Internet Crime Complaint Center logo

The May 2017 FBI report from the Internet Crime Compliant Center shows another increase of 8,260 victims of business email compromise. It is just a matter of time until you or one of your employees receive an email meant to trick them into sending your money to someone that does not deserve it.

Source IC3 2017 report

The FBI estimates the average loss of CEO fraud attacks at $25,000 to $75,000 per event. The report included this infographic to show losses by age groups.

Here is an example from one of my clients. The person that received the message determined the message was a scam. That is great for her company. Are all of your employees educated on what to look for in email scams? Did you know that you can get free training videos from phishme. The typical video last just 5 minutes. It gives effective training that can make everyone aware of deceptive email messages.

The IC3 report listed 12,000 reported incidents of the CEO fraud scheme in 2016. This scheme includes an email from the company CEO or CFO that requests a money transfer that needs to be done today. The email never comes from a business executive is uses the name or email address of a business executive. The CEO or CFO does not know about the message. It is easy to just call until you contact the person to verify the transaction.

The US Department of Justice suggests these action before you have a computer breach:

  • determine which of you data, assets, and services warrants the most protection
  • have a plan in place for computer intrusions
  • have technology and services available for a cyber security incident
  • have a company policy that allows network monitoring
  • ensure your legal counsel is familiar with technology and cyber incident management
  • adopt human resource policies that reduce the risk of cyber incidents
  • establish a relationship with your local federal law enforcement offices before you suffer a cyber incident
  • Establish Relationships with Cyber Information Sharing Organizations

The complete document is available at Cybercrime Unit.

Ransomware in Office 365 email

Avanan’s blog reported a large ransomware attack against Office 365 users. Avanan’s Cloud Security Platform started to detect a massive attack on June 22nd. The payload was inside an attached Microsoft Word file. By June 23rd Microsoft was blocking the distribution of this attachment in email messages. Avanan estimated that 57% of companies using Office 365 email received at least one message last week.

A variant of the Cerbex ransomware was found in the offending email attachments. If Cerbex executed on any computer all of the working files would be encrypted. A demand message for a $500 payment in bitcoins to unlock the files appears. All of your files are gone. Your last resort is a good offsite backup of everything that you have ever created.

Cerbex ransomware when Microsoft Macros are enabled

If you do not have an advanced malware protection service like Avanan then protect your office by disabling unsigned macros in Microsoft Word. If you have a domain controller you can block macro files from the Internet for all of your computers. The instructions from Microsoft can be found here.

McAfee Labs has seen a 165% rise in ransomware attacks in the first quarter of 2015. Seven hundred thousand attacks were detected just by McAfee in Q1, 2015. In April of 2016 Hory county school district in South Carolina paid over $10,000 in ransom to restore encrypted files from just one attack. In 2015 the FBI received 2,453 complaints about ransomware, costing the companies or users more than $24 million dollars.

An ounce of prevention is less than a pound of cure once again.

Who is watching your data? Need some help? Just send us an email.

Gmail scanned my purchase documents

Gmail scannedThe realtor that we used to buy a new house sent all of the purchase documents through her Gmail account. So before the deal was done Google and its advertising partners had all of our information about our potential purchase. This will become public information when the title is transferred, but I was really disappointed to just give this information to Google. In a court document in 2013 a Google representative stated “Gmail users and their contacts have no reasonable expectation that their correspondences will not be scanned for the purpose of targeting advertising”.  Google had all of the transaction information before the seller had a chance to read the message. This is the world that we chose by wanting everything for free.

From the revised Google Privacy Policy on February 25, 2015 is says “When you share information with us, for example by creating a Google Account, we can make those services even better – to show you more relevant search results and ads”.  This applies to anyone that you send or receive information with through your Gmail account.  This applies to both parties in the message even if one does not have a Gmail account and has not agreed to the Google terms of service.

I know that I am more sensitive about this topic than most people because it is my job to help secure electronic information and intellectual property for people and businesses.

What options does a real estate professional have to protect client information from the big corporations providing email services? Not every email provider is as aggressive as Goggle to grab every bit of information about your business and personal transactions. Google does provide a free messaging system that is reliable and works across multiple types of devices, ie your iPhone, Microsoft desktop computer and your android tablet.  Microsoft, AOL, Yahoo and Zoho have free and paid email services that have similar features.  Many web hosting companies also provide email service with your own domain name for five dollars per month or less.

Microsoft Outlook gives you a choice between a free email account with unlimited email storage with advertising alongside the email message or a $20 per year account without any ads. Microsoft does not scan your email message to improve the ad placement for everything that you do online. This means the documents and messages to your clients are not spewed across that web to everyone that finds the information valuable.

America Online as an email provider is alive and well but dated like a house from the 80’s.  It has good bones, but needs a remodel.  AOL allows unlimited storage for your email messages, has spam protection and virus protection for your messages.  Ads are shown with the email messages.

Yahoo email is free, ad supported messaging that reads everything inside your message.  The Yahoo’s terms of service were changed in June, 2013 to allow content scanning and analyzing of your communications content to target ads, offer products and preform “abuse protection”. This is the same type of policy that Google is using for its email service.  At Yahoo you can store up to one terabyte of email information, many years of your life online.

Zoho creates online applications and is a source for free email.  The Zoho experience includes 5 gigabytes of online storage for your email, with no ads.  You can purchase your own domain name, to promote your brand.  Yes that domain is available for $10/year.  Zoho’s free account includes up to 10 accounts with the same domain name and use of their online office applications.

The last option is paying for a domain and web hosting. This is also an affordable way to promote your image.  You will pay more for business cards over the next three years than you will for web hosting and email with a domain name.  $130 gets three years of email and hosting for a web site for your business identity.

Logmein Phishing scam

I received an email message from Logmein in my inbox.  Fortunately I was out of the office and could not look at this until all of my tasks were complete.  The title of the message is “Automatic payment failed – Credit Card rejected”.  There is a Microsoft Word attachment to this message also. The anti-virus and malware companies were busy today with 32 out of 57 adding a signature for the Trojan that is embedded in the Word document. This message does not include a logo for Logmein in the message.

Checking the file tab, then the properties box in Outlook allowed me to view the header information in the message.  The sending mail server was located in the domain.  Logmein headquarters is in Boston, Massachusetts.  From the Logmein contact us page they do not have an office in Italy.  The message id field in the message has showing that generated the message. was registered in August of 2000.  The web site proclaims that it is  the “Home of projects – literally numbering in the single digits – that languish in a place called ‘90% finished’.” These funny guys have yet to register, this domain is still available.

The sender id result on the message header shows that it failed.  If you were using Office 365 for your email server this message could have been blocked.   In the exchange protection advanced setting you can mark all messages that fail the sender id test as spam.  This will cause ligament messages without SPF configured correctly to not reach your inbox.

When I downloaded the attached file to my computer Microsoft Security Essentials scanned the file and found the malware.  I only have the date the virus was detected by Microsoft not the time.  At the virus total  web site this file is also in email messages that claim to be from the IRS complaint department.