Look, Mom, No Malware! | DocuPhish

And, just like that, all your advanced threat protection, anti-virus, and anti-malware protection and the bad guys are still getting to you.

There is a new phishing scam going on these days that use legitimate resources to pull off classic social engineering maneuvers to capture your information.

Enter – DocuPhish – The bad guys are now using the Docusign infrastructure to launch attacks against unsuspecting victoms.

By clicking on the yellow “Review Document” button you land on a legit Docusign page, where are asked to fill out the form with information about yourself, your company. Filling out such a form would allow for the phisher to steal your or companies identity.

If you are gullible enough the damages could be extensive. Imagine if someone on your finance team was to fall for this attack…

More reason to be aware of such threats and take security awareness training. It’s recommended that you hire a profeshinal to come in to educate you and your staff, but there are many free resources online that offer the same if not better materials

Here is a YouTube search link to many videos discussing security

VMware Recertification Policy Update | February 5, 2019

VMware just announced Changes to VMware Recertification Policy – Removal of 2 Year Requirement

As of February 5, 2019, VMware Certification will no longer have a mandatory recertification requirement. Now, you have the choice of when to recertify, rather than be required to do so every two years.

Certifications will still retire, so recertification is important to:
• Validate your expertise in the latest VMware products
• Show relevancy in the market by holding up-to-date certifications
• Receive the full benefits of VMware certification

Details and FAQ’s located here

Video on this topic: https://www.youtube.com/watch?v=T1mTUXhqhSw

Here is a sample of some of the Q&A:

Q. What is changing about the VMware recertification policy?

A. VMware is removing the requirement to recertify their VCP certifications within a two year period. Industry research confirms the importance of keeping your skills and certifications current, but VMware will no longer mandate when to recertify. We will leave that decision up to each individual candidate.

Q. Why is VMware removing the two-year recertification requirement?

A. The most compelling reason is that we want VMware certifications to match the needs of each candidate. Many candidates recertify every two years and upgrade their environments to the latest versions. Others maintain older products and do not yet need experience with the new versions. While holding the most current certification is the best way to keep your skills relevant, the recertification policy will no longer mandate when an individual must update their certification(s). We want to allow each person the flexibility to do what best supports their individual and organizational needs.

Q. If my certification becomes active again, will I get access to its logo and certificate?

A. Yes. You will have access to use the certification logo and print the certificate.

Q. Are there changes to any other certifications other than the VMware Certified Professional (VCP)?

A. VCP certifications were the only VMware certifications that had a mandatory two-year recertification requirement. This change does not affect the other certification levels.

Q. Where can I learn more?

A. Visit www.vmware.com/certification to view your VMware Certification options.

Visual Cues / Indicators for Externally Received Email

Like most companies, I use email is a tool to communicate. I can’t imagine not having it to communicate with my staff or management teams. This tool is not only used by me for the daily business, but also by scammers who attempt to defraud companies and their staff with nefarious emails attempting to violate one’s trust.

What Are Visual Email Indicators?

A visual indicator is a highlighted icon or message that is generated if the email is flagged by the system as potentially dangerous. This could be because the email comes from an external email address or if the “envelope from” address where the email is allegedly sent from doesn’t match the “from” in the in reply or reply-to field.

Scam Tactic:
A common tactic scammers use is to send emails using the display name of someone within the company and an external email address. Some users won’t notice that the email didn’t come from the user with the display name and deal with the email as if it was genuine.

Mitigation:
To mitigate this common tactic, the prepend of a Warning to the users informing them that the origin of the email is not from a trusted location can be applied as part of the organizations’ transport rules.

Script to create an Exchange Transport Rule for a single Office 365 tenant

$ruleName = "External Senders with matching Display Names"
$ruleHtml = "<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width=`"100%`" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'>  <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#910A19;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width=`"100%`" style='width:100.0%;background:#FDF2F4;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding=`"7px 5px 7px 15px`" color=`"#212121`"><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: `"Segoe UI`",sans-serif;mso-fareast-font-family:`"Times New Roman`";color:#212121'>This message was sent from outside the company by someone with a display name matching a user in your organisation. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe. <o:p></o:p></span></p></div></td></tr></table>"
 
$credentials = Get-Credential
 
Write-Host "Getting the Exchange Online cmdlets" -ForegroundColor Yellow
$Session = New-PSSession -ConnectionUri https://outlook.office365.com/powershell-liveid/ `
    -ConfigurationName Microsoft.Exchange -Credential $credentials `
    -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
 
$rule = Get-TransportRule | Where-Object {$_.Identity -contains $ruleName}
$displayNames = (Get-Mailbox -ResultSize Unlimited).DisplayName
 
if (!$rule) {
    Write-Host "Rule not found, creating rule" -ForegroundColor Green
    New-TransportRule -Name $ruleName -Priority 0 -FromScope "NotInOrganization" -ApplyHtmlDisclaimerLocation "Prepend" `
        -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -ApplyHtmlDisclaimerText $ruleHtml
}
else {
    Write-Host "Rule found, updating rule" -ForegroundColor Green
    Set-TransportRule -Identity $ruleName -Priority 0 -FromScope "NotInOrganization" -ApplyHtmlDisclaimerLocation "Prepend" `
        -HeaderMatchesMessageHeader From -HeaderMatchesPatterns $displayNames -ApplyHtmlDisclaimerText $ruleHtml
}
Remove-PSSession $Session

Please Don’t Fall for Gift Card Scam

I have touched on this in the past and well, here I go again…

The iTunes & Google Play Gift Card scam are common ways people are conned out of their cash today. If you think this happens to just the common home user, think again. Many corporations are plagued daily with fake emails and text messages from bad actors’ attempts to compromise one’s trust and desire to quickly please their management.

These types of scams are not new, they coincided with the decline of money order scams. For those of us that remember the past; Scammers would ask people to send money via Western Union or other wire transfer providers, this was before Western Union was targeted by the government for letting this happen; I guess they were making money either way, so what did they care?  More info: https://www.bbb.org/article/news-releases/14372-deadline-today-531-if-scammers-had-you-pay-via-western-union-you-can-file-a-claim-to-get-money-back

What is the Scam?

The scam itself is very simple – so simple, in fact, you might find it mind-boggling that people are actually falling for it.  Hopefully, you specifically may not have been affected by this, but someone you know or work with, or even the organization you are employed with may.

How its starts: A criminal contacts you claiming to be a representative from a Government Agency or Non-Profit Group, and even from someone inside your own Company such as your direct manager, CEO or CFO. They do this by either cold calling (typically using spoofed phone numbers), short unsolicited emails asking you to respond, and even using SMS messages to communicate to the unsuspecting victims.

The victims are then informed that they need to go purchase iTunes (or other) gift cards. Once they’ve done this, all they have to do is give the criminal the digital code revealed underneath the peel-off or scratch off label on the back. This is commonly requested to be sent via photo text message. Once that’s done, your money is gone!

Do many people fall for this?

Short Answer is “Yes”

Who Are the Scammers?

We don’t know, but I can speculate that those involved are doing the following online:

They sell the codes on for a fraction of their retail price. Makes you wonder how or why someone would sell you a sell you $100 iTunes code for $25.00, but people looking for “deals” do just that, and this is how they make a profit.

You can spot these offers all over the internet, I don’t want to call any sites out, but they are often if not always auction sites or social media groups. A lot of people think that they are being sold on the “DARK WEB” — Nope the majority of people buying them are just everyday users using the normal web. Another thing scammer could be doing is using a broker to convert these codes into untraceable currencies such as Bitcoin. All in all, this is money laundering and that means others outside of the scammers (bad actors) are involved and IMO just a bad as they are enabling these exchange. *I’ll touch on that in the future*

What Can I Do About It?

Knowing about this type of scam and emerging ones is half the battle. So spread that knowledge! You might not be tricked by such a simple fraud, but there’s likely to be a relative, friend, coworker, or neighbor who could be fooled.

If you think someone is attempting to scam you: Report it, Warn others, Keep alert.

If you think you’ve been scammed: Contact Apple immediately. The company might be able to cancel the card, but know that the criminals have streamlined their process, after all, it’s businesses to them and a tech one at that, so I am sure some form of automation is involved on their side.

Link: https://support.apple.com/itunes-gift-card-scams

If it’s another gift card (Google Store, for example), you need to contact Google.

Link: https://support.google.com/googleplay/answer/9057338?hl=en

What I would like to see

If you’re a retail business owner or work at one:  Be aware of this these types of scam and let your peers know about it. It might be worth bringing this subject up to management, Inquiring if they can post notifications and advise customers.  Example: If a customer is purchasing a larger quantity of cards; one could inquire if they are making in informed purchase and inform them of such scams. I know it’s a big reach for someone behind the counter to do, but you could save someone from being a victim. 

Its why I take time and try to inform others.

How To Install VMware PowerCLI Module using Powershell – Online Method

To use VMware PowerCLI you need to first install/enable the modules on your client computer. The steps provided below are of steps that I have frequently taken to install on my Windows 10 client machines.

Install VMware PowerCLI Module From PC With Internet Connection
From a Windows 10 client with an internet connection open powershell (as an administrator) and issue the following commands:

  • Set-ExecutionPolicy Unrestricted
  • Find-Module -Name VMware.PowerCLI
  • Install-Module -Name VMware.PowerCLI -Scope CurrentUser
  • Get-Command -Module VMWare

Once we have the module successfully imported I issue a command to disable the prompt to join VMware’s Customer Experience Improvement Program (“CEIP”) and so it ignores the certificate warning.

Command Issued:

  • Find-Module -Name VMware.PowerCLI
  • Install-Module -Name VMware.PowerCLI -Scope CurrentUser
  • Get-Command -Module VMWare