An increasing number of clients have contacted us about questionable emails that they are receiving, appearing to come from known contacts they do business with locally. These phishing emails appear to come from known contacts of the client and direct the recipient to the legitimate DropBox web site (See screen shots below). DropBox requests the recipient to download a PDF document, and when clicked, asks the user to enter their Office 365 Outlook login username and password to complete the request.
If you receive one of these emails, please forward a copy to us. We will review the email and direct you to delete it if it is considered phishing. If it is a phishing email and you know this business or contact, this means the sender’s email account has been compromised and you should contact them by phone to inform them. We have also learned the phone numbers in the phishing email’s footer has been changed, so please use a known phone number from your own contact database and use this fact as another indicator of a phishing email attempt.
Here is what to look for:
Clicking on the attached PDF brought them to a realistic-looking DropBox web page.
However, the three items that should make you pause are highlighted below.
The filename listed in the “Attachment Download” box does not match the file name of the attached file in the original email.
DropBox would not know that a file is an attachment. DropBox would actually display the attachment within your browser; or, would use wording like “download file.”
The use of a term like “virus free document” is not something that DropBox would indicate. DropBox does not know if the file is virus free or not. That check is performed by your own anti-virus software on your workstation.
When clicking on the link, you were taken to a fake Microsoft site and asked to enter login credentials to access Outlook. However, as you can see, the address bar does not list office.com. My password manager LastPass (the highlighted icon on the right) does not attempt to automatically fill my office.com credentials because it does not recognize this site, regardless of what I see on the screen. And lastly, you would not be prompted to log into Outlook to open a file from DropBox when you are on the DropBox web site.
Help avoid becoming a victim of having your account hacked or accessing fraudulent sites by clicking on a link in an email you receive. Sorted Solution has three recommendations:
Two Factor Authentication – Setup your web sites and accounts to use a passcode generator like Google Authenticator. Two Factor Authenticator (2FA) programs will randomly generate numeric codes that a user must supply when they are logging into your account, along with a username and password. At a minimum, you could also use SMS to have a text sent to your device from the web site when someone is trying to log in.
Password Manager – Utilize a password manager like LastPass to store and manage your application and web site passwords. When you visit a web site with a password manager, the password manager will match the web site address and auto-fill your login information. If you visit a site and your password manager does not auto-fill the information, you are not be visiting the site you expect.
Ask Us – Sorted Solution is a “no shame zone”. You can always contact us if you are unsure about an email you have received or if you clicked on a link. We will work with you to determine what happened and how to mitigate the possible effects.
If you would like assistance setting up Two Factor Authentication or a Password Manager like LastPass, please send us an email. And as always, if you have questions about suspicious emails you receive or links you might have clicked on, we’re here to help.
You may have noticed for a while now that Adobe has blocked Flash content from working on your computers and devices, that’s because Flash has officially been retired. Adobe stopped supporting Flash on December 31st and as of Tuesday (Jan 12, 2021) it’s blocking all Flash content. Adobe is suggesting users uninstall Flash Player to help protect their systems as there will be no more security patches moving forward. You’ll find instructions on how to do this, as well as the reasoning behind it here.
Basically, Flash had been on the chopping block since 2017 as it was no longer as frequently used and was being phased out across major web browsers. While the retirement has mainly been a minor inconvenience, it posed a real problem for some people, particularly in the city of Dalian in China — that’s because they were using Flash to run their railroad system!
Slashdot reports commuters were late to work at first but the railroad’s technicians were able to get back up and running using a knockoff version of Flash.
We have all seen it, those emails that appear in our inbox that have a subject of “Your service will be disconnected unless you act now,” “Reset your password now,” and “There’s a problem with your account.” Some of these look like the real thing and your instinct might be to immediately address the request but BE CAREFUL. Before you click a link, open an attachment, or respond, to the email, be sure to check a few things:
Are there blatant misspellings in the subject line or body?
Does the company font or logo not match what you would typically see online from that specific company?’
Does the From email address appear to be from a non-company domain (i.e. yahoo.com, gmail.com, outlook.com, etc.)
Does the From email address appear to excessively long or doesn’t make sense (i.e. support@client.support.helpdesk.aeafb.intuit.com or support@chase.us.com)
Here’s a real-world example of a scam email:
Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
The email says your account is on hold because of a billing problem.
The email has a generic greeting, “Hi Dear.” If you have an account with the business, it’s unlikely you’ll see a greeting like this.
The email invites you to click on a link to update your payment details.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. This is a phishing email, where scammers are looking to obtain your personal information and can have real consequences.
If this does pass the “sniff” test and you click on a link, and you are sent to what appears to be a company website, but your password manager software doesn’t auto-populate the login, you might be at a scam site. Close your browser, and don’t go any further.
If you suspect you’re the recipient of a scam or phishing email, go directly to the web site from a new browser session and log into your account. Type in the website you know or Google it, don’t paste the link from the email. Banks, credit card companies, service providers will mostly likely send you a notice within your account if there is a problem or if they need something from you. Or, you may call the customer service department of the company and inquire about the request directly.
Alternatively, you can always forward your questionable emails to us at hello@sortedsol.com and we’ll help determine if it’s legitimate or not.
https://www.sortedsolution.com/wp-content/uploads/2018/06/blank-pixel.png00Jude Pacishttps://www.sortedsolution.com/wp-content/uploads/2018/06/blank-pixel.pngJude Pacis2020-12-13 13:06:222021-01-04 19:29:19Security Corner: Beware of Fake Emails
Google has released a critical patch to address new Zero-Day vulnerabilities that can impact Google Chrome. By default, Chrome is set up to auto-update but if when you first installed Chrome you happened to select to manually update, you’ll need to that now. If you’re unsure where you stand, here’s how to check:
Launch Google Chrome
On the top right of the Web browser, click the three vertical dots
In the drop-down menu click Help
Then choose About Google Chrome
If you see a message that reads: Google Chrome is up to date, you’re up-to-date.
If you learn you’re not up to date, then please click the Update option on the About Google Chrome page to initiate the Chrome update process.
Google recently found security vulnerabilities in Chrome and this update patches those security vulnerabilities. It’s important to keep software up to date all the time, and particularly around the holidays when scammers tend to up their efforts. As an aside, please remember to not open any emails, click on links, or open any attachments from people that you don’t know. Also, even if you do know the sender, if something feels off, call or email that person from a new email that you create, to check if they’ve indeed contacted you.
https://www.sortedsolution.com/wp-content/uploads/2018/06/blank-pixel.png00Jude Pacishttps://www.sortedsolution.com/wp-content/uploads/2018/06/blank-pixel.pngJude Pacis2020-11-19 16:00:402021-01-04 19:29:19Security Corner: Time to Check Google Chrome is Up to Date
Sorted Solution is working with Special Effects Supervisor of Welcome to Chechnya and creator of the Digital Vail software Ryan Laney to make this new technology available to documentary filmmakers.
From Academy Award-nominated director David France comes Welcome to Chechnya, a powerful and eye-opening HBO documentary about a group of activists risking their lives to confront the ongoing anti-LGBTQ persecution in the repressive and closed Russian republic of Chechnya.
Further complicating the production of the film was the need to protect the identities of interviewees. Director France wanted to put a real human face on the story, so conventional techniques of disguising one’s appearance, such as blurring their faces, filming them in darkness or hiring actors to stage re-enactments were not enough. Eventually he opted for advanced facial replacement techniques using Artificial Intelligence and novel visual effects technology, so the viewer could see real faces displaying real emotions, while still protecting the identities of the speakers. The approach is a “game changer in identity protection,” according to Documentary Magazine, and a brand new tool for documentary filmmakers.
Phishing Scam Notice
/in News /by Jude PacisAn increasing number of clients have contacted us about questionable emails that they are receiving, appearing to come from known contacts they do business with locally. These phishing emails appear to come from known contacts of the client and direct the recipient to the legitimate DropBox web site (See screen shots below). DropBox requests the recipient to download a PDF document, and when clicked, asks the user to enter their Office 365 Outlook login username and password to complete the request.
If you receive one of these emails, please forward a copy to us. We will review the email and direct you to delete it if it is considered phishing. If it is a phishing email and you know this business or contact, this means the sender’s email account has been compromised and you should contact them by phone to inform them. We have also learned the phone numbers in the phishing email’s footer has been changed, so please use a known phone number from your own contact database and use this fact as another indicator of a phishing email attempt.
Here is what to look for:
Clicking on the attached PDF brought them to a realistic-looking DropBox web page.
However, the three items that should make you pause are highlighted below.
When clicking on the link, you were taken to a fake Microsoft site and asked to enter login credentials to access Outlook. However, as you can see, the address bar does not list office.com. My password manager LastPass (the highlighted icon on the right) does not attempt to automatically fill my office.com credentials because it does not recognize this site, regardless of what I see on the screen. And lastly, you would not be prompted to log into Outlook to open a file from DropBox when you are on the DropBox web site.
Help avoid becoming a victim of having your account hacked or accessing fraudulent sites by clicking on a link in an email you receive. Sorted Solution has three recommendations:
If you would like assistance setting up Two Factor Authentication or a Password Manager like LastPass, please send us an email. And as always, if you have questions about suspicious emails you receive or links you might have clicked on, we’re here to help.
Goodbye, Flash
/in News /by Maria CoderYou may have noticed for a while now that Adobe has blocked Flash content from working on your computers and devices, that’s because Flash has officially been retired. Adobe stopped supporting Flash on December 31st and as of Tuesday (Jan 12, 2021) it’s blocking all Flash content. Adobe is suggesting users uninstall Flash Player to help protect their systems as there will be no more security patches moving forward. You’ll find instructions on how to do this, as well as the reasoning behind it here.
Basically, Flash had been on the chopping block since 2017 as it was no longer as frequently used and was being phased out across major web browsers. While the retirement has mainly been a minor inconvenience, it posed a real problem for some people, particularly in the city of Dalian in China — that’s because they were using Flash to run their railroad system!
Slashdot reports commuters were late to work at first but the railroad’s technicians were able to get back up and running using a knockoff version of Flash.
Security Corner: Beware of Fake Emails
/in News /by Jude PacisWe have all seen it, those emails that appear in our inbox that have a subject of “Your service will be disconnected unless you act now,” “Reset your password now,” and “There’s a problem with your account.” Some of these look like the real thing and your instinct might be to immediately address the request but BE CAREFUL. Before you click a link, open an attachment, or respond, to the email, be sure to check a few things:
Here’s a real-world example of a scam email:
Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
The email says your account is on hold because of a billing problem.
The email has a generic greeting, “Hi Dear.” If you have an account with the business, it’s unlikely you’ll see a greeting like this.
The email invites you to click on a link to update your payment details.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. This is a phishing email, where scammers are looking to obtain your personal information and can have real consequences.
If this does pass the “sniff” test and you click on a link, and you are sent to what appears to be a company website, but your password manager software doesn’t auto-populate the login, you might be at a scam site. Close your browser, and don’t go any further.
If you suspect you’re the recipient of a scam or phishing email, go directly to the web site from a new browser session and log into your account. Type in the website you know or Google it, don’t paste the link from the email. Banks, credit card companies, service providers will mostly likely send you a notice within your account if there is a problem or if they need something from you. Or, you may call the customer service department of the company and inquire about the request directly.
Alternatively, you can always forward your questionable emails to us at hello@sortedsol.com and we’ll help determine if it’s legitimate or not.
Security Corner: Time to Check Google Chrome is Up to Date
/in News /by Jude PacisGoogle has released a critical patch to address new Zero-Day vulnerabilities that can impact Google Chrome. By default, Chrome is set up to auto-update but if when you first installed Chrome you happened to select to manually update, you’ll need to that now. If you’re unsure where you stand, here’s how to check:
If you see a message that reads: Google Chrome is up to date, you’re up-to-date.
If you learn you’re not up to date, then please click the Update option on the About Google Chrome page to initiate the Chrome update process.
Google recently found security vulnerabilities in Chrome and this update patches those security vulnerabilities. It’s important to keep software up to date all the time, and particularly around the holidays when scammers tend to up their efforts. As an aside, please remember to not open any emails, click on links, or open any attachments from people that you don’t know. Also, even if you do know the sender, if something feels off, call or email that person from a new email that you create, to check if they’ve indeed contacted you.
Using Deepfake Artificial Intelligence Technology to Protect
/in News /by Maria CoderSorted Solution is working with Special Effects Supervisor of Welcome to Chechnya and creator of the Digital Vail software Ryan Laney to make this new technology available to documentary filmmakers.
From Academy Award-nominated director David France comes Welcome to Chechnya, a powerful and eye-opening HBO documentary about a group of activists risking their lives to confront the ongoing anti-LGBTQ persecution in the repressive and closed Russian republic of Chechnya.
Further complicating the production of the film was the need to protect the identities of interviewees. Director France wanted to put a real human face on the story, so conventional techniques of disguising one’s appearance, such as blurring their faces, filming them in darkness or hiring actors to stage re-enactments were not enough. Eventually he opted for advanced facial replacement techniques using Artificial Intelligence and novel visual effects technology, so the viewer could see real faces displaying real emotions, while still protecting the identities of the speakers. The approach is a “game changer in identity protection,” according to Documentary Magazine, and a brand new tool for documentary filmmakers.
See the HBO trailer, read The NY Times and Vox articles.