A Dispatches Retrospective

Top

Newsletter 05/21/2023 Back to Contents

Taken separately each article listed here stands on its own. The goal here, however, is to offer a more complete tutorial on recognizing and hopefully thwarting online attacks. The best way to not be fooled, no matter the issue, is to know and have command of the facts at hand. These are the facts of cybersecurity safety.

On the older postings I have improved the graphics as best I can, without recreating them from scratch.
I hope you find this retrospective useful and enjoyable.

1. Follina, The Big Bad BEC Attacker is Back 2. Read All Outlook Email In Text Only 3. Email Verification and WhoIs Domain Name Lookup

4. Anatomy of an Address 5. Inquiring Minds Want to Know: Have I Been Pwnd? 6. How to Avoid
the Fake AV Alert

1.

The posting, May 21, 2023, discusses the reemergence of the Follina exploit and spam email campaign. The point was made that in lieu of full time IT staff monitoring incoming and outgoing email, Small Business owners should invest the time to learn what makes for a valid or invalid web address, and also to train their eyes on how to see a bogus domain name. In avoid being victimized by the Follina email exploit, the strong suggestion is made to read all Outlook email in plain text. In plain test, both the complete email address of the sender is clearly displayed, so any hyperlinks and those links destinations are clearly visible.

So the first on our web security hit list is, 05/21/23:
Just When You Thought It Was Safe To Go Back To Your Inbox
Follina, That Big Bad BEC attacker, is Back

2.

The posting above made reference to a posting of November 6, 2022, that discussed how to manage Outlook text in email. It is a step by step tutorial that users can follow to learn how to use Outlook email messages in text only. With improved graphics, the posting details how to switch back and forth between text and full color HTML email messages.

So the next on our web security hit list is, 11/06/22:
How To Empower Yourself and Never Be Duped Again
Read All Outlook Email In Text Only

3.

As a corollary to the November 6, 2022 posting noted above, a tutorial on how to use Domain Lookup Tools is offered as way to help identify unknown email address domains as legitimate or fakes. Along with the Domain Lookup Tool, as short discussion of how to take advantage of free online email check and verify tools available online.

So Number 3 on our web security hit list is, 11/06/22:
Two Mighty Powerful Free Tools on the Web That Can Say Where You Are Headed:
Email Verification and WhoIs Domain Name Lookup

4.

Users of web based email applications, like Gmail, do not usually have the ability to actually read an email in text only. By definition, web based email implies HTML. Although it is possible to read all of the HTML in a web based email, it is not really useful to do so. That said, July 07, 2022, a discussion I call "The Anatomy of a Web Address" was posted. In this posting, a spam email that came into the Gmail is given the forensic treatment and verified to be bogus.

Number 4 our web security hit list is, 07/07/22
The anatomy of an address
There is more than what meets the eye

5. Considering the totality of cyberattacks that have occurred over the past several years one might want to know if one's email address has appeared in any of these caches of hacked data for sale on the Dark Web. The trendy techy term for being placed in one of these troves of stolen data is "to be Pwnd." To this end, January 9, 2022, I posted, "Inquiring Minds Want to Know: Have I Been Pwnd?" Yes, you can check online to see if you Have Been Pwn'd. The Dispatcher show you how.

6. Although Windows 11 users have an improved interface, and access to Task Manager from the Taskbar, the methods illustrated in "How to Avoid Falling Into the Endless Depths of Hell that Is the Fake AV Alert," are still quite valid. If you need to get ride of a Fake AV alert this will get off your screen without having to click on it.

More added weekly. Please check back soon.

¯\_(ツ)_/¯
Gerald Reiff

Back to Top


Taken separately each article listed here stands on its own. The goal here, however, is to offer a more complete tutorial on recognizing and hopefully thwarting online attacks. The best way to not be fooled, no matter the issue, is to know and have command of the facts at hand. These are the facts of cybersecurity safety. On the older postings I have improved the graphics as best I can, without recreating them from scratch. I hope you find this retrospective useful and enjoyable.
1. Follina, The Big Bad BEC Attacker is Back	2. Read All Outlook Email In Text Only	3. Email Verification and WhoIs Domain Name Lookup
4. Anatomy of an Address	5. Inquiring Minds Want to Know: Have I Been Pwnd?	6. How to Avoid the Fake AV Alert
1. The posting, May 21, 2023, discusses the reemergence of the Follina exploit and spam email campaign. The point was made that in lieu of full time IT staff monitoring incoming and outgoing email, Small Business owners should invest the time to learn what makes for a valid or invalid web address, and also to train their eyes on how to see a bogus domain name. In avoid being victimized by the Follina email exploit, the strong suggestion is made to read all Outlook email in plain text. In plain test, both the complete email address of the sender is clearly displayed, so any hyperlinks and those links destinations are clearly visible. So the first on our web security hit list is, 05/21/23: Just When You Thought It Was Safe To Go Back To Your Inbox Follina, That Big Bad BEC attacker, is Back
2. The posting above made reference to a posting of November 6, 2022, that discussed how to manage Outlook text in email. It is a step by step tutorial that users can follow to learn how to use Outlook email messages in text only. With improved graphics, the posting details how to switch back and forth between text and full color HTML email messages. So the next on our web security hit list is, 11/06/22: How To Empower Yourself and Never Be Duped Again Read All Outlook Email In Text Only 3. As a corollary to the November 6, 2022 posting noted above, a tutorial on how to use Domain Lookup Tools is offered as way to help identify unknown email address domains as legitimate or fakes. Along with the Domain Lookup Tool, as short discussion of how to take advantage of free online email check and verify tools available online. So Number 3 on our web security hit list is, 11/06/22: Two Mighty Powerful Free Tools on the Web That Can Say Where You Are Headed: Email Verification and WhoIs Domain Name Lookup 4. Users of web based email applications, like Gmail, do not usually have the ability to actually read an email in text only. By definition, web based email implies HTML. Although it is possible to read all of the HTML in a web based email, it is not really useful to do so. That said, July 07, 2022, a discussion I call "The Anatomy of a Web Address" was posted. In this posting, a spam email that came into the Gmail is given the forensic treatment and verified to be bogus. Number 4 our web security hit list is, 07/07/22 The anatomy of an address There is more than what meets the eye 5. Considering the totality of cyberattacks that have occurred over the past several years one might want to know if one's email address has appeared in any of these caches of hacked data for sale on the Dark Web. The trendy techy term for being placed in one of these troves of stolen data is "to be Pwnd." To this end, January 9, 2022, I posted, "Inquiring Minds Want to Know: Have I Been Pwnd?" Yes, you can check online to see if you Have Been Pwn'd. The Dispatcher show you how. 6. Although Windows 11 users have an improved interface, and access to Task Manager from the Taskbar, the methods illustrated in "How to Avoid Falling Into the Endless Depths of Hell that Is the Fake AV Alert," are still quite valid. If you need to get ride of a Fake AV alert this will get off your screen without having to click on it. More added weekly. Please check back soon.

¯\_(ツ)_/¯ Gerald Reiff