To our valued clients,

Zoom Hosting wishes you are in good health!

In light of the current pandemic, our team would like to advise of another event that you should be equally cautious about.

Commonly known as phishing, this crime entails a long list of techniques with one common goal in mind: for hackers to obtain sensitive information from their victims. Pieces of information include credit card information, purchase orders, deposit slips, and user credentials. Common phishing scams are as follows:

1. Credit card phishing scam
2. Bank phishing scam
3. Email phishing scam (AKA email spoofing)
4. Website phishing scam

Common characteristics of a phishing scam:

1. The email projects unusual urgency.
2. The email or website has a poor design.
3. There are misspelled words, both intentionally (to mimic the real institutions) and unintentionally (since these emails or websites are created by less proficient individuals).

Several literatures available online confirm that the identification of the source of spoofing is rather unlikely due to the factors inherent to both user and spammer. For the part of the user, possible entry point includes infected local computers and unscrupulous use and disclosure of email addresses from both legitimate and less-legitimate transactions. For the part of the scammer, changing IP sources is not uncommon practice, further complicating the process of detection of source; more so, toughening the manual blacklisting of IP addresses
of confirmed spoofing.

Among our recommendations to mitigate the reoccurrence of similar incident include:
1. Err on the side of caution when there is a need to use corporate email address on newsletter subscriptions,
multiple recipient email threads, posting on the Internet.
2. Avoid using public Wi-Fi sources
3. Update passwords every so often
4. Be cautious in clicking hyperlinks or document attachments found in email especially if they seem to be
irrelevant or containing misspelled words

There are two methods for email impersonation. And there are approaches to mitigate further implications, if not totally eradicate the possibility of reoccurrence.

Method #1 – Email Address Spoofing: Employee’s email address and his name are spoofed on an incoming email so that the sender appears to be: John Doe <jon.doe@companyname.com>

Method #2 – Display Name Spoofing: Only the employee’s name is spoofed, but not the email address:
John Doe <john.doe18@gmail.com>

In method 1, you should check with your engineers regarding configurations to ensure that email authentication protocols are in place, including SPF, DKIM, and DMARC.

In method 2, the actual email address user is the better defense to prevent the spammer from achieving his goal. Here, the email address is not forged; hence the addition of three DNS records would not be helpful in blocking the spoofing email. Hence, the user should be cautious when clicking on any of the unsolicited attachments or links in the email. Acting on the request mentioned in the spoofing email which is most commonly written as “URGENT” should also be taken with a grain of salt.

A way for end users to identify email spoofing is by adhering to the following instructions: 1) Open the email message on the inbox; 2) Go to source; 3) Look and compare the IP address of the sender by conducting ping test on the domain name both IP address and domain name match. Alternatively, visit leafdns.com when comparing the IP address and domain name.

One important thing to highlight is that the spammer’s capability to send unwanted emails to any from the cluster of email addresses does not necessarily equate to the spammer having access to respective mailboxes of the legitimate users.

Follow these recommendations on your end while our team at ZOOM HOSTING will perform utmost care on our servers where your account is hosted. Together, let’s thrive online.

Sincerely,
ZPH TEAM



Friday, September 25, 2020





« Back