{"id":5920,"date":"2020-01-30T09:28:33","date_gmt":"2020-01-30T16:28:33","guid":{"rendered":"https:\/\/xmission.com\/blog\/?p=5920"},"modified":"2025-07-29T15:29:04","modified_gmt":"2025-07-29T22:29:04","slug":"lets-talk-phishing-part-2","status":"publish","type":"post","link":"https:\/\/xmission.com\/blog\/2020\/01\/30\/lets-talk-phishing-part-2","title":{"rendered":"Let&#8217;s Talk Phishing\u2014Part 2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-5961\" src=\"https:\/\/xmission.com\/blog\/wp-content\/uploads\/2020\/01\/phishing-2.png\" alt=\"\" width=\"300\" height=\"300\" \/><a href=\"https:\/\/xmission.com\/blog\/2020\/01\/27\/lets-talk-phishing-part-1\" target=\"_blank\" rel=\"noopener noreferrer\">Earlier this week<\/a> we talked about what phishing is and how these criminals try so hard to trick you out of your sensitive personal data. Now, we will cover how to identify phishing and discuss steps you can take to protect yourself and\/or your company.<\/p>\n<p><strong>Tips to identify a phishing email<\/strong><\/p>\n<p>Watch for items that stick out such as:<\/p>\n<ul>\n<li>Manny spelling errors<\/li>\n<li>Gramm\u00e5tic\u00e5l errors (Unusual \u00e7haracters, Case, bold text, or italics use.)<\/li>\n<li>Hidden or incorrect links. To test, hover over link to see an unauthorized address.<\/li>\n<li>From: or To: address that seems unusual.<\/li>\n<\/ul>\n<p>Here is an example of a real phishing attempt (malicious links removed). See if you can identify clues in the example below.<\/p>\n<p>From: &#8220;XMISSION IT Help Desk&#8221; &lt;landspeedrecord@example.com&gt;<br \/>\nTo: user@yourdomain.example.com<br \/>\nSubject: Dear XMISSION Email User<\/p>\n<div dir=\"3D&quot;ltr&quot;\" style=\"padding-left: 40px;\">\n<p><b><a href=\"https:\/\/xmission.com\/blog\/2020\/01\/30\/lets-talk-phishing-part-2\/xm_logo_1999\" rel=\"attachment wp-att-5969\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-5969\" src=\"https:\/\/xmission.com\/blog\/wp-content\/uploads\/2020\/01\/xm_logo_1999.png\" alt=\"xmission 1999 logo\" width=\"124\" height=\"29\" \/><\/a>Dear XMISSION Email User,<\/b><\/p>\n<p>We detected an unusual login of this account from another location. To help us keep your email account secured, we request an additional security challenge to authenticate your account.<\/p>\n<p>Help Desk department will be performing Authenti\u00e5ction and maintenance of the email on our new XMISSION WebMail Server this week. Authenticate <em>immediately<\/em> to avoid suspension of your account.<\/p>\n<p>Click Here }}}}}} <a href=\"https:\/\/wiki.xmission.com\/Compromised\">https:\/\/webmail.XMISSION.com<\/a> and Complete the Process.<\/p>\n<p>Thanks,<br \/>\nIT Support Desk<\/p>\n<\/div>\n<div dir=\"3D&quot;ltr&quot;\" style=\"padding-left: 40px;\"><b>XMISSION System Help Desk<br \/>\nCopyright 2019. All rites reserved<\/b><\/div>\n<p><strong>Do you see any signs that it\u2019s a scam?<\/strong> <\/p>\n<p>Let\u2019s take a look.<\/p>\n<ul>\n<li>The email looks like it\u2019s from a company you may know and trust: XMission. It even uses our logo (from 1999) and faked headers.<\/li>\n<li>The email says your account is at risk because of unusual activity. If an account really has suspicious activity, most service providers will lock your mailbox and have you call in.<\/li>\n<li>The email has a generic greeting with unusual case and spelling errors, \u201cDear XMISSION Zimbr Email User.\u201d<\/li>\n<li>The email urgently invites you to click on a link to update your authentication details by entering your username and password.<\/li>\n<\/ul>\n<p><strong>Protect yourself<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">The easiest steps to stay safe are:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">Do not click links in emails unless you were expecting the email.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Never reply to emails that ask for personal\/confidential <\/span><span style=\"font-weight: 400;\">information.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Tell someone right away. If you are at work, tell your manager. As well, all XMission customers can forward the email to <\/span><span style=\"font-weight: 400;\">spam@xmission.com<\/span><span style=\"font-weight: 400;\"> and then promptly tag it as spam or move it to Junk folder.\u00a0<\/span><\/li>\n<\/ul>\n<p>After the above steps it is time to review you password practices, browser and mail application settings, and understand training options.<\/p>\n<p><em>Passwords<\/em><\/p>\n<p>Strong passwords, which you never share, are always the best practical step to securing your mailbox.<\/p>\n<ul>\n<li>Use a password manager. Quality password managers include; <a href=\"https:\/\/bitwarden.com\" target=\"_blank\" rel=\"noopener noreferrer\">Bitwarden<\/a>, <a href=\"https:\/\/keepassxc.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">KeePassXC<\/a>, <a href=\"https:\/\/1password.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">1Password<\/a>, and <a href=\"https:\/\/lastpass.com\" target=\"_blank\" rel=\"noopener noreferrer\">LastPass<\/a><\/li>\n<li>Do not use the same password for multiple accounts.<\/li>\n<li>Never re-use old passwords from previous websites as phishing criminals can and will track your meta data and will try your previously compromised passwords on other websites. (This is the second most successful way mailboxes are compromised.)<\/li>\n<li>Use <a href=\"https:\/\/xmission.com\/blog\/2017\/12\/21\/sane-password-management\" target=\"_blank\" rel=\"noopener noreferrer\">passphrases for your password<\/a> as they have very reasonable security when using 17+ characters. Password managers will create secure passwords. Update your password once a year.<\/li>\n<li>Create unusual <a href=\"https:\/\/xmission.com\/blog\/2014\/01\/28\/see-how-a-simple-brings-unlimited-flexibility-to-your-xmission-email\" target=\"_blank\" rel=\"noopener noreferrer\">login credentials using suffix-support<\/a> on sites that allow it.<\/li>\n<\/ul>\n<p><em>Multi-factor authentication<\/em><\/p>\n<p>Business mailboxes on our Zimbra system and Personal Premium @xmission.com mailboxes should use <a href=\"https:\/\/wiki.xmission.com\/Zimbra_Two-Factor_Authenticatio\" target=\"_blank\" rel=\"noopener noreferrer\">multi-factor authentication<\/a>. Even if you were to accidentally provide a phisher with credentials, the authentication would fail because they are missing the second authentication factor required after the password. It&#8217;s like having different keys for your door handle and deadbolt.<\/p>\n<p><em>Be aware of your browser and application settings.<\/em><\/p>\n<ul>\n<li>Webmail and mail application settings should always be set to show the full email address of the sender rather than only the friendly name of the sender. <em>Example:<\/em> Sender may show as &#8220;XMission Support&#8221; for the friendly name but the phish uses a non-matching domain, &#8220;XMission Support&#8221; &lt;landspeed@unusualdomain.example.net&gt;<\/li>\n<li>When using webmail and email applications, set preferences to never open images by default. &#8220;[ ] Display external images automatically in HTML email.&#8221; Make sure this is unchecked.<\/li>\n<li>Hover over the web links first and make sure the destination link matches the sender and that it uses https. If the link looks unusual, or is not shown, do not open it and go directly to the vendor website.<\/li>\n<li>If the website has requires unexpected verification or has a URL that does not match the logos and proper provider name, do not open it.<\/li>\n<li>Web browser settings should be changed to prevent fraudulent websites from opening. Modern browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown. The settings of the browser should only allow reliable websites to open up.<\/li>\n<li>Install and use privacy and protection browser plug-ins from trusted vendors such as <a href=\"https:\/\/www.eff.org\/privacybadger\" target=\"_blank\" rel=\"noopener noreferrer\">Privacy Badger<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/UBlock_Origin\" target=\"_blank\" rel=\"noopener noreferrer\">UBlock Origin<\/a>.<\/li>\n<\/ul>\n<p><em>Other tips and training<\/em><\/p>\n<ul>\n<li><a href=\"https:\/\/www.ftc.gov\/tips-advice\/business-center\/small-businesses\/cybersecurity\/quiz\/phishing\" target=\"_blank\" rel=\"noopener noreferrer\">Take the FTC phishing quiz!<\/a><\/li>\n<li>Watch phishing and scam awareness videos on YouTube.<\/li>\n<li>Ask your organization to provide security awareness training to employees to recognize the risks.<\/li>\n<li>Companies are encouraged to set <a href=\"https:\/\/wiki.xmission.com\/SPF_and_DKIM\" target=\"_blank\" rel=\"noopener noreferrer\">SPF and DKIM<\/a> records for your mail domains to prevent spoofing.<\/li>\n<\/ul>\n<p><strong>Final few notes from XMission<\/strong><\/p>\n<p>The accurate and safe ways to contact XMission support team are<a href=\"https:\/\/xmission.com\/contact\" target=\"_blank\" rel=\"noopener noreferrer\"> published on our site<\/a>.<\/p>\n<p>Call our office: 1-877-XMISSION (877-864-7746) or 801-539-0852<br \/>\n<a href=\"https:\/\/xmission.com\/support\" target=\"_blank\" rel=\"noopener noreferrer\">Chat with support<\/a><br \/>\n<a href=\"https:\/\/wiki.xmission.com\" target=\"_blank\" rel=\"noopener noreferrer\">Online help<\/a><br \/>\n<a href=\"https:\/\/twitter.com\/xmissionstatus\" target=\"_blank\" rel=\"noopener noreferrer\">Status updates<\/a><\/p>\n<p>If your XMission account becomes past due and is subject to disconnection, we will refer you to login to the <a href=\"https:\/\/xmission.com\/control\" target=\"_blank\" rel=\"noopener noreferrer\">XMission Control panel<\/a> to make payments or changes to your account.<\/p>\n<p><a title=\"Connect with me on LinkedIn, john801\" href=\"mailto:john@xmission.com\" target=\"_blank\" rel=\"noopener noreferrer\">John Webster<\/a>, XMission Email Product Manager and Zimbra evangelist, has worked at\u00a0<a title=\"Go, XMission!\" href=\"https:\/\/xmission.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">XMission<\/a>\u00a0for over 24 years doing his favorite thing: helping companies securely communicate with customers through technology to grow their business. When he\u2019s not uncovering\u00a0<a title=\"More Zimbra tips from John\" href=\"http:\/\/xmission.com\/blog\/?s=zimbra&amp;searchsubmit=Search\" target=\"_blank\" rel=\"noopener noreferrer\">Zimbra\u2019s secrets<\/a>\u00a0you might find him in our beautiful Utah mountains. \u00a0<a title=\"Connect with me on LinkedIn, john801\" href=\"https:\/\/www.linkedin.com\/in\/john801\" target=\"_blank\" rel=\"noopener noreferrer\">Connect with him on LinkedIn today!<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this week we talked about what phishing is and how these criminals try so hard to trick you out of your sensitive personal data. Now, we will cover how to identify phishing and discuss steps you can take to protect yourself and\/or your company. Tips to identify a phishing email Watch for items that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[640,657,253,612,180,138,188,396,610,7,719,139,3,702,5,39],"tags":[],"class_list":["post-5920","post","type-post","status-publish","format-standard","hentry","category-account-controls","category-education","category-email-2","category-encryption","category-hosting","category-law","category-legal","category-mail-server","category-multi-factor-authentication","category-news-updates","category-phishing","category-privacy","category-security-safety","category-technical-support","category-tips-helpful-information","category-zimbra"],"_links":{"self":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/5920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/comments?post=5920"}],"version-history":[{"count":26,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/5920\/revisions"}],"predecessor-version":[{"id":6460,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/5920\/revisions\/6460"}],"wp:attachment":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/media?parent=5920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/categories?post=5920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/tags?post=5920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}