Friday, August 14, 2020

C# .NET How to create a custom clipboard format to copy and paste

The following console application is fully functional working code to demonstrate how to create a custom clipboard format, when these standard formats will not suffice. 

In below example source code specifically, we are creating a custom class Infopic to paste onto the clipboard. 

Result: 

When you copy an image from a browser, and paste into MSPaint, you'll get the expected image.
When you paste into Notepad, you'll get a text message. 

See it in action with my tool - https://clipboardplaintextpowertool.blogspot.com/ 

using System;
using System.Collections.Generic;
using System.Data;
using System.Text;
using System.Windows.Forms;
using System.Drawing.Imaging;
using System.Drawing;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace ClipboardCustomFormatEx
{
    class InfoPic
    {
        public System.Drawing.Image imgctnr { get; set; } //image container
        public string info { get; set; } //image caption
    }

    class Program
    {
        [STAThread] //TIP! Set this to get clipboard handle from a console app
        public static void Main(string[] args)
        {

            Console.WriteLine("Right-click COPY a image from your open brower. Press any key to start...");
            Console.ReadKey();

            //Let's grab clipboard - Do we have access and is there data 
            System.Windows.Forms.IDataObject iData = Clipboard.GetDataObject();

            if (iData == null)
                return;

            //check is we have standard Bitmap format available 
            if (!iData.GetDataPresent(DataFormats.Bitmap))
                return;

            Bitmap clipBMP = iData.GetData(DataFormats.Bitmap) as Bitmap;

            if (clipBMP == null)
                return;

            string imgInfo = "This image is a Bitmap " + clipBMP.PixelFormat.ToString();

            //Create on custom object to place on clibpoard. 
            InfoPic obj = new InfoPic();

            //Load object 
            obj.imgctnr = clipBMP;
            obj.info = imgInfo;

            //Some suggests we should serialize the object before placeing onto clipboard but not required

            //Set and use a custom format that represents our object with clipboard. It can be any name, using "AssemblyName"."ClassName", in this case. No need to "register" foramt ahead of time, any longer as in C using RegisterClipboardFormatA
            string myCustomFormat = "ClipboardCustomFormatEx.InfoPic";
            Clipboard.SetData(myCustomFormat, obj);

            Console.WriteLine("Success. ClipboardCustomFormatEx.InfoPic is pasted on clipboard. Press any key to continue...");
            Console.ReadKey();
            Console.WriteLine("Okay. Let's get grab the ClipboardCustomFormatEx.InfoPic object from the clipboard.");
            
            //Let's get all data ojbects to check if clipboard is accessible and initialize object
            IDataObject clipobj = Clipboard.GetDataObject();
            if (iData == null)
                return;

            //Does custom format live on clipboard 
            if (Clipboard.ContainsData(myCustomFormat) == false)
                return;

            InfoPic myPaste = clipobj.GetData(myCustomFormat) as InfoPic; //cast is safe

            Console.WriteLine("ClipboardCustomFormatEx.info = " + myPaste.info);
            Console.WriteLine("ClipboardCustomFormatEx.imgctnr size = " + myPaste.imgctnr.Size);
            Console.WriteLine("Success. Got ClipboardCustomFormatEx.InfoPic. Press any key to repaste to overload regular formats.");
            Console.ReadKey();

            Clipboard.Clear();

            //re-paste to test using standard formats acceptable to most programs
            System.Windows.Forms.IDataObject objFormatstoPaste = new DataObject();
            objFormatstoPaste.SetData(DataFormats.Text, "Repasted Image");
            Bitmap repasteBMP = (Bitmap)myPaste.imgctnr;
            repasteBMP.RotateFlip(RotateFlipType.RotateNoneFlipY); //upside down

            objFormatstoPaste.SetData(DataFormats.Bitmap, repasteBMP);

            Clipboard.SetDataObject(objFormatstoPaste, true);

            Console.WriteLine("Success. ClipboardCustomFormatEx.InfoPic is pasted on clipboard.");
            Console.WriteLine("Open Notepad and paste (CTRL-V), you'll get text. Open MSPaint and you'll paste the image!");
            Console.ReadKey();
        }
    }
}

Wednesday, August 12, 2020

C# .NET How to overload clipboard to handle multiple formats simultaneously

The following console application is fully functional working code to demonstrate how to overload Windows system clipboard with multiple formats

In below example source code specifically, we are overloading a image copy to append a caption.

Result: 

When you copy an image from a browser, and paste into MSPaint, you'll get the expected image.
When you paste into Notepad, you'll get a text message.

This is the overload in action, an additional text format has been added. 

See it in action with my tool - https://clipboardplaintextpowertool.blogspot.com/ 

Update - Simplified further Aug 13, 2020.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Text;
using System.Windows.Forms;
using System.Drawing.Imaging;
using System.Drawing;

namespace ClipboardOverloadExample
{
    class Program
    {
        [STAThread] //TIP! Set this to get clipboard handle from a console app
        public static void Main(string[] args)
        {
            Console.WriteLine("Right-click COPY a image from your open brower. Press any key to start...");
            Console.ReadKey();

            //Let's grab clipboard, do we have access and does it contain data?
            System.Windows.Forms.IDataObject iData = Clipboard.GetDataObject();

            if (iData == null)
                return;
            
            //check if we have a standard Bitmap format on the clipboard 
if (!iData.GetDataPresent(DataFormats.Bitmap)) return; //we have Bitmap format and thus we can perform cast safely Bitmap clipBMP = iData.GetData(DataFormats.Bitmap) as Bitmap; if (clipBMP == null) return; string imgInfo = "This image is a Bitmap " + clipBMP.PixelFormat.ToString(); //Create an object that will contain multiple formats to paste - overload System.Windows.Forms.IDataObject objFormatstoPaste = new DataObject(); //add formats to put on clipboard objFormatstoPaste.SetData(DataFormats.Text, imgInfo); objFormatstoPaste.SetData(DataFormats.Bitmap, clipBMP); //Copy to the clipboard, and the 2nd parameter indicates that the clipboard is not cleared when the program exits Clipboard.SetDataObject(objFormatstoPaste, true); Console.WriteLine("Success. You can exit program, but to test overload of clipboard, do the following:"); Console.WriteLine("Open Notepad and paste (CTRL-V), you'll get text. Open MSPaint and you'll paste the image!"); Console.ReadKey(); } } }

Tuesday, August 4, 2020

Recent Reverse Engineering open source tools for Windows exe and dlls for malware/virus analysis

Let's back up a bit, what is a exe? 

.Exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows. The Portable Executable (PE) format is a file format for executables (exe), object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems.

How is exe created? 

Compilers take C/C++/C#/Python code and compile it into the PE format, which is not very human friendly to read. 

Why infect it? 

A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action (such as destroying data). An example of this is a PE infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files. 

The PE Format Specification

Portable Executable (PE) format is a specification describes the structure of executable (exe) files and object files under the Windows family of operating systems. These files are referred to as Portable Executable (PE) and Common Object File Format (COFF) files, respectively. 

























Source : http://dandylife.net/blog/archives/date/2015/02/page/2


An Exe opened in a Hex Editor














How to reverse engineer exe? 

Some recent PE Reverse Engineering Tools of note; 

  • PE-bear is a freeware reversing tool for PE files.  Its objective was to deliver fast and flexible “first view” tool for malware analysts, stable and capable to handle malformed PE files. The PE-bear’s  parser is open  source: https://github.com/hasherezade/bearparser (works for windows and linux). It comes with a command-line tool (bearcommander).  For windows requires Microsoft Visual C++ 2010 Redistributable Package. 

  • BlackBerry, PE Tree's https://github.com/blackberry/pe_tree , but requires Python to run.







Thursday, July 30, 2020

Phishing Email - Shopper's Drug Mart Customers Day

For the record, this is a Shopper's Drug Mart phishing email attempt that is recently going around.  What to do?  Report them, goto bottom of page.


From : Shoppers Drug Mart <###christophep@cpixxi.com>


Subject :  Shoppers Day Mart Customers!




PHISHING LINKs;

1. http://u9779008.ct.sendgrid.net/............



How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have recievied this email take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Wednesday, July 29, 2020

How to Delete Microsoft Edge Crash Reports (.dmp) Files

How to Delete Microsoft Edge Crash Reports (.dmp) Files



.dmp file hole
MS Edge .dmp hole




This post will deal with Microsoft Edge Crash Reports (.dmp) Files which get generated when Edge crashed and this report is generated and sent to Microsoft. 





BTW You can turn off that feature in Settings, search for "crash reports", and you get the following setting. A restart is required of the browser to take effect.

d data about how you use the browser

Microsoft Edge Crash Reports (.dmp) Files are generate in the following directory 

%HOMEPATH%\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports


These file are about 504Kb in size, but are not being cleanup. The good news is that these files can be analyze and viewed using WinDbg, check the following links; 

  • https://support.microsoft.com/en-us/help/315263/how-to-read-the-small-memory-dump-file-that-is-created-by-windows-if-a
  • https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools


A deep discussion of these files is located at the Chromium Dev Group discussion, see
https://groups.google.com/a/chromium.org/forum/#!topic/crashpad-dev/2YZHzOpeAT8

Here's how to do some spring cleaning of your Microsoft Edge Crash Reports (.dmp) Files.

DMP files are generated in following directory

%HOMEPATH%\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports

Copy and paste following batch file code and save it with .bat extension, and run it from a command line. 


REM Removing Microsoft Edge Crash Reports (.dmp) Files in a Batch Program
REM Wed 29-Jul-20 1:52pm MetadataConsulting.ca
REM DEL COMMAND
REM /P  Prompts for confirmation before deleting each file.
REM /F  Force deleting of read-only files.
REM /S  Delete specified files from all subdirectories.
REM /Q  Quiet mode, do not ask if ok to delete on global wildcard
REM /A  Selects files to delete based on attributes
REM attributes  R Read-only files S System files H Hidden files A Files ready for archiving - Prefix meaning not
echo. Begin Edge Crash Reports (.dmp) Delete
cd "%HOMEPATH%\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports"
DEL /F /S /Q *.dmp
echo. End *.DMP Delete

Thursday, July 23, 2020

C# .NET How to convert IPv4 mapped to IPv6 CIDR address

Converting IPv4 addresses that have been mapped into the IPv6 address as follows; 


Source: http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm

Here's how to convert the IPv4 mapped to IPv6 address CIDR value 

Example:   222.1.41.90/23  maps to  ::FFFF:222.1.41.90/119

C# Code to convert CIDR from IPv4 to mapped IPv6 address


        public static byte ConvertIPv4toIPv6CIDR(this byte CIDRIPv4)
        {
            //IPv4 CIDR - https://www.keycdn.com/support/what-is-cidr
            //IPv6 range for IPv4 conversion, startfrom bottom
            //https://www.easycalculation.com/other/cidr-blocks-table.php

            if (CIDRIPv4 < 1 || CIDRIPv4 > 32) return 0; // /1-32 range accepted for ipv4

            int CIDRipv6 = 128 - (32 - CIDRIPv4); //lower is 96
            
            return (byte)CIDRipv6;
        }

Wednesday, July 22, 2020

How to get back Local User and Group Management (lusrmgr.msc) snap-in for Windows 10

If you have tried to add back Local User and Group Management (lusrmgr.msc) and it fails on Windows 10 Home and Education versions. Below is solution.

Try this first to bring back snap-in using; 
  1. Open Run and type mmc.exe then press Enter.
  2. Click File then Add/Remove Snap-in.
  3. A small window should pop up, click Local Users and Groups then click Add >.
  4. Choose Local computer for the Target Machine then click Finish and to complete it click OK.

This should add the Local Users and Groups Snap-in to lusrmgr.msc. It will fail for some Windows Editions.
















Here's how to get lusrmgr.msc back for Windows 10

A developer has created a open-source version available here
https://github.com/proviq/lusrmgr/releases/download/1.6.1/lusrmgr.exe


Wednesday, July 15, 2020

Tip! How to clear/delete many/lots/bulk/hundreds of emails from Outlook.com online

Here's a tip about deleting emails from Outlook.com online. 

It seems due to the caching nature of Outlook.com, when you search for a email to delete, you have to wait for all the result to return. The very first search does not always return all the matched emails especially if there are over hundred matches. You have to search again and again.

Tip!

On average, I have found that search for the desired email a minimum of 3 times and scroll to the bottom of the window on the 3rd search to finally get all the matched emails 
and then choose Delete all button. This applies to approx. 75 matches or more and/or many pages. 


Searching for promo@... 3 times and scroll to end of page returning over 100 matches

Tuesday, July 14, 2020

How to clear cookies from Emacs

In Emacs, you can generally select a buffer and delete using the command C-x h C-w .

However, the cookie buffer .%* *url cookies* is read-only and you cannot delete it from inside of Emacs.






































Here's how to delete EWW Browser cookies from Emacs.

Paste this into your into Run [WIN+R], to open the Emacs cookie folder or in Windows Explorer

%UserProfile%\AppData\Roaming\.emacs.d\url


cache
cookies
cookies~

Delete cookies and cookies~ files. You can blow of the cache folder, if you need to. It contains downloaded images from pages you visit. It may contain 1x1 .GIF trackers. 


Here's how to install Emacs and browse
https://metadataconsulting.blogspot.com/2020/04/How-to-get-a-Text-Browser-for-Windows-7-10-Surf-the-web-in-text-only-no-ads.html

Wednesday, July 8, 2020

C# .NET IO.Path.GetExtension vs PInvoke Win32 PathFindExtension Native API Speed Comparison

Here's how to get a file extension comparing P/Invoke  Win32 API Native PathFindExtension with .NET IO.Path.GetExtension method.

Analysis 

P/Invoke PathRemoveExtension on 1st run is 'slow' due to overhead and loading metadata into cache. On successive runs, this drops down to 4 ticks. 

Likewise, Path.GetExtension on initial load is 'slow' to load metadata in cache. On successive runs this is 2 ticks


Using PrepareMethod to pre-cache a method call but the call costed to much, therefore for preformance gain, just call the method twice. 

Run results


Built-in Path.IO Get File Extension - 1st run
exe in ticks 14
Built-in Path.IO Get File Extension - 2nd run
exe in ticks 2

P/Invoke PathFindExtension - DOES NOT WORK?
C:\Windows\write.exe in ticks 1554

PrepareMethod Path.IO GetFileExtension Encapsulated Method - 1st run
exe in ticks 3969
Call Path.IO GetFileExtension Encapsulated Method - 2nd run
exe in ticks 4

P/Invoke PathRemoveExtension - 1st run
exe in ticks 131
P/Invoke PathRemoveExtension - 2nd run
exe in ticks 4
P/Invoke PathRemoveExtension - 3rd run
exe in ticks 4

Source Code (can't use online .NET Fiddle for P/Invoke calls) 


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Reflection;

namespace GetFileExtensionPInvoke
{
    class Program
    {
        public static class MethodWarmerUper
        {
            public static void WarmUp(string methodName)
            {
                var handle = FindMethodWithName(methodName).MethodHandle;
                RuntimeHelpers.PrepareMethod(handle);
            }

            private static MethodInfo FindMethodWithName(string methodName)
            {
                return
                    Assembly.GetExecutingAssembly()
                            .GetTypes()
                            .SelectMany(type => type.GetMethods(MethodBindingFlags))
                            .FirstOrDefault(method => method.Name == methodName);
            }

            private const BindingFlags MethodBindingFlags =
                BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic |
                BindingFlags.Instance | BindingFlags.Static;
        }

        public static class IOMethod
        {

            public static string GetFileExtension(string s)
            {
                return Path.GetExtension(s); 
            }
        }
        
        
        // <summary>
        /// Removes the file name extension from a path, if one is present.
        /// </summary>
        /// <param name="pszFile">A pointer to a null-terminated string of length MAX_PATH from which to remove the extension.</param>
        [DllImport("shlwapi.dll", EntryPoint = "PathRemoveExtensionW", SetLastError = true, CharSet = CharSet.Unicode)]
        public static extern void PathRemoveExtension([MarshalAs(UnmanagedType.LPWStr)]System.Text.StringBuilder pszFile);

        //https://docs.microsoft.com/en-us/windows/win32/api/shlwapi/nf-shlwapi-pathfindextensionw
        // <summary>
        /// Returns the address of the "." that precedes the extension within pszPath if an extension is found, or the address of the terminating null character otherwise.
        /// </summary>
        /// <param name="pszFile">A pointer to a null-terminated string of length MAX_PATH from which to remove the extension.</param>
        [DllImport("shlwapi.dll", EntryPoint = "PathFindExtensionW", SetLastError = true, CharSet = CharSet.Unicode)]
        public static extern void PathFindExtension([MarshalAs(UnmanagedType.LPWStr)]System.Text.StringBuilder pszFile);
        
        static void Main(string[] args)
        {
            string filepath = @"C:\Windows\write.exe";
            string ext = string.Empty;  
            StringBuilder sbExt = new StringBuilder(filepath); 
            Stopwatch sw = new Stopwatch();

            
            Console.WriteLine("\nBuilt-in Path.IO Get File Extension - 1st run");
            sw.Start();
            ext = Path.GetExtension(filepath);
            sw.Stop();
            ext = ext.TrimStart('.'); //add 1 tick
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            Console.WriteLine("Built-in Path.IO Get File Extension - 2nd run");
            sw.Start();
            ext = Path.GetExtension(filepath);
            sw.Stop();
            ext = ext.TrimStart('.'); //add 1 tick
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            Console.WriteLine("\nP/Invoke PathFindExtension - DOES NOT WORK?");
            sw.Start();
                PathFindExtension(sbExt);
                //Console.Error.WriteLine("Get Win32 Error = "+ Marshal.GetLastWin32Error());
            sw.Stop();
            Console.WriteLine(sbExt.ToString() + " in ticks " + sw.ElapsedTicks);
            Console.WriteLine(""); 
            sw.Reset();

            Console.WriteLine("PrepareMethod Path.IO GetFileExtension Encapsulated Method - 1st run");
            sw.Start();
                MethodWarmerUper.WarmUp("GetFileExtension"); //very poor performance
            sw.Stop();
            ext = ext.TrimStart('.'); //add 1 tick
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            Console.WriteLine("Call Path.IO GetFileExtension Encapsulated Method - 2nd run");
            sw.Start();
            ext = IOMethod.GetFileExtension(filepath);
            sw.Stop();
            ext = ext.TrimStart('.'); //add 1 tick
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            Console.WriteLine(""); 
            sbExt = new StringBuilder(filepath);
            Console.WriteLine("P/Invoke PathRemoveExtension - 1st run");
            sw.Start();
                PathRemoveExtension(sbExt);
            ext = sbExt.ToString();
            ext = filepath.Replace(ext,"");
            ext = ext.TrimStart('.'); //add 1 tick
            sw.Stop();
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            sbExt = new StringBuilder(filepath);
            Console.WriteLine("P/Invoke PathRemoveExtension - 2nd run");
            sw.Start();
                PathRemoveExtension(sbExt);
            ext = sbExt.ToString();
            ext = filepath.Replace(ext, "");
            ext = ext.TrimStart('.'); //add 1 tick
            sw.Stop();
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();

            sbExt = new StringBuilder(filepath);
            Console.WriteLine("P/Invoke PathRemoveExtension - 3rd run");
            sw.Start();
                PathRemoveExtension(sbExt);
            ext = sbExt.ToString();
            ext = filepath.Replace(ext, "");
            ext = ext.TrimStart('.'); //add 1 tick
            sw.Stop();
            Console.WriteLine(ext + " in ticks " + sw.ElapsedTicks);
            sw.Reset();


            Console.ReadKey(); 

        }
    }
}

Monday, July 6, 2020

How to Fix Visual Studio Installer blank screen

If you are getting a blank screen when launching Visual Studio Installer, you don't have to uninstall and reinstall. A blank screen may appear on some Windows 10 installation on older PC/Laptops. This is super frustrating since there is no awareness that this is an issue by Microsoft support and no command line options to disable the GPU.



How to fix the blank screen for Visual Studio Installer

Search and find Visual Studio Installer. Right-click and choose Open file location.






















Right-click Visual Studio Installer icon and choose Properties. 























Choose Compatibility tab



































Check Run this program in compatibility mode for: Windows 8












Sunday, June 28, 2020

Ebay Phishing Email - We have a surprise for ebay

For the record, the eBay email is going around with subject 
We have a surprise for ebay 📣

This email tries to trick you into previewing the images below, and you may think that is safe, but is the catch. 

What to do?  Report them, goto bottom of page.


From :  Congratulation <N7aLJ@n7alj.us>

Subject :  We have a surprise for ebay 

Has A Big Surprise For You


Claim one of our free exclusive

reward offers (minimum value $90)

if you can't see the images below please , click here <---PHISHING LINK 






How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Saturday, June 27, 2020

Home Depot Phishing Email - Open Immediately

For the record, the Home Depot Phishing email is going around with subject Open Immediately



What to do?  Report them, goto bottom of page.


From : Hᴏᴍᴇ dᴇᴘᴏt <executive@rsm.nl>

Subject : Open Immediately

Last day to claim your free Reward!

We have a surprise for Home Depot Shoppers
HOME DEPOT Gift Card

Congratulations!
You have been selected to get an exclusive reward
To qualify for this special offer, simply complete our 30-

second marketing survey about your shopping experiences
Click OK to start

801 US Highway 1
North Palm Beach, FL 33408

You may unsubscribe at any time. Unsubscribe





How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Wednesday, June 24, 2020

Phishing Email Netflix with Subject Re: Update Monthly Subscription - We have cancellation your Subscription Plan on

For the record, the Netflix Phishing email is going around with subject Re: Update Monthly Subscription - We have cancellation your Subscription Plan on xx/xx/2020



What to do?  Report them, goto bottom of page.


From : Netflix <mnthlysubscriptions-mmbership.euxxxxx@msdnikcesocpid.com>

Subject : Re: Update Monthly Subscription - We have cancellation your Subscription Plan on xx/xx/2020. 

NETFLIX
Monthly Subscription Plan
Hi,

Sometimes, you need to check, change or fix a
subscription payment method.
This occurs when Netflix try to take a payment as
the monthly charge for subscription service.

To resolve these issues, please go to Netflix home

Netflix Homepage - PHISHING LINK - http://hostsnetid-
awlcs.newcoverlinksdir.reviews/xxxxxxxx

We are ready to help. Please visit the Help Center for
more information.
Best Regards,

Netflix International B.V.





How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx