Two New Phishing Tactics You Need To Know About: Voicemail Spoofs and Dropbox Links

UPDATE 6/12/14: We've just learned that the virus being spread by the new tactics we reported yesterday is, in fact, the dreaded Crypyolocker ransomware, on which we've reported before. All the more reason to think twice before clicking links in emails!

We all know by now that as our safeguards against cybercriminals become more sophisticated, so do their methodologies. It's a classic arms race. What isn't as widely known, though, is that while evolving technical safeguards are invaluable, so is an evolving awareness of the ways criminals try to trick people. As a team of technology experts who partner with our clients to help them get the most out of their technology, we try to help users with both.

Toward that end, we wanted to make everyone aware of two email phishing tactics cybercriminals are using to target unsuspecting users.

Tactic 1: Voicemail Spoofing

We've noticed recently that scammers are trying to trick users into installing malicious software by sending emails designed to look like internal voicemail service messages (see the example below). It's not uncommon for businesses to have systems set up to forward audio files of voicemail messages to the appropriate parties--and such features can be extremely useful. Unfortunately, this also means that tactics like this can be hard for users to detect.

So, what's the answer? If you know your company's phone system has an email forwarding system in place, make sure you know exactly what those legitimate emails look like so that you can distinguish them from scam emails. Above all, don't click on any links or open any voicemail attachments unless you're absolutely sure they are coming from your company's actual voicemail system.

Which brings us to our next point . . .

Tactic 2: Dropbox Links

One of the universal rules of thumb for avoiding malware sent via email is, as we noted above, "Don't click on attachments unless you know with absolute certainty where they are coming from." The more widely known this rule of thumb becomes, the less effective attachments will be for cybercriminals--which is probably why they have now turned toDropbox, an extremely popular (and perfectly legitimate) cloud hosting service.

Instead of sending attachments, some purveyors of malware are now sending links to publicly shared Dropbox folders that contain mailicious software (again, see the image on the left).

So, what's an unsuspecting user to do? The advice is the same as it is with attachments. Don't click on Dropbox links unless you're absolutely sure you trust the sender.

And, when in doubt, always talk to your network adminstrator before clicking on anything. If you're a client of 3n1media, well, you know who to call. Feel free to let us know if you have any questions.

As Microsoft Releases A Security Patch For Internet Explorer (Including XP Users), Here Are 3 Tips For Safer Browsing


Reports surfaced earlier this week that a vulnerability had been found in Microsoft's Internet Explorer web browser, exposing users to serious malicious attacks. Today, Microsoft announced that there is a security patch available to fix the vulnerability.

The most newsworthy aspect of this story is that the security patch is available to Windows XP users. This is surprising because Microsoft officially ended support for XP on April 8th, leading many people to think, with good reason, that XP users were out in the cold on this one. Apparently, though, Microsoft decided to go ahead and give XP users the update, since the vulnerability surfaced so soon after the end-of-support date.

At any rate, we thought this would be a good time to remind our friends--especially those still running XP--of a few key tips for secure web browsing.

1. XP users should upgrade.

Don't count on Microsoft remaining charitable with security patches. The recent IE security vulnerability was such a big story because--at least in theory--the end of support means that security fixes like this one won't be available in the future, and around a quarter of the computers in the world are still running XP. If your computers are among that number, feel free to reach out to us to start strategizing an upgrade.

If you must continue to use XP, consider using another web browser, like Firefox or Google Chrome, since they will continue releasing browser security patches to XP users, at least in the short run.

2. Java is at the root of many browser security issues, including this one.

As we've written before, a good number of vulnerabilities that hackers find in web browsers have their root in the Java plugin. Users can prevent a number of attacks simply by disabling the Java plugin in their browsers.

3. Be wary of where you browse, and think about using a content filter.

Cyberattacks executed through web browsers really only happen when a user visits an infected website. While avoiding such websites may be more easily said than done, there are a few things you can look for. Many times, hackers will infect otherwise legitimate websites whose owners appear to have let their sites go to seed, so to speak. So, avoid websites that look like they haven't been updated in a while. And do not click links you receive in emails unless you are absolutely positive that you trust the sender, and that the sender is who he/she says he/she is.

Furthermore, we've found that content filters actually cut down on malware attacks by detecting and blocking infected websites--even those that do not contain objectionable content. Because they have become highly sophisticated in recent years, many filtering solutions also protect users from outdated websites that might carry malware. Feel free to contact us if you're interested in learning more about implementing a content filter.

And, as always, let us know if you have any questions. Unfortunately, these kinds of vulnerabilities are all too commonplace in the tech world. Still, with awareness and the right precautions in place, cybersecurity is attainable.

What You Need To Know About Heartbleed: A User-Friendly Guide


By now, you've probably heard at least something about Heartbleed, a fairly widespread security bug in the way some websites protect user data. There's a lot of information floating around out there, so we wanted to reach out to our friends and partners to get them the critical facts, and hopefully clear a few things up.

So, here are a few common questions and answers about Heartbleed:

What is Heartbleed?

We'll keep it simple: Heartbleed is the name the tech community has given a bug that was just discovered in certain versions of OpenSSL, a protocol that some websites use to encrypt sensitive data such as usernames, passwords, credit card numbers, etc. This bug has been around for the last two years, meaning that sites using affected versions of OpenSSL have been vulnerable during that time.

Which websites have been affected?

OpenSSL is one--but not the only--encryption protocol some websites use to secure their data. 3n1media, for instance, uses a different security protocol for the websites we host, so they were not affected by Heartbleed. Furthermore, not all websites using OpenSSL were affected, since only certain versions were vulnerable. Security giant Trend Micro even reports that Heartbleed poses problems for only 17% of the websites using OpenSSL.

Still, a number of widely-used web services have been affected, including Box, Dropbox, Gmail, Facebook, and Netflix. Here's a more extensive list, but keep in mind that none of the lists being published by news organizations is completely exhaustive. If you have specific questions about a website or online service, we recommend reaching out to the vendor responsible, or consulting with a trusted technology partner, like 3n1media.

Should I change my passwords?

The short answer is yes. We've always recommended that users change their passwords regularly, especially for sites that store sensitive data. That way, you're always prepared for vulnerabilities like Heartbleed. Stolen passwords will do criminals no good if they've been changed.

Still, Heartbleed is a special case. For affected websites, it matters when you change your passwords. Vendors and site operators, if they have their users' best interest in mind, are currently patching their systems to eliminate the Heartbleed bug. Once the bug has been fixed, users will need to change their passwords in the event that they were compromised before the fix (this is unlikely, but--better safe than sorry). So, be on the lookout for updates from vendors, and make sure to change your passwords when you see them. If you're not sure about a specific vendor, either consult with a technology partner, or contact the vendor directly.

As always, feel free to reach out to us if you have any questions about Heartbleed. As IT experts, we've been keeping a close eye on the situation. While it doesn't warrant mass hysteria, it is a serious security problem that requires vigilance and smart, timely action.