How to configure warning messages for Office 365 emails from external senders

As a security precaution, it’s a good idea to remind your staff not to open attachments from unknown senders. One easy way to implement this in Office 365 is by setting up a mail flow rule in the Exchange admin center. If you have ever set up a Disclaimer mail flow rule, the setup is almost identical. In this tutorial, we’ll cover how to setup your own warning message for all external email sent to users inside your organization. Steps to Configure Attachment Security in Office365 1. Log in to your Office 365 Admin account at: 2. Select Admin [...]

By | 2019-02-12T14:35:38-05:00 May 10th, 2018|Microsoft, Phishing, Viruses, Vulnerabilities|Comments Off on How to configure warning messages for Office 365 emails from external senders

How Does Ashley Madison Threaten Your Organization?

Extortion is not usually a topic that employers have on their radar regarding their employees.  Most employers know they need to protect themselves against viruses, and "hackers", but they often don't think about the social engineering tactics that attackers may use to target employees.  However, when users put their private information on "secure" websites, they may assume this information is safe.  But, as the old adage goes, "assume anything you put online can be made public", and it is likely that all of the users of the Ashley Madison website failed to consider the implications. For more details about the Ashley [...]

By | 2015-08-27T12:05:05-05:00 August 26th, 2015|Data Breach, Information Security, Phishing, Social Engineering|Comments Off on How Does Ashley Madison Threaten Your Organization?

Phishing and FIFA

I have some friends staying with me right now from Brazil.  They arrived a few days ago, and said that, due to the world cup, the level of excitement in Brazil is very high, and that there are many foreigners that have arrived in the country to see the games.  The World Cup is all over everything in the country right now.  Apparel, food, merchandise, etc. is all branded with the World Cup (similar to how the U.S. advertises items for the World Series or the Super Bowl).  The World Cup is one of the largest sporting events in the [...]

Tips for Spotting a Phishing Email

Every day users are targeted with phishing emails from all around the world.  These emails can range from overtly "spammy" and easy to detect, to quite sophisticated an difficult to notice.  We have found that this is typically the least defended position in an organization, as well as one of the easiest to exploit.  Even organizations with millions of dollars worth of network security equipment can be vulnerable if even a single user clicks on a malicious link.  Here are some tips and tricks for spotting phishing emails: Do You Know the Sender? There are two parts of an email [...]

By | 2014-12-01T13:35:29-05:00 April 28th, 2014|Phishing, Social Engineering|2 Comments

Highly effective social engineering using Google Drive

Researchers at Symantec have identified an attack on Google Documents users using highly effective social engineering methods. This attack is so successful because the redirect page is hosted on Google’s servers and comes in over SSL. The criminals used Google Drive’s preview function to get public facing URL’s. The sign in page is pictured below. Take a second and see if you can spot the flaw.   If you were sent an email request and directed here would have missed the Sign in to continue to Google Drive? My son’s school uses Google Doc’s for students and I know he [...]

Scammers take advantage of Target Breach victims

Can you recognize a phishing email?  Target recently sent out an email to those affected by the data breach with information about the breach and steps to take if your information was involved.  That email can be viewed on Target's website. Scammers are also taking advantage of the situation and sending their own Target breach notification emails.  Can you spot the differences in a real and fake email? Honestly, I am surprised that Target sent their email the way they did.  One of the first ways to identify a suspicious email is whether or not you recognize the sender.  In [...]

LinkedIn Profiles: Ripe for phishing recon

The author notes that LinkedIn has "...more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams." Many times there are legitimate business reasons to post identifiable information such as email, phone, etc on LinkedIn.  Is it necessary to add things like date of birth or address?  Users must keep in mind the type of information they make available and what it could be used for. Additionally, do you 'know' each of your contacts? [...]

Linkedin is a good marketing tool, but what else can it be used for?

Linkedin is ripe with information about people.  In a targeted attack, facebook and linkedin would probably be the two places to start gathering information.  Many people lock down facebook, but Linkedin doesn't have the same privacy controls and in fact, often times the information on linkedin is meant to be public.  What linkedin provides is a free, centralized source for that information. Source:

By | 2014-01-24T20:35:17-05:00 December 23rd, 2013|Compliance, Phishing, Privacy, Social Engineering|0 Comments

Phishing With Linkedin’s Intro

In the everchanging landscape of social media, the latest 'features' can often be the newest vulnerabilities.  Social engineering techniques have become very sophisticated, and can be a real problem for enterprises.  Take the recent changes to LinkedIn and the threat they post in the form of phishing emails: Are your end users' prepared to spot a well crafted spear phishing email like this?  We can help you find out. [av_button label='Find Out How' link='page,1298' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']