ISG Blog

This is just a friendly reminder to be wary of unexpected emails received, particularly from unknown users.

There continues to be a number of emails that are arriving in users Inboxes that are scams, or attempts at phishing information.

A recent one received within our organisation appeared to be an invoice with a pdf attachment.  Fortunately the user was suspicious of this because they were not aware of an impending bill and did not recognise the user.  When looking even more closely, the pdf attachment was not an attachment at all, but simply a link as per the picture attached below

The easiest way to check on such things is to allow your cursor to hover over the link, or the "attachment". The link will automatically appear either over the "link/attachment" or at the bottom of the window as per this picture

Thank you to all who are diligent and watchful as they continue to use technology to fulfill the mission of caring for people, transforming lives and reforming society through God's Holy Spirit's power.

Microsoft can analyze dangerous emails to determine why those messages made it past your spam filters.

When you receive an email that you find suspicious - potentially a phishing email - so you ignore or delete it.  Another option is to report the email to Microsoft for analysis using a free Microsoft add-in for Outlook called Report Message.  You can also use it to report a "false positive," meaning a legitimate email that was incorrectly identified as spam. Microsoft analyzes such messages to improve its spam filtering technology.

The add-in works with desktop and web clients, though the install is different.

If you use both clients, installing in one will make it available in the other however:

Installing for desktop

From your Inbox, select the Home tab then click on the Get Add-ins button

This opens the Add-ins window. In the search box type ‘report message’ as in the screenshot.

Select the Report Message add-in and install it.

For web client

From your inbox , select a message and from the right hand side of the message window click on the three dots

Scroll down to the bottom of the menu that appears and select ‘Get Add-ins’

Install is the same as for desktop client.

Using Report Message

Desktop – Select the message , then click on the ‘Report Message’. From the menu select an appropriate option. 

Web – Select the message , then click on the three dots in the message window and select ‘Report Message’ from the menu. Select an appropriate option.

Happy New Year everyone, and welcome back to work (if you have been away).

I arrived at the office today to find an email in my inbox from BNZ.  It all looked very legitimate but the information in it made me look twice to ensure it was in fact legitimate.

A couple of items caught my attention and I share these hoping that this is helpful to you:

1. I do have a BNZ account but the fact that I did not get this email in my personal email account (only my work email) made me suspicious;
2. The title of "Steven Ross" is "Operations and Outsour Manager" (I thought it should be "outsource").  Often phishing emails contain spelling errors; and
3. With a quick Google check on the Freephone number provided in the email I realised it was not the same number as advertised by BNZ.  Their number is 0800 275 269 (0800 ASK BNZ).

Needless to say I contacted BNZ, and they were not aware of this email and I assume its only starting to "do the rounds".  The lesson here is NEVER take these types of emails at face value.  ALWAYS check!!  The number two lesson is NEVER click on only link in these types of emails until you have checked.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.  Data Security is very important, and we need to be very careful whether at work or at home about how we are sharing this information online.

Should you receive these types of emails, feel free to check with ISG straight away, and NEVER click on the link!! 

Last week, Google identified a phishing scheme that could affect your google drive. The official Google statement says that this has been rectified and has been taken of care.

We are here to give the best and up to date information about the issue and a way to prevent this from happening. Here, we are going to provide what exactly happened and how important it is to keep an eye on the emails that you receive which helps you not to be a victim of phishing.

What happened: There was an massive phishing campaign which has started aiming at Google users last week. The hack was carried out by sending an email that posed as an invitation to join a Google Doc by someone in your contact list.

When users clicked on the Google Doc link, they were sent to a page that actually goes to Google.com. It then requests permission for the app that the attacker wrote to access your Gmail account.

This would allow the attacker to read your emails contacts and other actions such sending email behalf, deletes emails from your inbox, etc..

Actions by Google: In an attempt to fix this threat. Google has successful in blocking this phishing campaign and updated all its security features. Below was an official statement by Google.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Aftermath: Although Google has managed to fix the issue. There is always a chance for this to repeat again using third party apps which could deceive you.

I always remember this old saying “Prevention is better than cure”. There are ways that you can get away from this phishing emails Below are a few things that you can check before tempted to click on any emails.

• Think before you click - Have a second before you click on anything in your email.
• Keep an eye on shared documents - Always check who has access to your shared documents.
• Know your URLs - Get familiarise your URLs how they are typically.
• Report anything that is Phishy - Always report if you found anything dodge. Let the experts handle them. It is okay to ask for help, that’s why we are here for.

Another recommended way is to set up a two factor authentication. If you want to know more about it, please follow the link below. Please be aware that this process would include your smart phone. Caution must be taken if you are setting this up.

https://www.howtogeek.com/105041/how-to-secure-your-google-account-with-google-authenticator/

Under any circumstance you feel that you received a dodge email or attachment. Please Do NOT try to open and attempt to fix it by yourself.

Please log a ticket with ISG by logging into the ISG Supportal.  We are here to help you.