Sextortion Scammers Using Email Address Spoofing to Fool Victims


written by Brett M. Christensen February 1, 2019
www.hoax-slayer.net

Fake blackmail sextortion scams are increasingly common. Typically, sextortion scammers send out thousands or even millions of identical emails claiming that they have captured video of the recipient visiting a porn site. The scammers threaten to send the compromising video to all of the recipient’s contacts if they do not receive a “keep quiet” payment via Bitcoin. But, the scammers have not created a compromising video. Nor have they hijacked the recipient’s contact list. The whole thing is a bluff. However, the scammers know that at least a few recipients will be panicked into sending the requested money. To increase their chances of success, the scammers use a variety of dirty tricks to convince potential victims that the claims in their fake blackmail messages are true.

Email Spoofing Trick
One such trick is to make it appear that the email was sent from your OWN account thereby supposedly proving that they have indeed compromised your device as claimed.

Here’s an example from a typical scam email:

Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).

If you look at the sender address of the email, it will display YOUR email address. So, it may seem that the sender has indeed broken into your account to send the email. But the scammer has simply forged the header of the email so that your email address appears as the sender. This is a technique known as “spoofing’ and is not difficult to do. In other words, the email did not come from your account at all. It just looks that way because of the forged email headers.

Other Dirty Tricks
As I discuss in more detail in another report, the scammers often include user passwords in their scam emails as a way of making their false claim seem more plausible. And, in another variation, the scammers include the recipient’s phone number along with the password. The scammers are extracting passwords and phone numbers from old data breaches and automatically matching them to the corresponding email address. They can then distribute vast numbers of emails that are identical except for the password and phone number that matches each email.

Don’t Respond — Just Hit “Delete”
If you receive one of these scam emails, don’t be fooled. By including real passwords and real phone numbers, and making it appear that the recipient’s account sent the message, the scammers significantly increase the likelihood that their claims will be taken seriously. More people will fall for the ruse and send their money to the criminals. But, despite these clever tricks, the emails are still just empty bluffs. To reiterate, the sender has not hacked your computer and has not created a compromising video of you.

Don’t respond. Just hit the “delete” key.

New Phishing Email – Don’t get caught

There is a new phishing email doing the rounds claiming your incoming emails are on hold and to click one of the actions listed in the email. ( see below )

There are a number of clues to prove its spam.

Firstly the from address on service@vienna.taskwunder.com – not any Office 365 admin email address I’ve ever heard of! 🙂

Secondly – hover (don’t click) the links – they link to www.nlsandton.me – again not any email provider anyone’s ever heard of.

If you get this mail – simply delete it! 🙂

Why you need a professional email address for a business

Imagine you’re looking for a plumber online. You want to find a reputable professional who you can rely on and, after scrolling through numerous websites you finally decide on the one you want to contact. It all looks perfect until you read “Email me at joesplumbing@hotmail.com

Or what if you meet somebody at a business networking meeting. You are looking to hire a PR professional, for example, and the person you are talking to ticks all the right boxes.

Then, he hands you his business card and tells you to get in touch at cassanovajohn1987@yahoo.com.

Next time you’re on the road, keep an eye out for unprofessional email addresses. You’re sure to find one!

Unprofessional email addresses ruin the credibility of a business. You wouldn’t wear a Hawaiian shirt for a meeting with your bank manager or tell the Board of Directors the suggestive nickname you earned in Ibiza.

So, with professionalism in mind, don’t let your brand make a terrible impression with an inappropriate email address.

A custom email address helps your business to be taken seriously. If you create a professional email address, you can use the same name to create a website or simply a Facebook presence.

This will have five key benefits:

Branding

The email address joe.johnson@jjplumbing.co.uk incorporates the business’s brand name; people who see your contact details can even make an educated guess about the URL of your website.

Giving out your email address becomes an indirect way of promoting a company’s web address, whereas using joesplumbers@gmail.com gives potential customers no indication of where they can find you online.

Authenticity

A professional email address creates an air of authenticity. Using plumbingspecialist147@yahoo.co.uk, on the other hand, simply does not convey trustworthiness.

Consumers look for indications that an online business is legitimate before handing over their cash or sharing a web link with their friends so, if you have a well-presented website or Facebook presence with authoritative information and an appropriate domain name, don’t let yourself down with a questionable free email address on your contact page.

Simplicity

So many people use free email services that finding a username can be difficult. This means that people often have to add a string of numbers or an extra word to their name or nickname to find an available option.

So, while clothesshop@gmail.com looks unprofessional, clothesshop1989@gmail.com is even worse!

The lack of new username options means that getting an email address with one of the popular, free email platforms now requires creative thinking and compromises.

In contrast, emails set up with your own domain can be simple and streamlined. Some options include:

  • [firstname]@domain.co.uk
  • [firstname.surname]@domain.co.uk
  • sales@domain.co.uk, support@domain.co.uk, admin@domain.co.uk etc.

Scalability

If you founded your business as a solopreneur and have grown to house a staff of ten, using custom email addresses based on your domain name is the only realistic way to manage this growth.

When you already have saira@greatdogfood.co.uk and yasmin@greatdogfood.co.uk, creating new professional email addresses when Mark and Alex join the company is no big deal.

If you use free email addresses, however, new staff or departments will cause a headache.

Creating a series of addresses like greatdogfood-saira@hotmail.com and greatdogfood-alex@yahoo.com is unwieldy and looks, frankly, ridiculous.

Ownership

If your free email address is suspended, there is very little you can do about it because the email account never truly belonged to you. Could you cope if Gmail or Hotmail cancelled your account and lost all your messages?

If, for whatever reason, your free email account is cancelled, your customers will not be able to get in touch with you and your business cards and other promotional materials will be instantly obsolete.

Avoid this catastrophe by using email addresses owned by your business and take full control of your communications.

Conclusion

Email accounts can then be easily managed on the web, using software like Thunderbird and Outlook, or on gadgets like iPhones, Android devices and Tablets.

Speak to PR PC Support & Cloud Services for the complete package :
– Custom, Personalised domain name
– Facebook Page
– Professional business email accounts

Email addresses are not something any brand should compromise on. Create a great impression and make your contact details memorable and appropriate, not embarrassing and unprofessional.

PR PC Support & Cloud Services packages

Package 1
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Essentials Mailboxes ( £5 per month per user)

Package 2
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Premium Mailboxes ( £11 per month per user)

Optional website landing page – with logo & contact details – £50

Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

Exclaimer email signatures available soon from PR PC Support

PR PC Support will soon be adding Exclaimer email signatures for Office 365 to our product catalogue

As a multi award-winning company, Exclaimer are widely recognised for their innovative email signature software. In 2016, they won the MSExchange.org Reader’s Choice Award and were also Windowsnetworking.com’s First Runner Up. Backed by industry experts and chosen by 50 million users across the globe, Exclaimer is first-class software that is based entirely on the web.

Pain Points

If you’ve ever created an email signature from scratch , you’ll know just how time consuming it can be. With Office 365 and Exchange Online, it can be just as tricky to create signatures as there’s no real way to test their designs with a preview function or embed HTML images for upselling and cross-selling. Other pain points might include:

  • Creation of numerous transport rules for departmental signatures
  • Copy/paste HTML signature designs
  • No signatures available for mobiles and macs
  • Blank spaces in contact details
  • Not able to place signatures under replies or have reply signatures
  • Lack of consistency when getting employees to use on-brand templates

Exclaimer makes creating signatures easy

With a drag-and-drop editor, Exclaimer can be used by those at any skill level and applied to an Office 365 mailbox with ease. There’s no need to be an IT whizz or a design pro as there are pre-designed templates available to use. For marketing departments, Exclaimer enables customers to easily upload their own custom fonts, icons and images for consistent branding, while professional company photographs can be added into individual signatures too. With such a simple user setup that can be completed online in minutes, you can be ready to design email signatures straight away

Compliant, trusted and consistent software

As the world’s number one leader in email signature management solutions, Exclaimer’s smart and intuitive design is also compliant with email disclaimer law. It works by passing mail from your customer’s Office 365 mailbox through to Exclaimer’s Azure servers using Office 365 connectors. Then regional, load-balanced Azure servers add signatures to all emails sent from any device – be it desktop PC, laptop, tablet, mobile and mac. With new data protection laws closing in, it’s vital that any software you purchase is legally compliant.

Further info will be posted when Exclaimer email sigantures are available.

Signs your company has outgrown its free email solution

Free email is great when your company is first starting out. But its good to recognise the signs which tell you when when you have grown beyond the capabilities of your free email service and you need a more robust and secure solution. The business email requirements of a growing company are much different than those of a small startup. Whether you’re using Gmail or another free service, there are signs that indicate your business has outgrown free email.

These points indicate whether you should move to a paid solution or not…

1. Security
If you’ve experienced any sort of security breach — or are even worried about it happening — you need a more secure solution that offers increased, enterprise-class security capabilities.

2. Storage

Maximum storage has been reached : a very simple reason to upgrade because your free email has now become paid for. Storage space should never cause you to delete or change how you use your email, especially when paid solutions offer large stores of data.

The current state of email security
With new threats emerging daily, every organization needs an email security strategy.

3. Domain names
Using a custom domain for your business email is a vital way to ensure your business appears professional. For example, “yourname@yourcompany.com” has a lot more credibility than “yourcompany@gmail.com.” While free custom email addresses are available, they often leave you open to security threats, because the company you host through will likely have access to your data and other information.

4. Data Privacy
If you’ve ever felt the need to own and manage your email data, it’s time to move to a paid solution. Often, when you agree to free email terms, you’re granting the email provider permission to mine your data and send you ads—which is how their companies remain profitable while offering free services. Not only can this distract from your work, it also puts your company’s data at risk.

5. File sharing
Need to share files and collaborate securely with your team? Paid email solutions enable team-based collaboration and sharing without putting confidential company information at risk. Office 365 for example offers Microsoft Teams which is a great way to share files, chat, calendars etc.

Move to a secure and robust email solution that offers your growing business increased security, enhanced customization and a variety of features and capabilities to improve collaboration. Not only will this keep your company running smoothly and increase teamwork, you will minimise time spent on IT Services getting the best out of your ‘free’ solution.

PR PC Support offer both Office 365 and Microsoft Hosted Exchange. Speak to me about upgrading and migrating from free email to a secure, robust ad and spam free email solution.

 

 

Mail Services Offered by PR PC Support

We are pleased to be able to offer Microsoft Hosted Exchange mailboxes and all versions of Office 365 at competitive rates. If you are thinking of moving your email to a more secure, robust and protected mail service , or even if you currently have a Hosted Exchange mailbox or Office 365 licence – speak to me and see if I can get you a better deal for existing users or a competitive quote for new users.

All our hosted Exchange mailboxes come with free email signature software with each mailbox.

We also offer a Secure email service which works with most common email platforms.

For more information please browse below

 

Hosted Exchange

Office 365

Secure Email Messaging

BitDefender – AntiVirus

Download Brochures

Office 365

Secure Email Messaging

Acronis Backup Cloud

BitDefender AntiVirus

Email – what platform should I use and why? Free V Paid email…

Before you can decide which email type to use – you need to understand the differences between each one and the pros and cons related to each one

POP3

POP3 (Post Office Protocol, version 3) was the first major email protocol that was used in the early 1990s at the early years of the internet. A POP-based email service is simple: your email client (such as Outlook, Mac Mail, or Thunderbird) connects to the mail server and then downloads your emails directly to the computer. The downloaded email is then deleted from the server (though, most clients have a setting that can prevent this).

PROS:

  • Cheap – no licenses required – usually free
  • Supported by virtually all devices.
  • Simple to implement and configure.

CONS:

  • When a message is downloaded, it is removed from the server (if you save messages to the server, you may end up downloading the same email multiple times).
  • When a message is sent, there is no server copy.
  • If you access your mail on different devices, you’ll see different emails depending on what was downloaded to which device.
  • No way to organise your inbox. The inbox is your only folder.
  • Hasn’t had a major update since 1988.
  • Largely obsolete.

IMAP

IMAP (Internet Message Access Protocol) is the second major iteration of how people access their email – and also the most popular today. It has all the functions of POP3, but also has one major benefit that matters to most users: email syncing between multiple devices. This allows you to have the same email experience between devices because all your email (incoming and outgoing) are stored directly on the server, rather than downloaded directly to your computer. For this reason, IMAP replaced POP3 and has largely made it obsolete.

PROS:

  • Cheap – no licenses required.
  • Supported by virtually all devices.
  • Email syncing. All messages, including sent messages, are saved on the server.
  • Folder support to organize your inbox.
  • Compatibility: if your server supports IMAP, it most likely supports POP3.

CONS:

  • Easy to run out of inbox space if you never delete emails or have small storage.

 Hosted Microsoft Exchange and Office 365

Microsoft Exchange / Microsoft Office 365 is a proprietary platform developed by Microsoft. It requires the purchase of user or server licenses. Traditionally, it has been marketed to the Enterprise-level consumer and offers all the functionality of IMAP but also has other features to help businesses and organisations better collaborate among employees and staff. Features such as shared address books & calendars, shared file storage, and native integration with other Microsoft products like SharePoint and Office. Microsoft Office 365 – competes directly with Google Apps for Business – and is geared to make Enterprise-level functionality found in Exchange more cost-effective for small to medium-sized businesses.

PROS:

  • Email syncing – instead of downloading an email, a copy is created on your device while the original stays on the server.
  • Folder support to organize emails.
  • Sent messages are saved on the server.
  • Native integration with most Microsoft products.
  • Offers many collaborative tools to enable team members to share resources like calendars and documents.
  • Licenses can be purchased per-user.
  • Multiple aliases per mailbox
  • Ability to backup mailbox and restore to individual emails

CONS:

  • Can be expensive
  • Setup and maintenance requires specialized knowledge.

WHO SHOULD USE HOSTED EXCHANGE or MICROSOFT OFFICE 365?

  • If you want the benefits and functionality of Exchange server, but a more simple, streamlined experience.
  • If you want to avoid the licensing costs of a full Exchange server and only want to pay on a per-user basis.

WHICH ONE IS THE BEST CHOICE?

Your email is just as important as any of your other IT services, so you will want to make sure you’re getting the best value for money, as well as the best possible service. There are lots of free email options out on the market, but does it make sense to use them if you’re running a serious business?

BENEFITS OF PAID EMAIL SERVICES

Paying for an email service means that you can easily send emails through your own domain, so you can have a professional email address like yourname@yourdomain.com. It makes your company look professional, and make your service seem more credible. What’s more, it’s relatively easy to set up a basic email service, and many paid providers can automate the set up for you.

If you pay to host your email through private server hosting, or through a service like Google Apps or Office 365 then you will also get a more reliable service compared to free email hosting. You will also have dedicated customer service and support, plus the server you choose to host with most likely has higher security in place and email filtering to help reduce the amount of spam and viruses and malware you will receive.

Additionally, services like Office 365 offer extras such as cloud storage, and email access on the go, which can be particularly useful if you need to access your email remotely

WHY BOTHER WITH FREE SERVICES?

The big pro is that the service is free. And if you’re a small business who doesn’t rely heavily on emails to get in touch with clients or customers, then you can most likely get by for a while by using a free email client.

You don’t necessarily have to live with a @gmail.com or @hotmail.com domain either. Gmail easily lets you use their system to send emails from your own domain, however you need to have your domain set up to handle this. You can usually use the free email services that your DNS offers (usually limited to one free email address) to set up the initial server and then filter it through Gmail, Yahoo or whatever free service you want to use.

However, these free services aren’t as secure so are more open to hacking, and you’ll have to live with adverts in and around your emails. What’s more, if you’re on a free service, then your email may not be routed with priority, meaning that you may not experience an instantaneous conversation.

PRICING AND SERVICES

If you’re a small business, the attraction of a free email service might be the fact that you don’t have to deal with the cost of running an email server. However, it can cost very little to host email. Some private servers can cost a few pounds a month, and full packages such as Google Apps or Office 365 cost between £3 and £7 per month for a basic package. So cost should never be a factor when it comes to ensuring the best email service for your company!

Contact us for a quote for any of the Microsoft Hosted Exchange or Office 365 services.

PR PC Support now authorised cloud based solutions reseller

PR PC Support are now an authorised reseller of a range of cloud based solutions to assist our clients to protect their data, computers and email.

In our arsenal of solutions are:

  • Office 365 – All versions of Microsoft’s popular cloud based office and email solution
  • Acronis Backup Cloud – Trusted solution from a world leader in Backup Solutions – Secure and reliable cloud backup tailored to meet your requirements
  • BitDefender Gravity Zone – Award winning Anti-Virus / Anti-Malware & Anti-Ransomware that consistently offers superior protection, performance, and usability –  proven in major independent tests
  • Hosted Exchange email – scalable hosted mail boxes complete with free email signatures with each mailbox
  • Email Security & Archiving for hosted Exchange and on premises Exchange Servers
  • Cirius Secure Email Messaging – send and receive secure email from within your email client

Please get in touch if you want to protect your data with our online backup tools, protect your computers with our online security tools or want to upgrade or migrate your email to one of our email services.

Google Phishing Scam : Beware new scam targeting Googlemail

A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable.

 

A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable. Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people’s email accounts. It’s not clear who is running the quickly spreading scam or why. But it gives people access to people’s most personal details and information, and so the damage may be massive.

The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it’s clicked then it will give over access to your Gmail account — and turn it into a tool for spreading the hack further.
As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. The hack doesn’t only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google’s email service too.

If you think you may have clicked on it, you should head to Google’s My Account page. Head to the permissions option and remove the “Google Doc” app, which appears the same as any other.
You’ll be able to tell if it is the malicious app if it has a recent authorisation time. That app has full access to a person’s Google account as well as being able to send emails that appear to be from them, making the attack especially dangerous. The email itself comes addressed to hhhhhhhhhhhhhhhh@mailinator.com — which is the only way to know that the email is malicious. They otherwise look completely legitimate, including the account in the “from” field.