News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – beware of email credential harvesting

    Posted on May 31st, 2018 at 14:21 Susan Bradley Comment on the AskWoody Lounge

    A recent email came into the firm and it was sent from payment@paychex.com with a “wetransfer” file.  Enough red flags that of course I wanted to see what it was attempting to do.

    The email itself wasn’t flagged as malicious, nor the links in the email when I sent them through virustotal.com.  I ended up using reverse.it to determine that it was attempting to harvest email credentials

    All the major email services are there ready to be harvested.

    On the attacker front I have seen and heard of many stories where the attackers harvest email credentials and then gain access to the mail account.  They then set up email forwarding rules and filters so that their malicious activity (possibly money transfers or setting up new credit card accounts) are all automatically forwarded and then deleted out of the email account so that you don’t see the activity going on.  For any email service you use, consider turning on two factor authentication for when you log into a new device, bookmark the location where you can log in to review access.

    In the case of a Microsoft account it’s here:  https://account.live.com/Activity?mkt=en-US&refd=account.microsoft.com&refp=security

    Google I will go here: https://myaccount.google.com/u/2/notifications

    Bottom line –  ask yourself what do you use – especially in authentication –  and if an attacker gained access to it – how would you start digging in to determine when and if they gained access?