Scammers often piggyback phishing campaigns on top of major announcements that interest large groups of people. The up-coming Windows 11 release is no different. Microsoft is distributing lots of email messages and web articles with news and preparation tips, as are their partners and news organizations. Phishing campaigns during this time benefit from camouflage as common phishing signs can be overlooked in the “noise”. Compounding this is the increasing sophistication that is being used in these campaigns.

A good overview of the October 5 release is at https://blogs.windows.com/windowsexperience/2021/08/31/windows-11-available-on-october-5/

TIP: “Hover” your mouse-cursor over the link above to verify the actual URL link matches the blue underlined label, it should look like this:

Other current news items that will surely spawn phishing messages are:

• Windows Server 2022 – General release September 1, 2021
• Tropical storms & hurricanes (Ida, Nicholas)
• Covid mandates & vaccines at schools

If you receive a news email that you’re not familiar with, don’t click any links in the message and don’t open attachments. Instead, open a web browser and search for the news organization. Once at their site, use their search field to find the article you were interested in that was highlighted in the email. This way you find the news of interest, and you greatly reduce the chance of infection.

If there’s a phone number in the email message, don’t call it. Instead, open a web browser and search for the organization you’re interested in. That website will have methods to contact them that are legitimate.

Remember to look for common signs of email and social media phishing campaigns: https://www.leeshanok.com/wp-content/uploads/Phishing-Email-Red-Flags.pdf

NEXT STEPS: If you’ve received an email message you’re not sure about, contact our team, and we’ll let you know if it’s malicious.

If you regularly communicate with other firms, their potential lack of security preparedness can impact your firm. Encourage them to contact us & we’ll help them assess their own cybersecurity to keep you both secure.

Want to better recognize and handle threats to your data and devices? Register for our free cybersecurity webinar series “IT Security for the Common Worker 101 A & B” at https://www.leeshanok.com/news/events/

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com

With traditional email phishing campaigns, one of the best ways to recognize and delete such messages is whether you know and trust the sender. But what about email messages from your customers, partners, suppliers or fellow employees? You may regularly receive email messages from a contact, so you feel safe opening the email and its links or attachments.

Not so fast! Even if your staff has received cybersecurity awareness training, your customers, partners and suppliers may not have. If their email account is compromised, the attackers can review previously sent messages and develop a timeline for sending invoices and legitimate communication with other firms. Then they copy or create a similar email message, timing it with previous email sends, and out it goes to the contacts expecting such emails. Since it was sent from a known email account, and the email appears exactly like previously received emails, the receiver has little reason to expect anything amiss.

Usual phishing signs may be missing in Business Email Compromise (BEC) messages:

1. The sending email account is legitimate, not spoofed, so it gets through spam filters
2. The subject of the message matches previous messages from the sender
3. The body of the email matches previous messages
4. Links & attachments match previous messages
5. There is no unusual language or misspelled words, because this message was copied or crafted from previously sent messages

So what can you do?

You can always seek “human verification” before opening attachments or clicking links. Call the sender at the phone number you already have, not the number in the message. Let them know you received the email, and you’re making sure it’s legitimate. If they did not send the message, notify them it appears to have been sent from their email account, then delete the message.

Even if they confirm sending it, you can still proceed carefully. In the email message, right-click on the attachment and click “Save As”, then save the file to your file system. Using Windows File-Explorer, locate the file, right-click, and click “Scan with Microsoft Defender”. If you have a 3rd party antivirus, you’ll also have the option to scan with that app.

If the scan comes back with “0 threats found”, you can have more confidence it doesn’t have malicious macros inside.

However, whenever you open an attached Microsoft Office file (may be inside attached Zip file) and a security warning pops up, NEVER click “Enable Content”. Instead close Excel & delete the file if you saved it, then delete the email that contained the attachment.

Customers, partners, suppliers & fellow employees are part of our “communication chain”, and we should all watch out for one another. The FBI published an overview of this scam, and steps to protect yourself at https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise

NEXT STEPS:  If you’ve received an email message you’re not sure about, contact our team and we’ll let you know if it’s malicious.

If you regularly communicate with other firms, their potential lack of security preparedness can impact your firm. Encourage them to contact us & we’ll help them assess their own cybersecurity to keep you both secure.

Want to better recognize and handle threats to your data and devices? Register for our free cybersecurity webinar series “IT Security for the Common Worker 101 A & B” at https://www.leeshanok.com/news/events/

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com

So your firm has layered security in place to protect against common threats to your network, domain, storage and end-user devices. Even so, employees remain a wild card if they have not received training in Cyber-Security Awareness.

For example, email and text phishing to personal and company-owned phones can bypass enterprise security by tricking the user into entering email credentials into a fake Microsoft 365 site. And seemingly safe Wifi hotspot connections in a favorite restaurant can actually be connected through a spoofed hotspot hosted by another customer sitting close by, allowing them to capture keystrokes and login credentials.

These and other risks target common workers and the devices we use each day. According to Malwarebytes, employees are a vital link in a firm’s digital IT security strategy, and they need periodic security awareness training to strengthen the human firewall. This is critical, as many will continue working in-office & remotely while connecting to company and on-line resources using personal and company-owned devices.

We have split our mainstream webinar course into two 30 minute online workshops. The content in each is self-standing, but attending both A & B will provide you the complete training curriculum. Certificates of Completion for you and/or your firm will be provided.

• IT Security 101 A for the Common Worker
• Wednesday, Sept 8, 2021
• 11:00 AM – 11:35 AM
• Register

• IT Security 101 B for the Common Worker
• Wednesday, Oct 13, 2021
• 11:00 AM – 11:35 AM
• Register

These events are free, but don’t let that fool you. We continuously update our workshops to keep pace with newly discovered risks, and we have assisted many firms in passing compliance audits where security awareness training was a requirement.

Got new staff? These workshops should be required training for new employees. Cisco found that “the majority of SMB organizations make security awareness training mandatory.”

Use the registration links above to reserve your spot, and feel free to forward to others.

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com

A new type of email phishing campaign is easily passing through firewalls and spam filters by avoiding the usual links to malicious websites and attachments that install malware.

These messages describe the expiration of a trial period, after which you’ll automatically be signed up for a subscription with monthly payment. They instruct you to call a phone number to cancel the automatic subscription. Pretty motivating isn’t it?  Who wants a monthly bill they didn’t authorize?

This campaign uses BazaCall malware to infect computers from a subsequent download of an Excel Spreadsheet with an embedded macro (a program that can run outside Excel). When the macro runs, it downloads & installs malware.

Microsoft Security Intelligence identified this threat in June 2021 (https://twitter.com/MsftSecIntel/status/1407470790333722628).

Here’s what these email messages tend to look like. Notice there are no links or attachments, just instructions to call a phone number.

By calling the phone number, you would connect with a live person who would instruct you to go to a website that appears real, then to download & open an Excel Spreadsheet. Once opened, you would be challenged by the following and the person would instruct you to click “Enable Content”.

That’s when the Excel macro would run & install the malware.

So, if you receive an email like this, do NOT…

1. Click on any links in the message
2. Open any attachments
3. Call any phone numbers in the message

It’s best to delete the message, but if you’re still not sure you can seek “human verification”. Look up the company’s phone number online or in your records. Call the known good number and let them know you received such an email and request they review your account.

Note that you should call a legitimate number for a legitimate company. More sophisticated campaigns might even create fictitious company websites that list the same number in your email message. If you don’t have a relationship with the company, then delete the message and move on.

If you’ve received an email message you’re not sure about, contact our team, and we’ll let you know if it’s malicious.

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com

Phishing email messages remain the #1 method for hacking groups to deliver ransomware to targeted companies. Phishing campaigns have become more sophisticated, as many of these emails appear to come from a fellow employee or manager. Companies that post senior staff biographies on their website make it easy for hackers to identify managers that other employees trust. Hackers then create and send an email message that impersonates the manager. When employees receive a message that appears legitimate and is from their management team, they naturally trust the sender and click links or open attachments. Malware is downloaded or a backdoor is opened which allows delivery of ransomware.

Simply receiving a phishing email won’t cause any harm, unless a link is clicked in the message body or an attached file is opened. Microsoft Office file attachments (.xlsx, .docx, .pptx) may contain macros (program scripts) that open an Office app then run the macro. These can execute system commands that open network ports and other backdoors, then connect to malicious websites and begin downloading ransomware and encrypting files.

LeeShanok’s partner KnowBe4 created the following chart with many “Red Flags” to watch for when scanning your email inbox. Feel free to download the full size PDF file and share it with your employees.

Full size PDF: https://www.leeshanok.com/wp-content/uploads/Phishing-Email-Red-Flags.pdf

The US Cybersecurity & Infrastructure Security Agency (CISA) has published a guide on preventing and responding to ransomware:  https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C_.pdf

LeeShanok’s team hosts monthly web workshops on identifying phishing emails, combating ransomware, and effective backup strategies. Register for the next event on our website: https://www.leeshanok.com/news/events/

As always, feel free to contact us to discuss your situation and industry best practices.

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com