Month: February 2016

Spammers Corner: Liberal Party Mail SPAM

What do you do when the Canadian Liberal Party sends you junk mail with a postage paid return envelope?

Send it back to them with some SPAM of your own! #FightSPAMWithSPAM

LiberalParty

Spammers Corner: FedEx Delivery

I cannot believe FedEx could not deliver my package! I really needed that treasure map!

fedex

Spammers Corner!

Welcome to Spammers Corner. Where the senders don’t matter, and the replies are hilarious!

After watching James Veitch’s Ted Talks video titled “This is what happens when you reply to SPAM email” I’ve been inspired to have some fun of my own.

I’m starting a new section on this blog titled “Spammers Corner” where I respond to SPAM and see what fun I can have.

It’s time to take a stance, and #FightSPAMWithSPAM!

pfSense: How To Selectively Route Traffic Over WAN

As many streaming providers are moving towards blocking VPN providers from their services, you may need to selectively route some of your devices to bypass your VPN provider. In this guide I will show you how to selectively route internet traffic from specific IP addresses in your network over the WAN connection instead of VPN to avoid being blocked by these types of filters.

To start, set a static IP address on the device you wish to selectively route. In this example, my device’s static IP address is 192.168.1.80.

Step 1: Login to your pfSense firewall. Under the firewall tab, select “Aliases”

Step 2: Click the + icon to add a new Alias for your group of hosts that will bypass the VPN. Your alias configuration should look similar to this. Click “Save” when you are finished and apply the changes:

alias

 

 

 

 

Step 3: Now that we have an alias created, we will now need to create a LAN Firewall rule to route all traffic from hosts specified in the alias over the WAN connection. Select the “LAN” tab, and click the plus sign to create a new firewall rule. Your firewall rule should look like this:

firewall

 

 

 

 

 

 
And most important of all, ensure to scroll down and click the “Advanced” button in the gateway setting and select your WAN interface. Save the setting and apply the configuration. Once saved, ensure to move this rule to the top. By doing this the VPN bypass takes precedence over your default “route any to VPN” rule.

Written By: Amardeep Juneja

Wire Fraud Phishing Scam Targeting Executives

2faOver the last few months, I’ve noticed a huge jump in Wire fraud phishing campaigns. Be on high alert for phished emails that look similar to your companies domain from known Executives asking for wire transfers! In almost all cases, hackers are moving away from spoofing email addresses and actually registering domain names similar to yours. From my recent investigations, the findings have all been the same. Here’s a break down of what is happening, and how you can protect yourself from wire fraud.

Let’s pretend the CEO of our company Contoso is named Alex Black. The real Alex Black’s email address is Alex.Black@contoso.com.

The bad actor starts off the phish by registering a domain similar to ours such as “contoso.co”. In almost all cases I have seen, the bad actors are registering domains through VistaPrint because of a free website promo they offer. Details of this can be found on PhishMe.

Once the domain is registered, they then create a legitimate email account similar to an executive at the company, in this example the CEO Alex Black. Okay so now we have our email address Alex.Black@contoso.co.

It’s time to go phishing! The bad actor then sends an email to an unsuspecting employee as Alex.Black@contoso.co. The message looks something similar to this:

Hi,

Are you busy? I need you to process a wire transfer for me today. Let me know when you are free so that I can send you the beneficiary details.

Thanks,
Sent from my iPhone.

In some cases, employees will respond back to the email, not realizing that the domain name is off. If the bad actor is asked for clarification or confirmation, they usually reply back with urgency saying they are in meetings or travelling and unavailable to talk on the phone. By creating this sense of urgency, employees can sometimes fail to think with basic common sense and fall victim to the phish.

So what can you do to avoid this type of phish?

  1. Create a standard procedure for wire transfers across your entire organization. At minimum, anyone requesting a wire transfer must validate the transfer over the phone, or create a tiered approach where there is more than 1 person involved in issuing a wire transfer and have set procedures to follow at each tier.
  2. Create rules in your message filtering system that can look out for this for your executives (Pseudo rule: Any messages where the sender contains Alex.Black, but does not contain .contoso.com, flag as suspicious).
  3. Educate your users to be more vigilant when asked for a wire transfer!

Written By: Amardeep Juneja

Hello Again World!

Some of you may be wondering what’s happened to this blog. I took some time off, and came back to realize my webhost had deleted the site!

I am now working at rebuilding and re-vamping the site. Although I will still have the latest tips, tricks, fixes and reviews, expect to see the site back up and running with more of a focus on IT Security.

See you soon!

Loading...
X