There’s little doubt that Netflix is a major competitor in the video streaming industry by a wide margin. It should also come as no surprise that cybercriminals view their customers as prime targets for phishing campaigns. With the recently announced Netflix service fee hike, the ever-adaptable spammers has found an opportunity to exploit the video-on-demand company.

netflix-phishing

Here at AppRiver, our security research team has been monitoring a Netflix phishing blast. The campaign attempts to impersonate a Netflix account verification email. The email in part alerts the target (recipient) to a possible issue with his or her account. The target is then instructed to click on the provided link in hopes to correct the error. The cybercriminals use a common technique that spoofs the actual company’s domain name within an exploited website URL. The average user not paying close attention can easily overlook this visual deception and believe the link is a legit Netflix URL.

The exploited website is visually a carbon copy of the Netflix web login screen. Analyzing the HTML code of the site, we were able to find discrepancies that only confirmed our suspicions. It’s unclear during our investigation if the exploited site attempts to only steal a customer’s Netflix login credentials or if there a financial goal in mind, such as credit card numbers.

As you can tell from the screen capture above, it can be extremely difficult for the average user to visually identify this as a phishing campaign. One of the best ways for users to prevent becoming victim to this type of campaign is avoid clicking any links in the email. Instead, opt to visit the company’s website address directly. If there is indeed an account issue, you should be alerted on the website of the issue. Another helpful tip is to hover over the link provided in the email with your mouse cursor. If the link looks at all suspicious to you, try to get verification from the company that they indeed sent the email. AppRiver’s SecureTide engine has multiple rules in place blocking this Netflix phishing blast. So far, we’ve quarantined over 12,000 messages and will continue to monitor for new variants.

Office 365

 

I wanted to create a list of my top five features of Office 365. Some of these you may know about and some you may not. I hope this article gives you some good ideas on how you can make better use of Office 365. I will be doing some write ups on each of these individually soon, but this is just a quick list of my top five features. Tell me what are your favorite parts of Office 365.
1.Office 365 Groups

◦This has to be my favorite feature of Office 365. With the release of Office 365 groups, there should never be a reason you use distribution list again. When you create an Office 365 group, it will automatically create an email address.
The email address will be formatted as Groupname@domainname.com. By default, the group will only accept email from inside your organization’s network, but you can check a box that will allow people from outside your origination to send email to the email address.
When you first create the group, it will not go to the user’s mailbox like a traditional DL does. You can check a box in the settings that will send the email to a user’s mailbox, and then this will make the group function exactly like a DL does.
Now, the best part about what Office 365 groups do that DL’s do not is that when you add a new user to the group, let’s say six months later, the user can go into the group and view all the old emails. If you were using a traditional DL, then you will have users searching their mailbox to forward all the emails to this new user. Doing this takes up so much time and the user will have to repeat this process for any new user they want to add to the group. That is why even if you just wanted to create some DL’s, just use Office 365 groups instead.
Also, it does not hurt that an Office 365 group comes with its own OneDrive for Business, OneNote, Calendar and last, you can add Connectors to the group. This is a great way to have programs connected to the group, like RSS or Twitter.

2.Office 365 Video

◦At the time of this article, Microsoft has just purchased a new streaming service called—you guessed it—Stream. You can read more about Stream here.
With Office 365 Video, you can setup your own company video portal. It’s kind of like a private YouTube channel just for your company. When you upload your video to Office 365 Video, the video actually gets uploaded to Azure Media Services and it creates several different resolutions. This is great because you can use the Office 365 Video app on your mobile device, or you can use the Web browser, from any location in the world and view your company videos.
With the extra resolutions, the service will monitor your connection to make sure you are not slowing down and if your bandwidth gets to start looking slow, the service will change to a lower resolution so you do not buffer. You can also grab the embed code from the video portal and paste that code in SharePoint.

3.Unlimited OneDrive for Business

◦This is only for customers on an E3, but if you are on an E3, you get unlimited OneDrive for business storage. When your account is first created, you have 1TB of storage. You can run a PowerShell command to increase that to 5TB. The PowerShell command is:

◾Set-SpoSite -identity https://YourSharePointUrl-My.sharepoint.com/personal/Users_Account -StorageQuota 5242880

◦Once you use the PowerShell command to increase your ODFB storage quota to 5Tb, if you use up 90% of it, you can open a support request to Microsoft and they will add you another 5TB and the cycle continues as you use it up. So, you get unlimited, but it appears in 5TB increments.

4.Office 365 Planner

◦Planner is a new app that just got released to the public. Planner will help you keep track of your task and project management. It has a great interface that lets you see charts and graphs of plans (projects) and the task associated to those plan. Planner actually integrates into Office 365 groups which was the first item I spoke about in this article and is my favorite feature of Office 365. With Planner, you can assign task to users and once a task is assigned to a user, that user is added to the Office 365 Group.

5.Delve

◦Delve is probably one of the most underused application on Office 365, yet it is one of the best applications you should be using. Delve is powered by the Office graph. It’s a self-learning system and it only gets better as you add more content to your sites and libraries.
I have included a link to the Office Graph so you can click it and read all about it. It is truly amazing.
Anyways, back to Delve. Delve lets a user see all his documents he has access to see in one place. No matter if the file is in your own OneDrive for Business, any of the team site document libraries, any of the Office 365 groups libraries, any of the Office 365 Video files, or even any other users OneDrive for Business.
The last one is very important because at the time of this writing, there is no way for a user to see files that are shared with them from others OneDrive for Business folder unless they log into the browser and click the “Shared with me” button. Microsoft recently released a Delve app for Windows 10. You can read my blog on that app here.

In case the scorching-hot temperatures and thick humidity hasn’t given it away yet, summer is here!  Along with the blistering heat, summer ushers in the usage of shorts, flip-flops, swimsuits, sunscreen and other must-haves for the season. These items can be found in abundance online and at affordable prices. Need a new pair of designer Oakley sunshades? How about getting 90% off on a pair? Not so fast.

oakleysale

Our AppRiver security research team began tracking a Snake Oil spam campaign advertising Oakley eyewear at deep discounts (Snake Oil is a term used to describe “too good to be true” offerings). The online outlet store paints itself as being affiliated with Oakley but doesn’t try to pass itself off as Oakley itself. We see these types of counterfeit websites quite often. Other popular designer brands we commonly see exploited by spammers are Michael Kors, Addias “Yeezy” sneakers, Vera Wang wedding dresses etc. These fly-by-night web shops promise huge discounts on brand name items often ranging from 75-95% off MSRP. While there are legitimate online stores that may offer these types of deals on occasion, a few key takeaways from our investigation brought us to the conclusion that this email blast is anything but legit.

oakleysale1

The first detail we noticed is that the store’s domain name was registered with GoDaddy on July 15th 2016. A webstore opening less than one week ago offering extreme discounts on designer eyeware is suspicious to say the least. Another key takeaway is that there were no customer reviews or reputation information about the store available online. This isn’t surprising of course as the domain was registered only six days ago. Inspecting the content of the website itself, there are no mentions of a return or refund policy. This is a huge red flag for any consumer looking to buy products online. Lastly, the website lacked SSL/TLS security measures for transmitting sensitive data. This can allow for insecure transactions to occur during a purchase, leaving a customer’s financial information vulnerable to theft from unauthorized parties.

Despite the many flags we saw, I have to say the mock-up was quite impressive. The website had a quality look to it that could possibly pass for a legit web store. Of course, it just wasn’t good enough to fool our highly trained security specialists here at AppRiver. These types of counterfeit online stores can be hard to detect by most users so here are some tips to ensure that you are protected when shopping online:

  • Verify a store’s reputation by using a search engine or reputation websites like resellerratings.com.
  • Ensure the store has a solid return and refund/exchange policy listed on their site.
  • NEVER enter any financial information during a purchase if the website lacks a secure connection (Most Web browsers will show a closed padlock or green HTTPS in the address bar to indicate a secure connection).
  • Be reasonable about expectations on product pricing. If a brand name item is being offered at a steep discount from an unknown store, proceed with caution.

Following these online shopping best practices, you can be sure to avoid falling into a spam trap such as this. AppRiver’s SecureTide filter has quarantined over 4,000 emails from this Oakley campaign. We will continue to monitor for future variants.

When was the last time you received an email from a Nigerian prince asking you to help transfer money for him in exchange for a percentage? The catch, of course, is you have to pay an advance fee in order to receive a larger profit later on. Many of us remember back in the late 90s to the early 2000s that these and other types of advance-fee scams (also known as 419 scams) were commonplace. Roughly 15 years later, we still see these types of phishing emails appear more often than you might think. The face of the scams have evolved over the years but their intentions remain the same–to scam you out of your money.

ruble-1370418_1280

This week, we focus on a 419 phishing scam that features a scammer posing as an Audit Director of a major bank in Cambodia. The message begins by spinning a narrative to the recipient that a deceased client of the bank has no next of kin to accept funds left in the client’s account. The scammer then attempts to get the recipient to believe that with their cooperation, the bank director can have the funds released to the recipient within five days. Below is a copy of the full message:

Good day my good friend, I work with one of the major banks in Cambodia as the director of audit. I have a proposal for you, a very urgent and quick business that will be completed in 5 working days. I have just discovered documents relating to funds belonging to a deceased client of our bank, I went through all the related documents to the funds and I discovered no listed next of kin to inherit the funds which has been in our bank for more than 4 years now. I need your cooperation in getting the funds, I have the power to list you as the beneficiary of the funds and have the funds transferred to you. If you are interested, do get back to me so I can provide you with the full details.

Regards.

There’s little doubt that this email is indeed a scam, however you’d be surprised how many times people continue to become victims. The scammers use a common technique called a confidence trick to establish trust with their target victim. This helps to make the scam potent and more likely to succeed. Depending on the scam, its scope and the intended victim(s), these scams can be very effective against an unsuspecting individual. One thing to note is that 419 campaigns don’t tend to be large in scope compared to other email threats like malware campaigns. They tend to focus their efforts on sending short and small bursts of emails to targets instead.

Practicing best judgement when receiving suspicious emails, especially ones from unknown senders can be an effective measure in safeguarding yourself and your assets. Be sure to read emails thoroughly to detect any questionable content, hover over hyperlinks to verify their destination and be cautious of email containing suspicious attachments or attachments from unknown sources. Our security research team here at AppRiver will continue to monitor for these threats.

A couple of days ago, we monitored this phishing email. This request had a subject line “web site install” and nothing more. The message is shown in the image below:

WebDesignScam07122016

Obviously, this message is dubious at best. I did not reply nor follow-up. I would venture that if I did make contact, I would have been provided the .zip file. You can rest assured that the zip file would contain malicious code that once installed and executed on the host server, would lead to some very bad results.

I wanted to put this out there as I suspect these types of solicitations will become more refined, more believable and more difficult to weed out. If you are a Web developer or a web hosting provider, please don’t be mislead into contacting the originator of these types of messages. Only bad things will come your way if you do.