logo XD
logo Antler

phishing Tag

General

Blue Cross Blue Shield (BCBS) phishing emails are fraudulent messages designed to trick recipients into providing personal information, such as login credentials, Social Security numbers, or financial details. These emails often appear to come from BCBS but are actually sent by scammers aiming to steal sensitive data.

Common Tactics Used in BCBS Phishing Emails:

  1. Fake Account Alerts – The email may claim there’s an issue with your BCBS account, such as suspicious activity or a need to update your information.

  2. Urgent Payment Requests – Scammers may say you owe money for coverage or claim a payment failed, urging you to click a link.

  3. Fake Benefits or Refunds – Some phishing emails promise refunds, benefits, or changes to your health plan, requiring you to enter personal details.

  4. Malicious Links or Attachments – These emails often include links that lead to fake BCBS login pages or attachments containing malware.

  5. Spoofed Email Addresses – The sender’s email address may look official but often has subtle misspellings or extra characters (e.g., support@bcbs-secure.com instead of support@bcbs.com).
Never click on any links inside of emails.

How to Spot and Avoid BCBS Phishing Emails:

Check the Sender’s Email – Verify the email address carefully. Official BCBS emails come from legitimate domains.


Look for Typos & Grammar Mistakes – Many phishing emails contain odd phrasing, spelling errors, or unprofessional formatting.


Hover Over Links (But Don’t Click!) – Hover your mouse over links to see the actual destination URL. If it looks suspicious, don’t click.


Never Enter Personal Info via Email – BCBS will never ask for sensitive data like passwords, Social Security numbers, or banking details via email.


Contact BCBS Directly – If you’re unsure, call BCBS using the official number on their website, not the one in the email.

What to Do If You Receive a BCBS Phishing Email:

📌 Do NOT Click on Any Links or Attachments

📌 Report the Email – Forward phishing emails to BCBS’s fraud department or report them to the FTC at reportfraud.ftc.gov.

📌 Delete the Email Immediately

📌 Monitor Your Accounts – If you accidentally clicked a link, change your BCBS password immediately and watch for unauthorized activity.

Always stay cautious—cybercriminals keep improving their scams, but with awareness, you can protect yourself from falling victim! 🚨

General

Cybercriminals are always looking for new ways to trick people, and one of the latest and most dangerous scams is smishing. But what exactly is smishing, and how can you protect yourself? Let’s break it down in simple terms.

What Is Smishing?

Smishing (a combination of “SMS” and “phishing”) is a type of cyberattack where scammers send fake text messages to trick people into giving up personal information. These messages often pretend to be from legitimate sources like banks, delivery services, or even government agencies.

The goal? To get you to click on a malicious link, call a fake customer service number, or reveal sensitive details such as passwords, credit card numbers, or Social Security numbers.

How Does Smishing Work?

Smishing messages typically create a sense of urgency, making you feel like you must act immediately. Here are a few common examples:

  • Bank Alerts: “Urgent: Your account has been compromised. Click here to verify your identity.”

  • Delivery Notifications: “Your package is delayed! Click this link to confirm your details.”

  • Government Scams: “You are eligible for a tax refund. Claim it now by following this link.”

Once you click on the link, you might be taken to a fake website designed to look like a real one. If you enter your information, it goes straight into the hands of cybercriminals.

How to Protect Yourself from Smishing Attacks

  1. Don’t Click Links in Unsolicited Messages – If you receive a text from an unknown sender with a link, be cautious. Go directly to the company’s website instead.

  2. Verify the Sender – If a message appears to be from your bank or another trusted organization, contact them directly using a verified phone number.

  3. Look for Red Flags – Watch out for poor grammar, strange URLs, and urgent language designed to pressure you into acting quickly.

  4. Use Security Features – Many mobile carriers offer spam message filtering. Enable these features to reduce unwanted messages.

  5. Report Suspicious Messages – Most mobile carriers allow you to report spam texts by forwarding them to 7726 (SPAM).

Smishing is on the rise, but you don’t have to fall victim to it. By staying informed and practicing good cybersecurity habits, you can keep your personal information safe. If you’re ever unsure about a message, always take a moment to verify before responding.

For more cybersecurity tips and updates, stay tuned to the ExchangeDefender blog!

General

Phishing. We hear about it constantly, but with new variations popping up all the time, it can be hard to keep track. While the delivery methods and specific lures might change, there’s a common thread that runs through every single phishing scam. Understanding these core elements is key to protecting yourself and your information.

At ExchangeDefender, we’re dedicated to helping you stay safe online. So, let’s break down the common characteristics that define all phishing attempts.

1. The Art of Deception: Impersonating Trust

The foundation of any phishing scam is deception. Scammers meticulously craft their messages to appear as if they’re coming from a trusted source. This could be:

  • Big-name companies: Think PayPal, Amazon, Microsoft, or major banks. Scammers often use logos, branding, and even copy website layouts to create a convincing facade.

  • Government agencies: The IRS, Social Security Administration, and other government bodies are frequently impersonated to instill a sense of authority and urgency.

  • People you know: Scammers might spoof email addresses or social media profiles to impersonate colleagues, friends, family members, or even your boss.

The goal is to trick you into believing the message is legitimate, lowering your guard and making you more susceptible to their tactics.

2. The Pressure: Creating Urgency and Alarm

Once they’ve established a false sense of trust, scammers introduce a sense of urgency or alarm. This is designed to pressure you into acting quickly without thinking critically. Common tactics include:

  • Account alerts: Claiming your account has been compromised, suspended, or limited.

  • Security breaches: Warning of a data breach or security incident that requires immediate action.

  • Missed payments or deadlines: Threatening late fees, service interruption, or legal action.

  • Limited-time offers or prizes: Luring you with the promise of a reward if you act fast.

Scammers hope to bypass your rational thinking and trigger an emotional response by creating a sense of urgency, leading you to make a hasty decision.

3. The Hook: Requesting Information or Action

The final piece of the phishing puzzle is the hook – the specific action the scammer wants you to take. This usually involves:

  • Clicking a malicious link: These links lead to fake websites designed to steal your login credentials, financial information, or install malware on your device.

  • Opening an infected attachment: Attachments can contain viruses, ransomware, or other malicious software.

  • Providing personal information directly: Scammers might ask you to reply to the email with your username, password, Social Security number, or other sensitive data.

The hook is the culmination of the scam, the point where the scammer attempts to extract valuable information or gain unauthorized access to your systems.

Staying Safe: The ExchangeDefender Approach

At ExchangeDefender, we believe that education is the first line of defense against phishing attacks. By understanding these three core elements – deception, urgency, and the hook – you can significantly reduce your risk of falling victim.

Here are a few key takeaways:

  • Be skeptical of any unexpected communication, especially those requesting personal information or urging immediate action.

  • Always verify the sender’s identity through a separate communication channel.

  • Never click links in suspicious emails. Instead, type the website address directly into your browser.

  • Enable multi-factor authentication whenever possible for an extra layer of security.

By staying vigilant and informed, you can avoid getting hooked by phishing scams and protect your valuable information. #cybersecurity #phishing #scams #onlinesafety #exchangedefender

General PRO TIPS

PayPal is a convenient way to send and receive money online, but it’s also a popular target for scammers. PayPal phishing scams aim to trick you into handing over your login details or other sensitive information, potentially leading to financial loss and identity theft. At ExchangeDefender, we’re committed to helping you stay safe online, so let’s break down how these scams work and, more importantly, how to avoid them.

How PayPal Phishing Works

Imagine receiving an email that looks exactly like it’s from PayPal. It uses the familiar logo, branding, and even sounds official. The message might say there’s been unauthorized activity on your account, that your account has been limited, or that you need to update your information. It creates a sense of urgency, urging you to act quickly.

This is the core of a phishing scam. The email contains a link that leads to a fake website designed to mimic the real PayPal login page. If you enter your username and password on this fake site, the scammers instantly capture your information and can use it to access your real PayPal account.

Common Red Flags to Watch Out For:

  • Unexpected Emails or Messages: Be suspicious of any unsolicited communication claiming to be from PayPal. Legitimate companies rarely ask for sensitive information via email or text.
  • Urgent or Threatening Language: Scammers often use language that creates a sense of panic, such as “Your account will be suspended” or “Immediate action required.”
  • Suspicious Links: Hover your mouse over any link without clicking to see the actual URL. Look for misspellings, unusual characters, or domains that don’t match PayPal’s official website (www.paypal.com).
  • Generic Greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
  • Requests for Personal Information: PayPal will never ask for your password, bank account details, or credit card numbers directly in an email.

Protecting Yourself: Practical Tips

Here are some simple but effective steps you can take to protect yourself from PayPal phishing scams:

  • Never Click Links in Suspicious Emails: Always go directly to the PayPal website by typing www.paypal.com into your browser’s address bar. This ensures you’re on the legitimate site.
  • Check the Sender’s Email Address: Carefully examine the sender’s email address. Look for any misspellings or unusual characters. Legitimate PayPal emails usually come from addresses ending in @paypal.com.
  • Enable Two-Factor Authentication (2FA): 2FA adds an extra layer of security to your account by requiring a second form of verification, such as a code sent to your phone.  
  • Be Wary of Attachments: Avoid opening attachments from suspicious emails, as they may contain malware.
  • Report Suspicious Activity: If you receive a suspicious email or message, forward it to phishing@paypal.com.

ExchangeDefender: Your Partner in Cybersecurity

At ExchangeDefender, we’re dedicated to providing comprehensive cybersecurity solutions to protect you from online threats. While we can’t prevent every phishing email from reaching your inbox, we can empower you with the knowledge and tools to identify and avoid them. By staying vigilant and following these tips, you can significantly reduce your risk of falling victim to a PayPal phishing scam.

General

Phishing attacks remain one of the most prevalent and effective cyber threats facing businesses today. These deceptive tactics target the human element, tricking employees into divulging sensitive information or installing malware. That’s why phishing simulations are no longer a “nice-to-have” but a critical component of any robust cybersecurity strategy. At ExchangeDefender, we understand the importance of proactive security measures, and we’re here to explain why phishing simulations are essential for protecting your organization.

1. Turning Employees into a Human Firewall

Your employees are your first line of defense against cyber threats. Phishing simulations empower them to recognize and avoid phishing attacks in the real world. Here’s how:

  • Real-World Scenarios: We craft simulations that mimic real-world phishing attempts, using realistic emails, text messages, and even voice calls. This exposes your team to the latest tactics used by cybercriminals, preparing them for what they might encounter.

  • Learning by Doing: Experiencing a simulated attack provides invaluable hands-on experience. Employees learn to identify red flags like suspicious sender addresses, urgent requests, unusual links, and grammatical errors.

  • Driving Behavioral Change: This practical training is far more effective than simply reading about phishing in a manual. It helps employees develop the instincts to spot and avoid real threats, fostering a culture of security awareness.

2. Identifying Vulnerabilities Before Attackers Do

Phishing simulations not only train your employees but also provide valuable insights into your organization’s security posture:

  • Measuring Employee Susceptibility: Simulations reveal how many employees are likely to fall for a phishing attack, highlighting areas where additional training is needed. This data-driven approach allows you to focus your resources effectively.

  • Pinpointing Weaknesses: By analyzing simulation results, we can identify specific types of phishing attacks that are most effective against your workforce. This enables us to tailor training programs to address your organization’s unique vulnerabilities.

  • Improving Training Programs: The data gathered from simulations allows for continuous improvement of your security awareness training, making it more relevant and effective over time.

3. Reducing the Risk of Successful Attacks (and the Costs They Incur)

The ultimate goal of phishing simulations is to reduce the risk of successful phishing attacks and the devastating consequences they can bring:

  • Proactive Security: Phishing simulations take a proactive approach to security, addressing the human element before it becomes a vulnerability.

  • Mitigating Incident Response Costs: By preventing successful phishing attacks, you can avoid the significant financial and reputational damage associated with data breaches, ransomware infections, and other security incidents.

  • Building a Stronger Security Culture: Regular simulations foster a security-conscious culture where employees are actively engaged in protecting sensitive information, making security a shared responsibility.

ExchangeDefender: Your Partner in Cybersecurity

In today’s complex threat landscape, phishing simulations are an indispensable tool for protecting your organization. At ExchangeDefender, we offer comprehensive cybersecurity solutions, including phishing simulation services, to help you strengthen your defenses and empower your employees. Contact us today to learn more about how we can help you build a more secure future.

General Phishing

Even the most vigilant among us can fall victim to a well-crafted phishing email. These deceptive messages often appear to be from legitimate sources, like the Social Security Administration (SSA), and can trick you into revealing personal information or clicking on malicious links.

But don’t worry, ExchangeDefender is here to help! Here’s what you need to do if you receive a suspicious email claiming to be from the SSA:

1. Stop. Don’t Respond.

Resist the urge to reply or click on any links within the email. Phishing emails often contain malware disguised as links or attachments. Clicking on them could infect your device with viruses or spyware.

2. Report It. There are two ways to report a phishing Social Security email:

  • The SSA OIG Fraud Hotline: Call 1-800-269-0271 to report the scam directly to the SSA’s Office of the Inspector General.
  • The SSA OIG Online Reporting Form: Submit a detailed report online at https://oig.ssa.gov/report/.

3. Report It (Again!)

Most email providers offer tools to report spam and phishing emails. Forward the suspicious email to your provider’s designated reporting address. This helps them identify and block similar scams in the future.

4. Be Vigilant. Check Your Accounts.

Following a phishing attempt, it’s crucial to monitor your Social Security account and bank statements for any unusual activity. If you notice unauthorized transactions or changes to your accounts, contact the relevant institutions immediately.

5. Stay Educated, Stay Safe.

Knowledge is power! Educate yourself and others about the tactics used in phishing scams. There are numerous online resources that can help you distinguish legitimate emails from fraudulent ones.

Here at ExchangeDefender, we prioritize your online security. Our comprehensive email security solutions can help your business:

  • Identify and block phishing attempts before they reach your inbox.
  • Encrypt your email communication to ensure data remains confidential.
  • Prevent malware attacks by automatically detecting and removing malicious attachments.

Don’t let email threats disrupt your business. Contact ExchangeDefender today to learn how we can keep your data safe and your operations running smoothly!

General

As mentioned previously our new ExchangeDefender Phishing Firewall went live in production at noon EST today (March 3rd, 2023) and is already rewriting URLs unique to service provider that manages the domain.

A little bit about the technology


URL / link rewriting is an industry standard used by biggest email providers to rewrite potentially dangerous URLs. When the user clicks on the link they are redirected to a Phishing Firewall site instead of the direct web site address that was in the email. The phishing firewall looks at all the domain policies, allow/block lists, exceptions, and determines if the user should be allowed to proceed to the web site.

When the messages arrive into your organization, instead of https://www.yahoo.com the URL is rewritten to something like https://exchangedefender.xdref.com/url=hash. These masked URLs are only visible to our clients, when they reply to an email the outbound network reverses the process. Outbound network replaces https://exchangedefender.xdref.com/url=hashwith the original URL.

This technology eliminates the possibility that a random hacker can deliver a payload that is one click away from the user. Additionally, it gives the user the ability to check the site reputation, check for viruses, and clearly see the URL they are going (instead of a squashed little tooltip with a 200+ character URL). Essentially, we study how people get hacked with phishing and try to eliminate those issues.

All the sites and services are fully encrypted and partners/clients do not need to worry about certificate renewals, site mappings, etc – everything is automatic and done for you. Set it and forget it just keep an eye on the logs.

Going Forward

As of March 3rd, 2023 all the URLs will be rewritten using service providers id. Main benefit of this upgrade is that it reduces the scope and likelihood that the URL gets inadvertently reported or picked up by another security service that may deem xdref.com to be a masking site for dangerous content.

Additionally, you can configure your firewall to only accept unapproved URLs after a hop through <yourspid>.xdref.com. It also gives you full visibility into everything that happens with the URL, who clicks on it, where they go, etc which is something we do for our clients to address cybersecurity compromise and trace back how it happened (very lucrative service for partners that may be interested in deploying that level of protection.

General Webinars

Our latest webinar live session of 2022 just happened a few days ago, and we had so much to share with our partners. Topics covered included our newly launched sister company, 365 Defender, our new referral program that earns you cash rewards, and so much more. Today, we want to share with you the replay of the webinar featuring just the main highlights. You can always watch the replay video anytime by clicking here.    

365 Defender – providing affordable cybersecurity services directly to small businesses

ExchangeDefender’s overall strategy for 2022, as we recover from the covid-19 global pandemic, is to focus on enhancing our current cybersecurity services and software. There has been a huge shift in the IT workforce, and IT needs for the common small business which is why we launched 365 Defender. 365 Defender enables small businesses with no IT the ability to access affordable cybersecurity services. Why did we do this? The market demand was overwhelming, especially while we were all working from home. We started getting requests directly from businesses who were in dire need of security. Further, IT and MSP providers providers are specializing in more profitable areas leaving an under-served SMB space. 

New Phishing Firewall user experience

ExchangeDefender Phishing Firewall has received a major face lift. We’re making it easier to control where your users go when they aren’t paying attention. The new UI enables direct access to malware scans and site security reports. It also features an improved mobile interface with the ability for logging and auditing. Soon, the firewall will also feature phishing and security user training. The new firewall is automatic, and does not require any actions by the user.

In 2022, every business needs a (good) website

We just launched brand new custom website design packages for an affordable price. Currently there are two options: a full one pager website, and a premium three-page responsive website. Pricing begins at just $199, and as a launch promo we are offering our clients the ability to spread the payments over three easy monthly payments. Why did we start offering this service? In a recent survey, tons of partners expressed their website and maintenance frustrations. We knew that we could create a package that includes the website, hosting, and maintenance.

365 Defender Referral Program

Say hello to less work, and more commission with our new 365 Defender Referral Program. Earn up to $365 commission for every referral that becomes a client. When they subscribe to a service, they’ll get a $20 credit, and you’ll get a cash reward equivalent to their final sales amount. The process is simple – sign up for free, submit a company referral, and earn cash.

General

At ExchangeDefender, we are unique just like our clients. Our team members are all from different nationalities, backgrounds, and expertise.

We do not aim to offend or demoralize any individual or groups, unless they are spammers or hackers. 🙂

Some of the industry standard terms used in the backend, that have been part of IT for decades, may sound offensive to clients in the modern workplace. Non-technical clients who are not accustomated to traditional IT terms are rightfully shocked when they see terms like “master-slave replication”, “whitelist”, and other similar racially sensitive wording.

SPAM filtering and email security should not be offending our clients so we’ve gone through an audit of our web site, our portals, our mobile apps, and our backend in an effort to rephrase some of the industry terms that may be offensive. 

Our client base has changed over the past 24 years, (our services are predominantly used by non-technical staff) and this was a part of our larger effort to make ExchangeDefender more user-friendly. 

We want to make our services more accessible for users that have never used ExchangeDefender, or an enterprise security software; you will see fewer IT acronyms. Instead, we’re rephrasing our services to sound like spoken English, for example: To block senders from sending you SPAM you will now add their address to a “Block list”.

General

At ExchangeDefender we want you to be safe online. One of the biggest and best steps you can take towards that goal is to both protect your domain from being “spoofed” (forged by a spammer) and to block any such forgeries from arriving into your mailbox. 

About Spoofing  

Spammers and hackers routinely abuse domains that do not have a SPF or DKIM record. They configure their email software to use your domain name for a SPAM campaign or to launch sophisticated phishing attacks. If you’ve ever received an email from yourself, or from a forged government or corporate entity, you’ve been a victim of spoofing. If you’ve ever received thousands of rejections and delivery receipts for messages you never sent, you’ve been a victim of spoofing. Because so many domain owners do not take responsibility for their DNS configuration, this is the most widely abused mechanism.

Good news is, ExchangeDefender can help protect you from these attacks and brand misuse through implementation of SPF, DKIM, and our corporate policies.   

SPF (Sender Policy Framework)

ExchangeDefender uses SPF to verify that the email is coming from a source that your organization trusts to send messages. This is typically your email server, our email server, and sometimes a business application (like a hosted CRM) that sends email using your domain name. All others get rejected as forgeries. 

How do you setup your SPF record? Simply go to wherever your domain name is hosted (your name server) and add this TXT field to your zone. You may need assistance from your ISP, domain registrar, or whoever is actually running your name servers. If you don’t know who that is, or they are too difficult to use, ExchangeDefender will host your domain free of charge. The TXT record will not have a  hostname and the value should be set to the following:

Hostname: 

Record type: TXT

Value: v=spf1 include:proxy.exchangedefender.com -all

DKIM (Domain Keys)

ExchangeDefender uses DKIM to validate automated digital signatures. We also sign messages for all customers that rely on ExchangeDefender to send outbound mail (pretty much everyone). This is a 2 step process similar to SPF. 

Step 1: Request public key

Go to https://support.ownwebnow.com and open a ticket requesting signatures of your outbound mail. Please specify which domains you wish to sign because each domain must have its own set of keys.

Step 2: Create a DKIM public record

Go to wherever your DNS is hosted and just like in SPF, create a DKIM record:

Hostname: default._domainkey

Record type: TXT

Value: v=DKIM1; k=rsa; s=email;  p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0SXzBGHoJcBVKyNEntvTiMtoSIH4uiuY6i5hzF47
A2eYb4pB/gtsHpP1vpDgzZvwVLz65nQwnm4wvSFsarKwCyWYyvGwPvBd9+v2Jcrk5dsfHioUDZo5oSvbRY
+e8AD7eo42A/pYdgZxL9KRyZbMsCtHJrAqvYB6LZP0SFVvkYQIDAQAB

Important: This is just an example. You will need to use your own public key generated in Step 1 and provided by us. Also, the value of the TXT record has to be on the same line, if there are any line breaks (if you copy it from an email or web page) please remove them.

Step 3: Update the ticket with us to test deployment

After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender. 

After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender. 

ExchangeDefender Policy 

While we encourage all of our clients to implement both SPF and DKIM, we understand that there are sometimes business scenario cases under which this is impossible. If you find yourself in this predicament you should immediately change where your name servers are hosted and take full control of your organizations identity online. But if that is still something you may not be able to do, ExchangeDefender can still protect you from phishing attacks and spoofing launched using your own domain name. If you’ve ever received email from yourself or from a colleague (but the email actually came from a server in Poland) then this setting will help you.

Go to https://admin.exchangedefender.com and login as the domain administrator (username is your domain name). 

Click on Security Settings > Phishing
Under “Flag External Emails” click on Enable and then Save.

After this setting is applied, all messages from your domain that were sent from outside of the ExchangeDefender network will go into the SureSPAM quarantine. Just tell users not to trust, whitelist, or release messages that are coming from your own domain because they are certainly not legitimate.Note: This is the option of last resort and will not stop hackers or spammers from abusing your domain for phishing, spamming, or hacking. However, it will stop those messages from arriving directly into your users mailbox. If you already have a valid SPF record (with -all, not ~all) and DKIM in production, this setting is not necessary as ExchangeDefender will automatically reject messages that fail SPF/DKIM validation.

If you have any questions or concerns about ExchangeDefender and implementation of SPF, DKIM, or phishing policies please feel free to contact us.