Here’s what has been posted lately to Email Host Security as of February 21, 2023

Posted on by tech

Hello folks,

Welcome to another blog talking about what has been posted lately to Email Host Security.

For those who don’t know, This web site is a resource to lerarn about what’s going on in the criminal and phishing landscape as well as things you can do to protect yourself.

One article which won’t make it in since its a bit older is appropriate for this post, so I’m including it separately. Its a Phishlabs article that is titled More than Half of All Phishing Sites Impersonate Financials in Q4 which was posted on the 16th of February.

This is a very interesting article because we’ve been predicting for years that most sites would eventually be secure and its coming true. But as for financials being targeted, it only makes sense because that’s where the money is.

I was sending Nick snippits of some of the spam I’ve been seeing, and while .shop is dominant, .quest and .email are also there too. We also have .today here too. Whether it is a financial attack or any others talked about within that article, we want you to know what’s going on.

As I write this, I think we can just get this in to the list, so the double post on this particular article is intentional.

We’ve been seeing book titles but have not added anything as of yet. I think the intent is to list all of these with a note that not all may be up to date. I need to check with my advisor if I have it in place or not, it seems like I do, but I’ll doublecheck before doing a mass edition.

Blog posts

With that said, here are the blog posts that we’ve added to the site including the one above just added as we type.

Kim Komando and compnay seem to be right on top of these things as of late, thanks gang for putting out the news we can share with each and every one of you readers whether you get it on the blog or the site directory.

Books

We have not added any new books, but maybe we’ll go ahead and list all of the books so people can see the entire list.

Did you see something that is teaching you something and its not here? Send a note!

  • Mark Russinovich
  • Scott Schober
  • Kim Zetter
  • Mikko Hyponnen
  • Kai Roer and Perry Carpenter
  • Robert Kerbeck
  • Renee Dudley and Daniel Golden
  • Andy Greenberg
  • Christopher Hadnagy, Michele Fincher and Robin Dreeke
  • Adam Levin

    • Companies

    We’ve not added any companies lately. Did I cover all of the companies that should be listed that provide a product or service that could be valuable? Please add ones you know of by sending me a note.

    Companies and services of interest
    Company or service name Description of company or service
    Phish Labs by Help Systems Phishlabs was started after a security engineer turned product engineer found that he could take Phishing sites down, but they came back up shortly after. Phishlabs runs a blog that talks about the landscape as well as protecting large companies and their brands from impersonation attacks as well as other attacks they might face. They may reach out to other companies if they detect something that needs taken down. The heading on the home page says it all. It says: “Digital Risk Protection through curated threat intelligence and complete mitigation.” They are now part of Fortra. More info on Fortra on their web site.
    Virus Total Virus Total is a service where you can send files and URL’s for analysis. The site will return any negative results, telling you what might be a problem so you can be informed what you receive. For best results if using screen readers, the JRN recommends you use Chrome.
    Trend Micro Trend Micro is one of the leading antivirus companies. They’ve been in business for at least 30 years if not longer. They’ve got products for home, business and more. They even have a free product called house call which works with the main hard drive to find problems.
    F-Secure F-Secure is one of the leading antivirus products that has also been around for at least 30 years. While the JRN has no experience with this suite of products, they have a lot going for them. One of their employees has worked for them before they became F-Secure and has recently written a book.
    Malware Bytes Malwarebytes is one of the most accessible pieces of software out there to protect you from malware and ransomware. The price is pretty reasonable and it seems to do a great job. They’ve been around for quite a number of years, and is recommended in the blind community. Their slogan on the home page in heading says: “CYBERSECURITY.
    FOR EVERY ONE.”
    Know Before: Security Awareness training Know before (knowbe4) is a company out there providing training on the different aspects of security including phishing. They’ve had clubhouse rooms that I enjoyed where we talked security and scams of interest. Please check them out, as some things may be free to get.
    Have I Been Pwned (poned) Have I been Pwned (poned) is a web site started by Troy Hunt that allows people like you and I to check our email addresses and phone numbers against known breaches. This information will not include your information, but can link you to known breaches that may include the info you supplied to the site. Links include a domain search, web sites that have been pwned, a password search and other informational things like largest breaches as well as recently added breaches. Stay in the know with Have I Been Pwned!
    Expand Shortened URL’s This service allows you to expand shortened links from all kinds of services like goo.gl, is.gd, bit.ly and others. It will show you where the final destination of a link goes to. It will not tell you whether it is safe, although it does have Google Safe Browsing alerts available to you. Use this in conjunction with Virus Total to determine if a link is safe. If you trust where the URL is pointing to alone, great! If you still have questions, use Virus Total’s URL checker. We’ve seen expand url say that it is safe according to google safe browsing, but 2 products from Virus Total may say it is malicious or spam. A link to Virus Total is in this list and is highly recommended.
    Abuse IP database ,/td> Abuse IP database is ran as a repository to keep the Internet safe. You can check domains or IP address to see if they’re used for spam or malicious activity. I’ve used this when getting tons of spam through my contact forms to determine if it is a network that I can block. There may be false positives, so blocking a whole subnet may not be practical, but if you see many spam messages using forms or other commenting systems, you might not have much of a choice. They provide an API for automating these things. Check out the site to see if it might be of use to you. An account is free. They do have payment options available to you.

    Terms

    We have not added any new terms, but I know some may be related especially when Phishing is concerned. Let’s review the list of terms we have to date minus the Know Be4 list.

    Are we missing anything?

    I’m not confident we have everything. With a changing landscape, there has to be something we’ve missed. Please send a note using the contact information in the podcast or blog to contact us.

    We’ve got more articles on the blog section, but we’ve only posted what’s new in that section. Maybe we’re missing something that we should have in the list.

    Thanks so much for reading, make it a great day!

    Discover more from The Technology blog and podcast

    Subscribe to get the latest posts sent to your email.

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Related Posts