Email White List and Safe Sender Guide

To better stay in touch via email, you should add vendors and special contacts to your “safe sender” list. This prevents important communications from ending up in your spam folder. For more information about how to do this using your email client, refer to the Whitelist Guide here. This will help ensure that email communications get delivered to you and are not diverted to your spam folder, avoiding necessary, informative and messages of interest from being missed.

Instructions can be found here:

The National Do Not Call Registry

Gives you a choice about whether to receive telemarketing calls

  • You can register your home or mobile phone for free.
  • After you register, other types of organizations may still call you, such as charities, political groups, debt collectors and surveys. To learn more, read our FAQs.
  • If you received an unwanted call after your number was on the National Registry for 31 days, report it to the FTC.

For more options and information click here:

//www.donotcall.gov/

AlternativeTo – Crowdsourced software recommendations

AlternativeTo lets you find new Windows, Mac, Linux, online and mobile software based on applications you already know instead of useless categories. AlternativeTo is a new approach to finding good software. Tell us what application you want to replace and we give you suggestions on great alternatives! Instead of listing thousands of more or less crappy applications in a category, we make each application into a category. Think of it like forever evolving blog posts about good alternatives to the software that you’re not satisfied with. And the “blog posts” are generated by you through suggestions, comments and votes..

Site Link: //alternativeto.net/

FBI Recommendations on Business Email Compromise (BEC)

The menace of Business Email Compromise (BEC) is often overshadowed by ransomware but it’s something small and medium-sized businesses shouldn’t lose sight of.

The FBI Internet Crime Complaint Center (IC3) has alerted US businesses to ongoing attacks targeting organizations using Microsoft Office 365 and Google G Suite.

Warnings about BEC are specifically to those carried out against the two largest hosted email services, and the FBI believes that SMEs, with their limited IT resources, are most at risk of these types of scams:

Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.

As organizations move to hosted email, criminals migrate to follow them.

As with all types of BEC, after breaking into the account, criminals look for evidence of financial transactions, later impersonating employees to redirect payments to themselves.

For good measure, they’ll often also launch phishing attacks on contacts to grab even more credentials, and so the crime feeds itself a steady supply of new victims.

Turn on Multi-Factor Authentication (MFA)

One takeaway is that despite the rise in BEC attacks on hosted email, this type of email is still more secure than the alternatives provided admins turn on the security features that come with it.

The FBI has the following general advice:

  • Enable multi-factor authentication for all email accounts
  • Verify all payment changes via a known telephone number or in-person

And for hosted email admins:

  • Prohibit automatic forwarding of email to external addresses
  • Add an email banner to messages coming from outside your organization
  • Ensure mailbox logon and settings changes are logged and retained for at least 90 days
  • Enable alerts for suspicious activity such as foreign logins
  • Enable security features that block malicious email such as anti-phishing and anti-spoofing policies
  • Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent spoofing and to validate email

The FBI also recommends prohibiting legacy protocols that can be used to circumvent multi-factor authentication, although this needs to be done with care as some older applications might still depend on these.

New Android Malware Poses as Security Update to Take Control of Devices

The malware can record calls, take photos, and perform a variety of invasive actions.

Before you approve what appears to be a new Android update, you may want to verify that you’re installing the real thing.

According to mobile security firm Zimperium zLabs, a new form of malware disguised as a system update is making the rounds on Android devices. Instead of actually upgrading users to a new version of the operating system, the malware commandeers the phone to take advantage of several functions. It lets bad actors record audio, phone calls, take photos, access messages within third-party messengers like WhatsApp, and even search for specific file types present on the phone.

This invasive “app” is considered a “sophisticated spyware campaign with complex capabilities,” according to zLabs researchers. After installation, the device becomes registered with the Firebase Command and Control (C&C) and reports information about WhatsApp, storage information, the internet connection, and a swath of other details.

Triggering the spyware comes in different ways: installing a new app, receiving a text, or even adding a new contact. From there, call recording can begin if calls are made or received. Messages can be logged. It’s a whole suite of bad news, especially when users have no idea it’s all taking place.