The past two mornings have had businesses in the Albany area who use Microsoft’s Office 365 receive a Phishing email claiming that users passwords have had a password change request and please follow the link included in order to cancel the request.
The sender will be listed as “Office” or “Office 365” and the Subject line will read “Password Reset Alert”
This email should be deleted immediately.
Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010
US-CERT is warning consumers of email-based phishing campaigns targeting airline consumers. Consumers who have booked flights should be vigilante and ensure any email the receive is indeed legitimate. We recommend not following links from received emails and to go directly to the Airline web pages and verify any information there.
Yesterday we had a client receive an email claiming to be from administrator@TheirCompanyName.com asking them to follow a link to receive an encrypted email. None of our clients would be getting such a message from an account named as such. This was malware designed to convince the user receiving it that the message was legitimate and from an internal account.
Should you receive a similar message you should delete the message immediately. IN addition to coming from the account “Administrator” it may also arrive with the name of a legitimate user on your network.
**********Important – Internal ONLY********** File Validity: 10/04/2015 Company : “YourCompanyName.com” File Format: Adobe Reader Legal Copyright: Adobe Corporation. Please follow this link :https://YourCompanyName.com/file/internal/encruptedmessage” ********** Confidentiality Notice **********. This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s). This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from your system and destroy all copies of it.
A post on the Cisco Managed Threat Defense blog reports Emails that purport to come from the Microsoft Volume Licensing Service Center are circulating
This email will have a custom subject line and will look very similar to a real email from Microsoft. Clients should be very careful when receiving any VLSC emails while this is circulating.
Last week Anthem Inc. warned that a breach of its network exposed the personal information of as many as 80 million people. This week they have posted a bulliten warning that scammers are sending phishing e-mailsto people whos onformation was stolen.
How to protect yourself against phishing:
- Be wary of emails asking for confidential information – especially information of a financial nature. Legitimate organizations will never request sensitive information via email
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalised, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with “Dear Sir/Madam”, and some come from a bank with which you don’t even have an account.