Preventing Phishing the Company From Your Domain

If a phish or spam comes into your company with a From address of your company’s domain, recipients may be more likely to take action.   That quick decision can lead to compromised computers.  Coca-Cola found itself the victim of a hack when an email masqueraded as Coca-Cola’s chief executive, sending an email to Paul Etchells, Coca-Cola’s deputy president …

Continue reading ‘Preventing Phishing the Company From Your Domain’ »

Epsilon Breach will Lead to Phishing Season Security Companies Predict

Over the weekend, email marketing firm Epsilon revealed that it had been hacked and that some of their client customer lists had been stolen. Names and email addresses were stolen.  With the link between your email address and the particular client of Epsilon, it is now much easier to create a targeted phishing email. Phishing emails …

Continue reading ‘Epsilon Breach will Lead to Phishing Season Security Companies Predict’ »

Magazine Publisher Phished for Millions

Magazine publisher Conde Nast received a email from a company with a name similar to their regular printers asking them to update their payment information.   Conde Nast dutifully began sending their monthly payments electronically to a bank account in Houston Texas. $8 million was collected before the printers contacted the publisher to ask why they hadn’t been paid.  Surprisingly the …

Continue reading ‘Magazine Publisher Phished for Millions’ »

Opportunistic TLS and MessageLabs

Back in February 2008, I suggested to the Sendmail admins that we look into opportunistic TLS.   Like all encryption there is a performance hit.   Unlike S/MIME or PGP the encryption is only during transit between links.   Additionally there is no guarantee that all links will be encrypted.   Hence the word opportunistic.   While you don’t want to …

Continue reading ‘Opportunistic TLS and MessageLabs’ »

Webmail Account Compromises

A couple of my friends had their webmail accounts compromised and I got pharma spam  from them over the weekend.   One had a Hotmail account and another a Yahoo account.   I’m not sure whether they should be mocked more for using accounts at those domains or for getting compromised. Restoring Access If this happens to you and you’re really …

Continue reading ‘Webmail Account Compromises’ »

That’s Not from the Copier

A lot of copiers now have the ability to scan documents and email the result as a PDF. I’ve never quite understood why people don’t take the time to change the default subject line. On a Xerox it is something like “Scan from a Xerox WorkCentre” to something a bit more descriptive. Worse yet, I’ve …

Continue reading ‘That’s Not from the Copier’ »

Email Message Size Limits – The Update

The Microsoft Exchange team wrote a blog back in 2006 summarizing the need to email message limits. Email size limits help protect you against denial of service attacks. Intentional or not Internal sender or external, a large message can consume all available resources. The problem can be aggravated by Antivirus for Exchange. It only has …

Continue reading ‘Email Message Size Limits – The Update’ »