Phishing Email - SharePoint Incoming Fax +1 425-462-9468 at 10-40 AM PDT

For the record, this is the first SharePoint phishing email attempt that is recently going around and made it through spam filters. What to do?  Report them, goto bottom of page.

From : Incoming Fax.com File Report Message Services@(fax.comfilemessagenotificationservices@Incomingfax.com...) Subject : Incoming Fax +1 425-462-9468 at 10-40 AM PDT Notification Summary You received a new incoming message sent through Fax. FAX DETAILS Northeast Arc > Contracts Data 8-23 File Type: PDF Size: 24.10 KB • Created: 10/01/18 10:57pm Creator: Share Point Fax View Fax Dates are displayed in UTC -5 Click here to change how often ShareFile sends emails Powered By Citrix ShareFile 2018 Phishing Email LINK behind View Fax https://arcadiaglasshouse-my.sharepoint.com/:b:/p/melissa/EYb2ACyOW4BCh_GeiJXj5-4BR8hnLL86Rg8llaGMhGhZog?e=TcFOqG SHAREPOINT CONTENT   which leads to....

How to tell this is a Phishing email ?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, look for odd links.
   
   
3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Mismatch Quotes Online Checker using Regex

Check matches of single quote or double quotes, enter your test string. 

Check Single Quotes

   

Check Double Quotes

 

Highlights values between double quotes



Highlights values between single quotes


Earlier Versions

Mismatch Quotes Detector v2

Mismatch Quotes Detector Original

Windows 10 Handwriting feature "Ink Workspace" Index store scrapped for sensitive information

"Once (Windows 10 Handwriting feature "Ink Workspace") is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature," Skeggs says.

File Contents

The following data has been identified within WaitList.dat records.

Microsoft Outlook Email:
·        Date/Time
·        Email subject
·        Sent flag
·        Type (Email/Document/Contact)
·        Recipients (Does not distinguish between ‘To’, ‘CC’ and ‘BCC’) 
Note: Does not store ‘From’ value, however this can often be identified in email signatures)
·        Meeting Location (only when email is a calendar invite)
·        Body of file
Contact:
·        Address
·        City
·        State
·        Country
·        Full Name
·        Title
·        Contact Details (email/phone/url)
Note: Contacts added from Skype/Lync may be recorded as a ‘sent’ email item, due to the way Outlook imports/stores the contact.
Documents (.pdf, .xlsx, .txt, .doc and .docx files have been tested):
·        Date/Time
·        DocumentID (use to compare document indexes over time) – format unknown
·        Body of file
·        Company
It is likely that other values are stored in additional data types, however this is the extent of data I have identified in my testing procedures.

Source : https://www.zdnet.com/article/this-windows-file-may-be-secretly-hoarding-your-passwords-and-emails/#