Tech Tips for Techs (Intermediate Level): Analyzing Questionable Emails

Standard

 

CAUTION: Some of the following steps are above the level of beginners. If you are unsure about anything you read here, please call us at Everon (888-244-1748) and we can help you through it.

Sooner or later everyone receives an email that looks legitimate, but you have a feeling it could be a scam or a virus waiting to attack. Here are a few examples of questionable emails:

  1. From someone you know, but off topic.
  2. From a Company/Vendor warning of a problem with your account.
  3. Announcing you have a voicemail/fax waiting for you.
  4. Official-looking email from your bank requesting you to login.

It is always a difficult choice. If this is a legitimate email I need to follow through, but if it is a hoax it can cause a lot of problems I don’t need right now. What to do…?

First, do not open the any attachments or click on any links in the email. Now, if your Company has any procedures in place to address questionable emails, follow the recommended steps. Otherwise I recommend that you contact the sender and question the email.

  • From an individual: create a new email to them expressing your concern.
  • From a known Company/Vendor: call them and question the email.
  • From a new/unknown source, notify you supervisor – do not open, do not click inside the email, and do not forward.
  • From a Company/Bank regarding a personal matter: call them or login to the site AS YOU NORMALLY WOULD – do not use the link in the email.

I know, I know, none of this is new to you. That being the case, let’s take a questionable email and break it down.

NOTE: It is important you are familiar with the Windows feature “Hovering.” When you place the mouse over an object WITHOUT CLICKING, a popup will show you additional details. This is known as Hovering. Do not click when Hovering, as this will initiate the code associated with the object.

ATT1

Here is an email I recently received in my Hotmail account. At first glance everything seems okay. But let’s take a closer look at a few problems:

 

 

 

Wrong “From” email address

At the top of this email you can see that “From” is A T & T <hc6DqrJv.yiTuN.com>. Because I have configured my email to display both the label and actual address, I can see the actual email address.

You may only see the A T & T if you received this email. In that case, just hover over the A T & T and the popup will show you <hc6DqrJv.yiTuN.com>.

When you send an email, you can display your name in the “From” field (instead of displaying your email address). This is a very common and useful feature, but in this case it is being used to hide things from you. So now we know this is not really from AT&T but from some cryptic email address. This alone is enough to let you know to just delete this email.

Embedded links do not take you to AT&T

Now let’s take a look at the actual email. Really, everything looks fine: a known AT&T image, standard formatting and wording – nothing to lead you to believe this is a scam. That is, nothing until you hover over the links.

ATT2

 

The hover-text tells us that if we click on this link we will NOT be sent to an AT&T website. We will end up at  http://masefieldsaidelqd…. All the links in this email go to the same location. Again, this alone is enough to let you know to just delete this email.

Email Header Analyzer

Every email that is sent has embedded information that describes the path it took from the sender to you. This is called the Email Header and it’s not very easy to read. Here is the actual Email Header for our sample.

x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=pass (sender IP is 87.124.110.208)
mtp.mailfrom=wwbjj@masefieldsaidelqd.com; dkim=none header.d=yiTuN.com; x-hmca=none
header.id=hc6DqrJv@yiTuN.com
X-SID-PRA: hc6DqrJv@yiTuN.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info:
c21WZ1hAltI9DuizMAEE2QECpxSZUGZG4j2P0KvnFQ5Oq/wSiAiPSbOCWW7QmZMDONMEcOBjWMXYV9Dk2G3eyZRiTxZAdBpO5E1Xr5SqiAWdiuxGlA3k5kj+R//OvPfE4Jw5jOmv8EAwIUCNmc79xJKcP4737N1Q+CskaetIvY9RRY9PhyoYAHA+325kAM7Fj2b6LXibNlbSbtyWUAyW2QNDR/0bZpc
Received: from lzZGq2WEGeQ.com ([87.124.110.208]) by COL004-MC3F55.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712);
Thu, 10 Jul 2014 01:25:28 -0700
From: =?utf-8?b?QSBUICYgVA==?=  <hc6DqrJv@yiTuN.com>
Message-ID: <RNUB4e5@S87Q1Jcgi.com>
Subject: XXXXXXXX, =?utf-8?b?TGltaXRlZC10aW1lIG9ubHk6IFNlZSBvdXIgRiBSIEUgRSBwaG9uZXMh?=
Reply-To: <uAKeDhIsr@FPHOSr.com>
MIME-Version: 1.0
Content-Type: text/html; charset=”utf-8″
Content-Transfer-Encoding: 7bit
Bcc:
Return-Path: wwbjj@masefieldsaidelqd.com
X-OriginalArrivalTime: 10 Jul 2014 08:25:28.0568 (UTC) FILETIME=[81AB7780:01CF9C18]
Date: 10 Jul 2014 01:25:28 -0700

That’s a lot of very obscure data. But don’t worry, there are free online tools that will break this down for you. One of my favorites is http://www.iptrackeronline.com/email-header-analysis.php. Just paste the header into the box and press submit header for analysis. Scroll down and you will see the following:

ATT3

Very interesting, the email originated from somewhere in the United Kingdom. Once more, this alone is enough to let you know to just delete this email.

Blacklisted Domains and URLs

If you are still not sure, you can use another free service call Blacklist check. One of my favorites is http://mxtoolbox.com/blacklists.aspx (which also has an Email header Analyzer). Just enter the first part of the email address we got from hovering (http://masefieldsaidelqd.com/) and press Blacklist Check.

ATT4

No surprise, the address is blacklisted (identified as a known source of spam and malicious emails). So now we have more than enough evidence to delete the email and notify our supervisor.

Always keep in mind that the best thing to do is alert you supervisor and / or your IT team immediately when you suspect you have a malicious email. It is always better to be safe than sorry.

Replacing Your iPhone Battery

Standard

Recently my iPhone battery has been losing its charge rather quickly, and this has become very inconvenient. It has come to a point where I need to make sure it’s at least 90% charged before I take it on a 30 minute run to listen to music. If not, I start to lose motivation half way through due to the lack of Beastie Boys rocking in my ear. So I decided I need to replace the battery, but can iPhone batteries be replaced?

I guess I always had thought, due to its sleek design and not too visible access points to the interior, that if something starts to fail on the iPhone you have to get a new phone. I started looking around and asking the technicians at Everon about different parts of my phone and if they can be fixed and was surprised to find out that a lot of these replacements can be done very quickly and are cost effective. You can send your phone into Apple for about $80 and they will replace your battery for you. sam's blog postOr you can go the DIY route. If you do want to do it yourself there are kits available, ranging from $5-$30. The kits include the tools to open your phone safely without harming your screen and a replacement battery. I found these tool kits on Amazon.com along with another possible solution, mobile battery chargers! Along with replacing my battery, I think it’s an awfully good idea to have one of these compact chargers on hand just in case. Now I am so excited to go on an extra-long run and not worry about my tunes cutting out half way through!  

How To Email A Web Page To A Friend

Standard

MS Logo

 

Oftenwhen a web page I come across something I like, for those pages that don’t have an e-mail option following the below simple steps can allow you to send a link to a friend.

Internet Explorer users

Send a friend the web page you are viewing by clicking File, Send, and “Page by E-mail”. If you do not see the File menu press the ALT key.

Firefox users

Right-click on the page you wish to send to your friend and in the menu click Send link.

Opera users

Right-click on the page you wish to send to your friend and in the menu click Send link by Mail.

Netscape users

Send a friend the web page you are viewing by clicking File, and “Send Page”.

Quick trick on How To Remove ALL Windows Temp Files

Standard

Windows has temp files stashed in a wide variety of places, including hidden directories that most people will never find.  These hidden temp file locations are some of the favorite hiding places for viruses and malware.  In some cases, they can slow down a computer that is running low on disk space.

The best application that I have found to accomplish this is TFC.EXE by Old Timer.

I clear all temp files
1. before running virus/malware scans
2. and on computers that are running slow.

Here is how I use TFC.exe to remove all these hidden temp files.

NOTE:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Here is how to use TFC to remove all your hidden temp files.

1.

Download your copy of TFC.exe

You can do a search for TFC.exe and Old Timer to find a current location that offers the file.

One such location is:

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

2.

Close all open applications

Save your work and close all applications.

3.

Run TFC.exe

All applications will be stopped and you maybe forced to reboot after the scan and removal process is completed.

SAVE ALL YOUR WORK

TFC needs no installation and can be run directly.by clicking on the TFX.EXE file.

Microsoft Surface Hidden Keyboard Commands

Standard

The Microsoft Surface is a truly powerful and portable device. However the surface type cover is definitely created to be a portable accessory.  It is a compact and space-saving keyboard; and anyone who is used to a regular sized keyboard will immediately notice it is missing common keys.

surface_keyboard_1

Some compromises had to be made for the Surface Pro and Surface RT’s keyboards. As is the case with many portable devices, space is at a premium, and certain non-essential keys had to be shifted to secondary function positions or dropped altogether.

surface_keyboard_3

Using the FN key you have access to a lot of the functions that are not immediately apparent. The FN key will allow to access the functions on the “F” keys that will give options such as search, charm bar, and volume control, however there are more option than you may know.

 

Fn + Del – Increase screen brightness

Fn + Backspace – Decrease screen brightness

Fn + Left – Home

Fn + Right – End

Fn + Up – Page Up

Fn + Down – Page Down