Showing posts with label Spam. Show all posts
Showing posts with label Spam. Show all posts

Monday, July 17, 2017

Security breach! How to prevent your G Suite domain from getting hijacked

Legacy security solutions are no longer as effective against todays clever hacking methods, and on-premise hardware can often lack sufficient scale and performance to protect internet connected application infrastructures as they grow. As more organizations move their operations online, they need a cloud-based security solution that can defend their domain, email, valuable data, and in some instances, brand image.

Lately we have witnessed increasingly clever phishing attempts in our customer base. Some of these attempts are so sneaky you'd need to do a double or triple take to notice it as a red flag. Take for example a long time customer of ours who was sent an email with an almost identical domain name (only one letter was different). The email came from the actual domain name, meaning that the hacker had invested the time and money to purchase and configure the domain with the intent to hijack the real customer domain. Luckily our customer realized it was a malicious email and immediately deleted it and reported the domain to Google.

G Suite's cloud based security protocols are top notch. Google recently added a new security feature in Gmail to warn users when responding to emails sent from an external domain and not someone in their contacts. This feature increases awareness against forged email messages, impersonation, as well as common user-error when sending mail to incorrect addresses.
When a user clicks 'reply' in Gmail, Google scans the recipient list, including addresses in CC to verify the risk level. If a recipient is external to the user’s organization, not present in their Contacts or not someone the user interacts with regularly, the warning is displayed automatically. This is a subtle, yet powerful, way to keep your users vigilant.

A valuable step to take to prevent a hijacking is to create a rule in Gmail to bounce emails from domains that have close spellings. Here's how:
1. Login to your G Suite Admin account.
2. Go to Apps ---> G Suite ---> Mail ---> Advanced Settings
3. Under the Spam Section, Blocked Senders ---> Configure
4. Enter a (very) short description for the summary of what's being blocked
5. Use an existing list or create a new list for the addresses that are going to be rejected (you can choose single or multiple domains and single or multiple email addresses.)
6. Optional; you can edit the rejection notice that the sender will receive in the blocked bounce-back (leaving it blank will use the default).
7. "Bypass this setting for messages received from addresses or domains within these approved senders lists." - this option can be ignored (defaults to being checked off, but does not matter unless a list is created or used in this section).  This option also serves the purpose of allowing exceptions that can still send (eg. malicious.ca is blocked, but hacker@malicious.ca is allowed, or malicious.ca is blocked, but hackers.malicious.ca is allowed to bypass).

As long as we live in a world of technology, attackers will always look for ways to target us. As the internet evolves, the methods and techniques used by these attackers evolve along with it. It's important to understand that vulnerabilities do exist and the best way to avoid a compromised system is to set preemptive measures like the ones G Suite offers. The challenge with web security lies in that very changing nature. True cloud solutions offer the latest and most secure methods to provide the utmost protection for your online assets.

To learn more about cloud security and G Suite, contact Interlock IT today!

Monday, May 30, 2016

No more forged emails! - SPF and DKIM

Secure email is vital to any organization. If you have ever received email from your employee or a company you do business with, but it's actually really from a malicious/unknown source, then you've seen first hand how easy it is to forge emails. Our previous blog post covered how users can prevent important email from landing in their spam folder. This post covers a common question we get from our customer base; why does sent email end up in the recipient's spam folder or isn't delivered at all?


Every recipient is unique and has different spam filtering settings for messages being received. Typically, recipient servers don't provide information about spam filtering to the sender of an email simply because it makes the recipient vulnerable by giving too much information to actual spammers who could then potentially get around the filters. This is where SPF and DKIM authentication come into play. Authentication legitimizes the source of the email to prove it isn't forged and is a thorough way of ensuring your email is delivered to the person you are sending to.

A sender policy framework (SPF) record is a type of DNS (domain name server) record that identifies which mail servers are permitted to send email on behalf of your domain. SPF records are used to prevent spammers from sending email on your behalf. It essentially asks, "is this email coming from an authorized mail server?" If it isn't, the email is likely to be spam.

A DomainKeys identified mail (DKIM) record simply adds a digital signature to emails your organization sends. The email recipient servers check if the signatures match and if so, the email hasn't been tampered with and is from a legitimate sender. Fundamentally, the DKIM check verifies that the message is signed and associated with the correct domain.

Having both SPF and DKIM records in place can greatly reduce the potential of spam email appearing to be sent from your domain and also improves email deliverability. An easy way to check if your domain's SPF and DKIM records are in compliance with Google's recommendation is by going here: https://toolbox.googleapps.com/apps/checkmx/check.
The interlockit.com SPF address declares that Google Apps, Freshbooks, Sendgrid, and MailChimp are all authorized to send email on behalf of our domain. 
Our team at InterlockIT has assisted many hundreds of companies and organizations update and correct their DNS records resulting in very happy customers. Be sure to contact us today to prevent email forgery for good!

Friday, May 6, 2016

Important mail going to spam? Read this!

It happens to a lot of users. Your boss, colleague, or client asks if you've completed the first draft and you look at them with a blank face, with no clue as to what they are referring to. You either missed the email or it somehow landed in your spam folder which you rarely ever check. "Why is important email landing in my spam" you ask? Simple, you get Gmail to stop checking for spam - sort of.

If you're finding that wanted incoming email is landing in spam, here is a way to redirect it to your inbox. Filters are one of the most powerful tools integrated in Gmail. If you understand the power of email filters, you can do quite a lot with them to manage your inbox efficiently and productively. Follow these simple steps to setup a domain filter to automate "spam email" to redirect into your inbox.

1. Click the gear icon in the upper right corner of your inbox and select Settings.





2. Select the Filters and Blocked Addresses tab and at the bottom select Create a new filter.



3. In the resulting popup, place this text (without quotes) “is:spam” into the "Has the Words box", enter the domain name from which wanted mail is landing in spam, and click Create filter with this search.






















4. Check the Never send to Spam box (and any other boxes you'd like a match for) and click Create filter.






That's it! You've now created a filter to prevent wanted mail from that specific domain from going to your spam folder. Technically we haven't stopped Gmail from checking spam, but this filter functions in practically the same way, so no more scavenging through your spam folder to find that lost unread email. Next time you get an important email from that domain in spam, it will automatically pass along to your inbox as a regular piece of mail.

In our next post we'll cover why your sent mail may be going to your recipients spam folder and why having your domain's SPF and DKIM records up to date is crucial to having your email delivered appropriately. To learn more about how Gmail and other Google Apps can make your company more efficient and productive, be sure to contact our InterlockIT team! 

Thursday, October 29, 2015

Phishing - Avoiding malicious emails and links

Phishing attacks trick users into sharing personal information online and are typically done through email, ads, or compromised sites that look similar to sites that you may already use. What we see in our customer base are Google Apps and Gmail accounts that get hijacked and then used to send emails to further compromise more accounts. This normally happens when an end user enters their email address and password into a malicious website from an email link supposedly from a coworker or trusted source. Often this is a faked page that uses legitimate logos and text but normally with errors that may raise red flags for you. Phishing emails are also personalized sometimes which makes it more difficult for the recipient of the email to assess credibility.

An example of a malicious website from an email link. It may look legitimate, but the URL shows it's a hacked website.

There are a number of ways users can protect themselves and their organization from being victim to phishing attacks. The best way is to turn on two-step verification. Enabling two-step verification will require the user to authenticate beyond a username and password. It's an extra step, but ensures that the account is extremely difficult to compromise because even if an attacker has your username and password, they are unable to access your account without a unique, time-sensitive code. Here is how you can enable two-step verification for your Google Account.

Phishing is often successful when a user becomes complacent and too busy or rushed to bother checking the source of an email or site. Being aware and diligent, especially towards unexpected emails or attachments, can help you recognize when you are being targeted for phishing. Always confirm that the URL corresponds to the site you're expecting to see and before you enter your credentials, be sure to check for a trusted domain like google.com or facebook.com and that it's not something like google.xyzname.com or facebook.xyzname.com. If you are the slightest bit unsure, don't enter your login information and contact the person who sent you the email.

Another way to ensure the legitimacy of a site is to check whether the URL begins with https:// (s for secure) and has a lock symbol next to it. The lock means that the site is encrypted, which doesn't necessarily mean it's not hacked, but is a dead giveaway if it is missing.

Many account hijackers will email your contacts attempting to also gain access to their accounts, and then delete all your contacts. To add to the maliciousness, email filters may be used so that you don't see emails from people telling you your account has been compromised.


This phishing website attempts to trick users into giving away their login credentials and propagates by email. User's tend to login without actually looking at the URL first. We've reported the link and Chrome has already blocked it.

Tip: Always check the URL in your address bar, because if it's not from a legitimate root domain like google.com, it could be malicious.

If you do come across a malicious site or link, do not forget to report it. You can follow common advice by "reporting to an appropriate party" but  they typically do nothing. Take action and save your coworkers, family and friends from the bad guys by immediately submitting malicious links to Google. Often within as little as an hour of filing the report, the site will get blocked from Google search and Google Chrome. Firefox is relatively fast also, but Internet Explorer can take weeks to start blocking it.

Lastly, virus scanners rarely catch much in our experience but are still a necessary protection for the occasional time they do prevent problems. We recommend Symantec Endpoint Protection because it provides a cloud based console for monitoring your protection status across the company.


Unfortunately phishing sites still increasingly trick many users into surrendering their personal information and credentials. Hopefully this post has shed light on how you can help yourself and others avoid becoming victims of phishing. For all your technical assistance and needs with Google Apps, make sure to contact our InterlockIT team!

Friday, October 18, 2013

The future of malware - Google Apps protects you

In the last few weeks, a relatively new "ransomware" package has been making its way through the world's computer systems, spreading via email. The email messages where the malware lives appear to come from legitimate sources (banks, accountants, and more) but are really just highly sophisticated phishing messages.

Of course, your best course of action if you aren't expecting a message to have an attachment is always to not open that attachment and instead call the sender directly to verify it. While Google has very, very good spam and phishing detection, it's not perfect, and the last line of defense is you.

The message you'll see once your files are encrypted.
The malware, called CryptoLocker, works by scanning your computer and any network shares for a huge variety of files, including Office documents, pictures, PDFs, and Outlook PST files, among others, and then encrypting them with a nigh-unbreakable 2048-bit RSA encryption key. Once the encryption process is complete, you'll be presented with the message above, demanding a $300 payout to unlock your files and warning you that attempting to remove the software will immediately destroy the private key stored on the remote server.

According to a number of posters on a month-old reddit thread detailing the malware, paying the $300 ransom does work and you will be provided with a key that will decrypt all your files.

The advantage of Google Apps

But it would be much easier to simply not have to worry about this kind of thing at all, wouldn't it? Thankfully, Google Apps protects you from this kind of attack by blocking the sending or receiving of any and all .exe files, even those contained in archived zip files. The best defense is, as always, staying vigilant, but it's nice to know that you don't have to worry about opening any suspicious .exe files, since Google stops them from ever getting to you.

Can your current email system do that? If it can't, it might be time to consider switching to one that allows you to focus on the important things and not worry about whether or not every message you receive contains a hidden malware payload.