• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

A Case in Point

Hi Forum

Tonight in my OE inbox, I received an email that appeared to be an E-Card that was sent to me. This is a time when I wish that Symantec would be scanning my emails. Since I have to use Port 587, they are not being scanned. My birthday is coming up next week. The sender space and the subject seemed to be kind of general like I would call it. I remember getting E-Cards in the past and the sender's name or email address would be either in the sender's spot or in the subject line. This one just said E-Card as the sender and You Have Received a E-Card Greeting. Even though my birthday is next week, there was no mention of who actually sent it that was visible. I looked at the properties of the card without opening it up. I can see the header information by doing that, but the card isn't opened up. I could see 1 2 3 Greetings APPEARED to be the company that sent the card. Now that is a well-known Greeting card company. Above that address though was some other address. One that I didn't recognise. Using that Properties, you can also see the message without opening it up.  There seemed to be a name inside of someone who supposedly sent this E-Card. I didn't recognise that name either. I have gotten Email cards in the past, so I know there is usually  a link inside the email so you can see the card. Best practice is to copy that link and copy it into your browser to open it up. I could see the message part without opening it up and there was no link or number of the card. I no longer have that email in my inbox since I deleted it without opening it up. I knew what to do about it, but this is a case when I wish that Symantec would implement scanning of emails from other than just what used to be the only standard ports for email. I've been told by Symantec Staff that they will implement that scanning of the new standard ports, but not until the next version in 2011. Oh, another clue I had about this email. Inside the message part, I saw that they spelled Greettings incorrectly and the email addy was like 1 2 3 Greettings.net.com. I don't think there is any email address that uses both .net. com like that.

Yes,  I might have been protected if I had opened up that email, but why should I have to take that chance that the 2nd layer of protection would have kicked in? It was so very tempting to open it up since my birthday is next week, but I resisted that temptation and deleted it without opening it up. Perhaps if it were scanned like it would have been if I could use standard ports for email, then maybe it would never have reached my inbox.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.

Replies

Kudos0

Re: A Case in Point

Hi Forum

Tonight in my OE inbox, I received an email that appeared to be an E-Card that was sent to me. This is a time when I wish that Symantec would be scanning my emails. Since I have to use Port 587, they are not being scanned. My birthday is coming up next week. The sender space and the subject seemed to be kind of general like I would call it. I remember getting E-Cards in the past and the sender's name or email address would be either in the sender's spot or in the subject line. This one just said E-Card as the sender and You Have Received a E-Card Greeting. Even though my birthday is next week, there was no mention of who actually sent it that was visible. I looked at the properties of the card without opening it up. I can see the header information by doing that, but the card isn't opened up. I could see 1 2 3 Greetings APPEARED to be the company that sent the card. Now that is a well-known Greeting card company. Above that address though was some other address. One that I didn't recognise. Using that Properties, you can also see the message without opening it up.  There seemed to be a name inside of someone who supposedly sent this E-Card. I didn't recognise that name either. I have gotten Email cards in the past, so I know there is usually  a link inside the email so you can see the card. Best practice is to copy that link and copy it into your browser to open it up. I could see the message part without opening it up and there was no link or number of the card. I no longer have that email in my inbox since I deleted it without opening it up. I knew what to do about it, but this is a case when I wish that Symantec would implement scanning of emails from other than just what used to be the only standard ports for email. I've been told by Symantec Staff that they will implement that scanning of the new standard ports, but not until the next version in 2011. Oh, another clue I had about this email. Inside the message part, I saw that they spelled Greettings incorrectly and the email addy was like 1 2 3 Greettings.net.com. I don't think there is any email address that uses both .net. com like that.

Yes,  I might have been protected if I had opened up that email, but why should I have to take that chance that the 2nd layer of protection would have kicked in? It was so very tempting to open it up since my birthday is next week, but I resisted that temptation and deleted it without opening it up. Perhaps if it were scanned like it would have been if I could use standard ports for email, then maybe it would never have reached my inbox.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos0

Re: A Case in Point

Flopot,

I agree with you completely that Symantec should implement scanning in these (new) standard ports, and even go so far as to include a custom setting for setting one's own port to scan e-mail.

But you also have to look at the otherside - The e-mail scanner uses the same v.defs as auto-protect, so if an infected e-mail comes through anyway, the only thing that might stop it is SONAR. So the fact that they don't scan the incoming e-mail makes little difference in terms of unknown threats, but obviously it is far more convienient to have the e-mail stopped before it gets to your inbox, instead of only finding out it was infected after opening.

Matt

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos1 Stats

Re: A Case in Point

Hi, floplot,

This is also something that I'd like to see being done, or, the Spam Definitions actually Scans all your e-mails - like the Auto-Protect Scanner-style - that are one that Page that you are looking at and Removes it from your Inbox Automatically.  Even if it didn't have a Threat in it, if you Opened that e-mail, a Auto-Reply to the Attacker/Spammer may be Sent to their e-mail account alerting them that this is an Active Account which the Spammer will use to Spam and/or try to guess your Password.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: A Case in Point

Flo,

In a situtation like that, go into your settings and change it to "display text only".  Then you can look at the entire card safely.  Links are disabled and no pictures are displayed.  But you can look for your own name as more proof that the card is probably legitimate or not.

It's not 100% or not.

You can also look up the sender's address on Google and see if this sender is already associated with malware/spam.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: A Case in Point

Hello floplot,

Many ISPs have switched to port 587 for Outgoing email due to security issues. As long as you have Norton email scanning enabled on a standard supported incoming port (Port 110-POP3), your incoming email will be scanned for viruses and threats. Is your email configured for incoming email on port 110?

The problem with the "fake" ecard messages is that they do not necessarily contain viruses, but contain links which may lead the user to hazardous sites which will attempt to download threats.

Legitimate ecard messages will contain additional instructions on how to retrieve the ecard in a safe manner instead of just clicking the link.

As long as you have Norton scanning a supported incoming port and you follow the instructions for safely navigating to your ecard, you should be well protected.

And, may I wish you an early Happy Birthday!

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: A Case in Point

Hi Phil

Thank you for the early birthday wishes. Yes, my email is set up for port 110 for incoming emails. We have only had to change the outgoing email port to 587. Yes, I know what the e-card message should look like inside the email. I could see that the necessary information to retrieve the card wasn't there like it should have been if it was legit. I knew enough to look at the information by using the properties of the email, but I wasn't aware of the information that mij provided.  I've used that Greeting card company in the past to send out a couple of email cards, but I usually like using free email stationeries that I can get for Outlook Express and use those stationeries. The sites I use to get them from I know are safe. It does get scary though when you get email notifications from what appears to be a reliable source except for the obvious spelling errors that I  could see without opening it up. If it wasn't for the fact that it arrived so close to my birthday, I wouldn't have thought twice of deleting it without opening it. The people who might send an e-card email to me would have waited till my actual birthday to send it any way.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos0

Re: A Case in Point


Phil_D wrote:

Hello floplot,

Many ISPs have switched to port 587 for Outgoing email due to security issues. As long as you have Norton email scanning enabled on a standard supported incoming port (Port 110-POP3), your incoming email will be scanned for viruses and threats. Is your email configured for incoming email on port 110?

The problem with the "fake" ecard messages is that they do not necessarily contain viruses, but contain links which may lead the user to hazardous sites which will attempt to download threats.

Legitimate ecard messages will contain additional instructions on how to retrieve the ecard in a safe manner instead of just clicking the link.

As long as you have Norton scanning a supported incoming port and you follow the instructions for safely navigating to your ecard, you should be well protected.

And, may I wish you an early Happy Birthday!


And to add to this (not so much for you, Flo, as for everbody following this thread):

You should never HAVE to follow a link in an email.  If the email is legitimate, it should only be a message about the availability of something if you go to the site in the normal manner, that is, not by clicking on a link in an email.  Banks, credit card companies, merchandisers, greeting card companies are all learning this: They tell you to go to the site in the normal manner and to look for a message when you get there.

If that's not what I see, then I just forget about it.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: A Case in Point

I have gotten Email cards in the past, so I know there is usually  a link inside the email so you can see the card. Best practice is to copy that link and copy it into your browser to open it up.


Exactly, as I mentioned in my first post and not to click on links in the email itself.. But it does make it clearer to have that said separately and not just in my long first post.
Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.