destroy PCs domestic, and fight against Microsoft in justice! Because of this it comes disguised with a .PPS extension. He fights in justice by the patent of the Windows-XP. SEND THIS E-MAIL TO ALL YOUR FRIENDS “

When user see a message like this then what they do is just forward them to other people and people who are received it they also will forward it to others and it keeps go around. Have a look a bit deeply on this message. It said information came” from Microsoft, and Norton”. When Microsoft what to inform users about a new threat, they will put it at their website and they inform user by sending email for people who are subscribe to Microsoft e-newsletters. The funny thing here is the word of Norton!!! It is name of product not a company. Norton is product name for consumer that came from Symantec Corporation and they never call themselves as Norton, However, person that wrote this Hoax is aware that many people are not aware of Symantec but they know what is Norton (Antivirus, Internet Security). We always recommend users that do not open files that they are suspect and no matter what are these and what subject are. There is Virus that could wipe of your harddisk, not only in Windows but they are working in Linux and Apple too but what they try to do is to format your PC. In this case, they just not go ahead and start formatting, if you using Windows, then you might notice that you cannot format a partition that Windows is located in it. In the other hand, the most powerful Malware and Virus all over the world will detect and remove someday, or if their removal or signature that remove or clean Malware take long time to be design they will detect and put in quarantine. I think that writer of this Hoax is fan of science fiction movies  J . As you see this Hoax is similar to movies that a hero wants to save the world and not a true warning. There are different types of Hoax, some of them might ask you that your PC is infected and in order to stay protect it you should delete or modify some sensitive part of Operating System (such as registry)  and when you do you PC might face to serious problems. Hoaxes consist of two parts:

 

1)      Scare: It is part that tells you something that scares you and persuades you to do action. For example tell you that you will infect by virus (Malware) or you may get bad luck if you don’t do that. In our example the scare part is “you’ll lose EVERYTHING IN YOUR PC and the person who sent it will have access to your name, e-mail address, and password.”

 

2)      Action: It is what will ask you to do after scare you. For example pass this email around or modify a file or print message and post it on board. In our example the action part is “Please, transmit it to anybody that you know that has access to the Internet.”

 

If you seen such these message delete it and do NOT PASS IT AROUND AND DO NOT FORWARD IT. Forwarding these messages will cause the other people that do action or forward message and when they do the email mailbox will take extra size. The other risk is user usually forward these type of message around and when they forward the message then the address of preview sender (people who forward this message to you) will be reveal to others. Some Hoax might contain Malware (Virus, Worm , Trojan , Spyware…) in this case they would block by your Anti-Malware if it is running and update but these type of Hoax do not have any attachment and the way to block them is using Spam filter by keyword blocking . For enterprise users, in you company you could use Microsoft Exchange Server and Microsoft Forefront Protection for Exchange, what you could use is that create role in your spam filter, if you receive such these message (Hoax) you should block them by keywords. The reason is as you see this message will send from people that are already trusted and they don’t want to harm you but they don’t know that this message is hoax. In Exchange Server 2010 you could apply RMS (Right Management Service) base on keyword. It means that apply role that whenever keywords has been detect then apply RMS.  Then you could use RMS to block message from forwarding by your users. Also ask your staff to report such emails to you (administer).  I recommend you to have a look at McAfee Lab for more examples regarding to Hoax