Reporting spam email to Microsoft with the Report Message add-in for Outlook

Reporting spam email to Microsoft with the Report Message add-in for Outlook

Reporting spam email to Microsoft with the Report Message add-in for Outlook

Whilst the inbuilt spam and malware filtering built in to Microsoft Office 365 has considerably reduced the amount of unwanted spam email you receive in your email account, a small amount spam can still arrive, or an email may be mistakenly marked as junk when in fact it is legitimate. Fortunately, Microsoft has an addon you can use to further reduce the amount of spam or stop legitimate emails from being marked as junk by reporting this back to them.

Known as the Report Message add-in for Outlook, it enables you to report emails using one of three categories:

  • Junk is generally referred to as spam and are unwanted senders that may be advertising their products or services to you.
  • Phishing is a person or organisation claiming to be someone else to seek your personal information. The email may appear to be legitimate but in fact is not.
  • Not junk is a legitimate email which has been misclassified as Junk.

The Report Message add-in for Outlook can be used on both Outlook and Outlook on the web and enables you to report a message as either junk, phishing or not junk. You can also choose to report the message to Microsoft for further review and investigation.

We encourage our clients who are experiencing spam issues to look at implementing this as part of their cyber security strategy.

For more information and how to set this up, please feel free to contact us.

Don’t be an April Fool – Watch out for business email compromise!

Don’t be an April Fool – Watch out for business email compromise!

Don’t be an April Fool – Watch out for business email compromise!

We have seen an increasing number of reports for business email compromise affecting organisations, so we are calling on everyone not to be an April fool!

“Business email compromise” is a where a hacker gains access to a corporate email account by pretending to be a figure such as a business owner, manager or other decision maker to defraud the organisations or its employees, customers or suppliers of money.

Whilst these scams targeted businesses working with suppliers and businesses that regularly make electronic payments in the past, small businesses and not-for-profit organisations are no longer immune.

We are aware of several cases where a business owner was compromised through a fake email which included a link to download a file from SharePoint or Google Drive location.

Business email compromise - Example of fake Microsoft Office 365 email
Business email compromise – Example of fake Microsoft Office 365 email

In order to download the file, the owner was required to login to what appeared to be a genuine Microsoft or Google sign in page, but was actually fake. Once the account details were entered they were saved and sent to the hacker.

The hacker then used these details to log in and review the contents of the business owner’s email, often accessing their email or address book, to identify contacts from their business, and use their email to send a compromised email to either the accounts department or the business’s clients.

Business email compromise - Example of fake Energy Australia invoice
Business email compromise – Example of fake Energy Australia invoice

 

Business email compromise - Example of fake ASIC invoice
Business email compromise – Example of fake ASIC invoice

The emails sent to accounts and/or clients contain a fictious invoice requesting payment or another fake link to a Microsoft or Google login page as well, then both the CEO and accounts have been compromised.

In some cases, once the scammer had control of the email account used they set up rules to forward incoming email to an external email address of the hacker, automatically delete all email coming the inbox and remove the contents of the current inbox altogether so the account holder was unaware the new email had ever been received.

To protect yourself from such scams, we strongly suggest reviewing your protection strategies including staff education and training before you are compromised. If you receive an email from someone and are required to login to access a document or invoice and you weren’t expecting it, call the sender to confirm it is legitimate. It is important to quickly get onto it.

CyberGuru provides a range of services including consulting, support and training to protect against cyber threats such as these. If we can be of assistance, please contact us.

CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

Last Friday 17 August, Chris Jeffery, Chief Guru of CyberGuru presented to over 80 senior citizens of the Brisbane’s northside community on Cyber Safety, including both phone and internet scams at the Seniors Safety Forum.

The Seniors Safety Forum, the third of which Chris has presented, is an annual event held in the local area and hosted by Stirling Hinchliffe MP, Member for Sandgate and Councillor Jared Cassidy, Councillor for Deagon Ward, as part of Queensland Seniors Week.

In his session, Chris discussed a range of phone scams, including charity scams and the more recent NBN scams. He also addressed spamming and phishing, as well as tips for online shopping, passwords, internet security software, backups and more.

CyberGuru joined alongside other local organisations, including Council for the Ageing, Queensland Fire and Emergency Services, Queensland Ambulance Service, Queensland Police Service, All About Living Sandgate, Home Assist Secure Sandgate, iHear to discuss safety in the home and in the community in the joint forum.

Chris fielded a range of questions from the audience after the session and provided copies of The Little Black Book of Scams to all who visited his display.

We thank Stirling and Jared for having us. If you would like any information on cyber safety, or presenting at an event which you feel would benefit, please contact us.

If would like any information about Seniors Safety Forum or other upcoming events as part of Queensland Seniors Week, please visit the Queensland Seniors Week website.

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

Calling all seniors! Chris Jeffery of CyberGuru has been invited to speak at the Seniors Safety Forum at Sandgate on Friday 17 August at 1:00pm.

As this is the first year he will have access to a projector, Chris will be able to show examples of spam and phishing emails and demonstrate what to look for when determining if an email is legitimate.

The forum is hosted by Stirling Hinchliffe MP, Member for Sandgate and Cr Jared Cassidy, Councillor for Deagon Ward as part of National Seniors Week.

Seniors Safety Forum 2018 Flyer

For more information and to register please visit the Queensland Seniors Week website or call 07 3639 9100 (Stirling Hinchcliffe MP) or 07 3667 6011 (Cr Jared Cassidy).

Looking forward to seeing you there!

Be wary of fake Microsoft Office 365 emails

Be wary of fake Microsoft Office 365 emails

Be wary of fake Microsoft Office 365 emails

Over the past few weeks, we have seen an increasing number of fake Microsoft Office 365 emails being received by clients. These email messages, whilst appearing to be genuine, are malicious emails sent by unauthorised third-parties.

The third-party is attempting to gain access to your email account through the use of your account details (username and password) and possibly also infect your computer or network with malware. Should they gain access to your account, they will access your emails and send messages to your contacts in your address book requesting they make payment to a specified bank account.

If you receive an email requesting that you login to Office 365 to access an invoice sent from a customer or supplier, or Microsoft advising your mailbox storage is full, or that your password is about to expire, then we strongly suggest you do not provide any information or click on any links, simply delete the email.

An example of such an email is shown below:

Example of fake Microsoft Office 365 EmailIf you find you are unsure of the legitimacy of the email then please contact us and we can advise.