Phishing scam: "Pending message"
Phishing scam: "Pending message"- how to set my sonic wall for such type of email. We have O365 email system. Thanks
Hi! I hope the following information is of use to you :)
Abstract From: http://technology.pitt.edu/news-and-alerts/phishing-alert-pending-message-scam-from-fake-help-desk-address
Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that appears to come from the helpdesk@pitt.edu email address. It claims you have pending email messages that will not be delivered until you click a link. The link directs readers to a harmful site that attempts to collect their username and password.
The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.
**************************
Subject: Pending Messsage
Dear User ,
your two incoming mails were placed on pending status due to the recent upgrade to our database,
In order to receive the messages CLICK HERE <link removed> to login and wait for responds from HELP DESK
We apologize for any inconvenience and appreciate your understanding.
Regards,
University of Pittsburgh.
**************************
CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Abstract From: http://technology.pitt.edu/news-and-alerts/phishing-alert-pending-message-scam-from-fake-help-desk-address
Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that appears to come from the helpdesk@pitt.edu email address. It claims you have pending email messages that will not be delivered until you click a link. The link directs readers to a harmful site that attempts to collect their username and password.
The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.
**************************
Subject: Pending Messsage
Dear User ,
your two incoming mails were placed on pending status due to the recent upgrade to our database,
In order to receive the messages CLICK HERE <link removed> to login and wait for responds from HELP DESK
We apologize for any inconvenience and appreciate your understanding.
Regards,
University of Pittsburgh.
**************************
CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
If your Sonicwall appliance is on-site, there is nothing you can do there. Office365 email servers are not behind your firewall, so no amount of filtering is going to work.
Have you talked to your email admins about this? They will know what filtering products are being used.
But, keep in mind that phishing email sources change constantly. Early ones will get through. If you have a good filter, then within 24 hours those types will be blocked. Then the scammers will send from a different relay or compromised email account.
Phishing attacks are now leveraging O365 because there is an implied trust from other O365 accounts. Step 1 is to get credentials to an email account using O365. That account can be used to send thousands of messages that will not be filtered.
There is no magic rule to block the messages.
You must rely on your mail filter vendors, your admins to report attacks, and user education.
Have you talked to your email admins about this? They will know what filtering products are being used.
But, keep in mind that phishing email sources change constantly. Early ones will get through. If you have a good filter, then within 24 hours those types will be blocked. Then the scammers will send from a different relay or compromised email account.
Phishing attacks are now leveraging O365 because there is an implied trust from other O365 accounts. Step 1 is to get credentials to an email account using O365. That account can be used to send thousands of messages that will not be filtered.
There is no magic rule to block the messages.
You must rely on your mail filter vendors, your admins to report attacks, and user education.
ASKER
I'm admin of O365 . It's been configured in O365 . Do I need to get any specific AV software or any good filtering in your suggestion?
You can't write custom rules for every alert or warning that comes out. You have to rely on vendor support and automated filters.
If you're the O365 admin, then you should know if you have ATP (advanced threat protection) entitlement in your O365 environment. It's paid, not free. There are basic anti-spam and anti-phishing filters available by default. ATP anti-phishing protection is additional.
You have the ability to run inbound message through a third-party SMTP gateway and run more sophisticated tools outside of O365. But this is additional costs and complexity.
Even with these additional filtering tools, you cannot write custom rules for every alert that comes out.
Is there a specific threat or incident you are involved with right now? Or is this just a general question?
If you're the O365 admin, then you should know if you have ATP (advanced threat protection) entitlement in your O365 environment. It's paid, not free. There are basic anti-spam and anti-phishing filters available by default. ATP anti-phishing protection is additional.
You have the ability to run inbound message through a third-party SMTP gateway and run more sophisticated tools outside of O365. But this is additional costs and complexity.
Even with these additional filtering tools, you cannot write custom rules for every alert that comes out.
Is there a specific threat or incident you are involved with right now? Or is this just a general question?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
You are going to have to elaborate on this. What are you trying to say? I understood you have O365. Is SonicWALL a firewall or email security or do you have both devices? If you have SonicWALL Email Security is it an appliance, hosted or virtual?
Now tell me what is happening and what are you trying to accomplish?
Are you receiving a Phishing Scam and want to thwart it?
Do you have SPF, DKIM & DMARC in place?
Have you configured EOP (Exchange Online Protection) in Exchange Online?