Thursday, October 29, 2015

Phishing - Avoiding malicious emails and links

Phishing attacks trick users into sharing personal information online and are typically done through email, ads, or compromised sites that look similar to sites that you may already use. What we see in our customer base are Google Apps and Gmail accounts that get hijacked and then used to send emails to further compromise more accounts. This normally happens when an end user enters their email address and password into a malicious website from an email link supposedly from a coworker or trusted source. Often this is a faked page that uses legitimate logos and text but normally with errors that may raise red flags for you. Phishing emails are also personalized sometimes which makes it more difficult for the recipient of the email to assess credibility.

An example of a malicious website from an email link. It may look legitimate, but the URL shows it's a hacked website.

There are a number of ways users can protect themselves and their organization from being victim to phishing attacks. The best way is to turn on two-step verification. Enabling two-step verification will require the user to authenticate beyond a username and password. It's an extra step, but ensures that the account is extremely difficult to compromise because even if an attacker has your username and password, they are unable to access your account without a unique, time-sensitive code. Here is how you can enable two-step verification for your Google Account.

Phishing is often successful when a user becomes complacent and too busy or rushed to bother checking the source of an email or site. Being aware and diligent, especially towards unexpected emails or attachments, can help you recognize when you are being targeted for phishing. Always confirm that the URL corresponds to the site you're expecting to see and before you enter your credentials, be sure to check for a trusted domain like google.com or facebook.com and that it's not something like google.xyzname.com or facebook.xyzname.com. If you are the slightest bit unsure, don't enter your login information and contact the person who sent you the email.

Another way to ensure the legitimacy of a site is to check whether the URL begins with https:// (s for secure) and has a lock symbol next to it. The lock means that the site is encrypted, which doesn't necessarily mean it's not hacked, but is a dead giveaway if it is missing.

Many account hijackers will email your contacts attempting to also gain access to their accounts, and then delete all your contacts. To add to the maliciousness, email filters may be used so that you don't see emails from people telling you your account has been compromised.


This phishing website attempts to trick users into giving away their login credentials and propagates by email. User's tend to login without actually looking at the URL first. We've reported the link and Chrome has already blocked it.

Tip: Always check the URL in your address bar, because if it's not from a legitimate root domain like google.com, it could be malicious.

If you do come across a malicious site or link, do not forget to report it. You can follow common advice by "reporting to an appropriate party" but  they typically do nothing. Take action and save your coworkers, family and friends from the bad guys by immediately submitting malicious links to Google. Often within as little as an hour of filing the report, the site will get blocked from Google search and Google Chrome. Firefox is relatively fast also, but Internet Explorer can take weeks to start blocking it.

Lastly, virus scanners rarely catch much in our experience but are still a necessary protection for the occasional time they do prevent problems. We recommend Symantec Endpoint Protection because it provides a cloud based console for monitoring your protection status across the company.


Unfortunately phishing sites still increasingly trick many users into surrendering their personal information and credentials. Hopefully this post has shed light on how you can help yourself and others avoid becoming victims of phishing. For all your technical assistance and needs with Google Apps, make sure to contact our InterlockIT team!
Posted by at No comments:
Labels: , , , , , , , ,

Monday, September 28, 2015

Autodiscover and Outlook

We see lots of confusion in our customer base about the function that Autodiscover serves in both traditional on-premises environments and cloud-based environments alike. At a high level, Autodiscover basically allows you to skip all the back-end configuration work that legacy mail clients need and have the Outlook email client do it all for you.

In environments with Active Directory, getting Autodiscover to work properly can be more trouble than it should be, but with access to group policies and a bit of information, you'll be able to get it working.

What is Autodiscover?

Autodiscover is a service that runs in the background of your Exchange or Office 365 install and can automatically configure profile settings for users running Outlook 2007 or newer, Mac Mail, or mobile phones. It provides access to Exchange features for Outlook 2007 and up clients that are connected to your Exchange messaging environment, and it uses a user's email address and password to provide profile settings to supported clients and devices. If the Outlook client is joined to a domain, the user's domain account is used.

In earlier versions of Microsoft Exchange (2003 SP2 or earlier) and Outlook (2003 or earlier), you had to configure all user profiles manually to access Exchange; Autodiscover negates the need for this manual setup. Extra work was required to manage these profiles if changes occurred in the environment and if this maintenance stopped or fell behind schedule, Outlook clients could stop functioning entirely.

Autodiscover is a function of Exchange (and, in a roundabout way, therefore also a function of Office 365). Outlook clients are coded in such a way that they can take advantage of Autodiscover, but for this to work correctly, Outlook needs to be told where to "find" the Autodiscover information. The order of logic that Outlook uses when trying to retrieve information is:
  • Service Connection Point (SCP) lookup  Outlook will get Autodiscover information from Active Directory. If this fails, Outlook begins its 'non-domain' connections;
  • HTTPS root domain query;
  • HTTPS Autodiscover domain query;
  • HTTP redirect method;
  • SRV record query;
  • Local XML file;
  • Cached URL in the Outlook profile (exclusive to Outlook 2013 and newer).

How does Autodiscover work?

When you install a Client Access Server in Exchange 2013, a default virtual directory named Autodiscover is created under the default website in Internet Information Services (IIS). This virtual directory handles Autodiscover service requests from supported clients under the following circumstances:
  • When a user account is created or updated;
  • When an Outlook client periodically checks for changes to the Exchange Web Services URLs;
  • When underlying network connection changes occur in your Exchange environment.
Additionally, a new Active Directory object named the SCP is created on the server where you install the Client Access Server.

The SCP object contains the authoritative list of Autodiscover service URLs for the entirety of your Active Directory forest. (You can use the Set-ClientAccessServer cmdlet to update the SCP object.)

How to manually override Autodiscover service for your PC

Occasionally, Outlook clients can "find" incorrect Autodiscover settings – we find this is most common when businesses decide to switch to Office 365 from an on-premises Exchange environment. Here's how you can force Outlook to stop looking for Autodiscover
  1. Click Start, and then click run
  2. In the Run dialog box, type regedit, and then click OK
  3. In the Registry Editor, go to the following registry key:
    • HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Autodiscover
    • Create a new DWORD (32-bit) string named "ExcludeScpLookup" and set its value to 1.
You can alternatively use the command prompt to exclude SCP lookups by using following commands:
reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Autodiscover /v

ExcludeScpLookup /t reg_dword /d 1 /f
Hopefully this has helped you get a better understanding of how Autodiscover works for Outlook as well as how to override default priorities.
Posted by at No comments:
Labels: , , ,

Thursday, August 27, 2015

How to upgrade Microsoft Azure free trial to a paid subscription

For some reason, it's hard to find instructions on how to convert an Azure free trial into a paid account. If you don't complete this step and your trial expires services like Network Gateways will get deleted.

Here's how to upgrade your free Microsoft Azure trial to a paid subscription.
  1. Log into the admin account that originally set up the free trial.
  2. Click the 'Account' tab along the top.
  3. Under 'subscriptions' you should see Free Trial. Click the yellow bar where it says 'click here to upgrade now.'
  4. Click the 'Yes' button, put in a subscription name and click 'upgrade now.'


That's it! Your Azure account will now automatically convert to a paid subscription without any further interference.
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)