Deze week is er een aanpassing van het Belgische Wetboek uitgevoerd, die het eindelijk mogelijk maakt om via email kennisgeving te doen… zodat je via elektronische mail rechtsgeldige verzending zou moeten kunnen doen. Zou…
Want het is misschien wel een grote stap vooruit in de rechtsspraak… maar waarom zou je de tegenpartij moedwillig in de kaart willen spelen? In het ergste geval zou je dus ZELF het bewijs gaan leveren aan de tegenpartij…
‘Als blijkt dat u de mail gelezen heeft, door te antwoorden of via een leesbevestiging, dan is de kennisgeving sowieso geldig gebeurd.’ Het voorgaande impliceert dat e-mailgebruikers maar beter voorzichtig met leesbevestigingen omspringen. Zonder leesbevestiging of antwoord is het nog altijd aan de verzender om te bewijzen dat de ontvanger de mail wel degelijk ontvangen of gelezen heeft.
Maar hoe schakel je die ontvangstbevestiging van mail nu uit?
Voor enkele van de meest gebruikte mail programma’s geef ik je alvast de nodige stappen mee. Voor alle duidelijkheid, veel van die stappen vind je al op ‘t internet, dus voor enkele programma’s geef ik wat pointers naar goeie artikels… kwestie van de mail niet opnieuw uit te vinden.
Mogelijk voeg ik er later nog wat extra mail programma’s toe aan het lijstje.. maar hier kan je al mee starten. Kijk maar even of je favoriete mail client er tussen zit… En anders nog wat opties helemaal achteraan dit artikel.
Disclaimer: ik heb zelf niet altijd de Nederlandstalige versie van de gebruikersomgeving, dus sommige referenties gebruiken Engelse termen, maar je komt er zo ook wel.
Ik heb de volgende mail clients alvast opgelijst
Windows Mail app (Win10/11)
Outlook.com (web)
Microsoft 365 / Office 365 Outlook web
Microsoft 365 / Office 365 Outlook client
Outlook for Mobile Devices (Android)
Apple
GMail
Windows Mail app (Win 10)
Geen probleem, want er zijn geen opties in de Windows Mail app. Dus als je opties wil, moet je een andere mail client zoeken, deze is te eenvoudig.
Outlook.com (web)
Zelf leesbevestiging vragen?
Njet, de Outlook.com web mail heeft die optie niet. (Wel via de Outlook voor Windows)
Login op je mailbox (je moet onderstaande herhalen als je meerdere maiboxen hebt)
Kies Settings/Instellingen (View All Settings)
Kies General/Algemeen > Mobile Devices
Kies Don’t send read receipts for messages read on devices that use Exchange ActiveSync.
Apple
Houd er rekening mee dat de meeste instellingen voor het lezen van e-mails zich op het niveau van de e-mailtoepassing bevinden… het hangt er dus van af welke e-mailapp u op uw apparaat gebruikt.
Geen opties voor ontvangstbevestiging bij verzenden of ontvangen. [Opmerking, ik heb ze alvast niet gevonden, … als ze er zijn, laat gerust iets weten.]
I see more and more phishing exercise fatigue kicking in at my customers…
But it’s more than ever required to be vigilant for new techniques that try to circumvent the typical URL blocking and the other protection layers you put in place.
You’re the best firewall.
What is going on?
You know, these companies that first announce a #phishing test…
which go unnoticed because they are caught by the 𝐬𝐩𝐚𝐦 𝐟𝐢𝐥𝐭𝐞𝐫…
And a few weeks later you get the 𝐫𝐞𝐚𝐥 𝐬𝐭𝐮𝐟𝐟 𝐢𝐧 𝐲𝐨𝐮𝐫 𝐢𝐧𝐛𝐨𝐱 from the same company.
With ridiculous worse quality than the actual test… but still its in the inbox ready to click (DON’T!).
You assume phase 2 of the phishing test…another round, right? (you think: “yeah, right, not me.”).
Because the new mail comes with ridiculous bad quality (⚠️1) than the actual test…
Nowadays you expect smart mails from these criminals…
But still it doesn’t feel OK …you start to realize that this might the real stuff…
Checking for some more phishing indicators (⚠️)
A mail with you in bcc…. (⚠️2)
Addressed to a very strange (New-Zealand) mail address (⚠️3)
with a PDF alike icon image embedded (⚠️4)
via a google drive link (⚠️5)….
SPOILER: I crippled the link mentioned in previous screenshot to avoid any accidents…
SPOILER 2: DO NOT, EVER CLICK these links…
Still, If you can’t control your curiosity, you might peek into the link via alternative methods (see later).
The display of unrelated content, with payment instructions (⚠️6), isn’t really what you would expect.
Because if you even dare to click the links you get another link (⚠️7)… and this time the browser malware detection (Smartscreen filtering) kicks in .. at last… so I’ll stop the curiosity here…
Why is this an issue?
The main issue here is: the phishing links are pointing to well-known (like Google drive, Microsoft OneDrive, Dropbox…) for hosting malware, which usually escape or bypass the malware URL detection…
Security tips
Rule nr 1: Don’t click links in unexpected mails
Curiosity kills the cat: Please withstand the urge to click the links to satisfy your curiosity….
If you don’t expect the mail, be very cautions, don’t click the links.
Control your curiosity: test the links in isolated mode
If you can’t control your curiosity, don’t ever click the links on your main computer.
But copy the link and open it
in a Windows sandbox
virtual machines or test machine… not your production machine
mobile device
Use Windows Sandbox
Since Windows 10 (Pro) you can use Windows Sandbox (free), that is a virtual, isolated environment. So you can test some interesting things without damaging your production host machine.
By stopping the Sandbox, the machine forgets all settings and returns to default state, pristine.
Use Microsoft Hyper-V (free) or Oracle Virtual box (free) and install a client OS in the virtual machine. Snapshot the machine before the test, perform the test, return to snapshot to avoid any left overs of malware.
Run the link on a mobile phone
Less secure, but better than running malware on your most important machine, is running the link on a browser on your mobile device. There is lower risk of infection and less impact than loosing your primary working machine, although… be aware, there is still a small risk of infection even for smartphones…
Additional security measures
To permit some stupidity and protect against accidents, please make sure
to implement all the latest OS security updates, patch on a continuous basis
have an anti-malware and anti-virus that is updated continuously
keep the default OS security features enabled including local system firewall and malware detection
consider a paid antivirus subscription, it’s worth the money and keep it up to date every hour
get a mail protection against malware, tracking, phishing and ransomware (like Windows defender for 365) have regular backups (1 online and 1 offline) and test the restores
use cookie/tracking/advertisement blockers
use a DNS blackhole system to protect your network from accessing suspicious URLs (including tracking and phishing websites, advertisements, C&C Command and control malware domains, …)
In interesting set of reference material, that is regularly coming back in data protection, cybersecurity and information security discussions I lately had with peers and colleagues. May you can use it too…
Feel free to provide some feedback yourself, if you know additional pointers I should add.
You know where to find me.
Change history
2022-04-27 14:00: Added EDPB announcement to references section
2022-02: The Dutch Ministry of Justice and Security requested an analysis of US legislation in relation to the GDPR and Schrems II by GreenburgTraurig.
Switzerland
In a recent article (In French) by ICT journal, the Canton of Zurich published a
As explained on the program page “MVPs, are technology experts who passionately share their knowledge with the community.” It’s an award for your Microsoft community work of the past year… you can find more details on the MVP website mentioned earlier.
But building community is not a one-person activity, not a job, …
It’s a passion, it’s fun, sharing knowledge and best practices with many people over the world, all eager to build community.
And last year (or longer) has been very challenging to keep the community running without face-2-face events, shifting to online only. It was hard work. And the MVP award renewal cycle has been very special this year, taking into account the Corona conditions.
But nevertheless, I can’t keep up this work without support of you, my dearest colleagues, partners, technology experts, community fellows, my audience, … I won’t list any specific person, because I would not do honor to all the rest… too many to list.
Therefor a big shout out of gratitude for your support.
Thank YOU for supporting me, making this possible.
I dedicate this award to you, to your support. This is your award.
In the world of security, cyber- and cloud security, sharing knowledge is one of the most important principles to win the battle against cybercrime. Learn from the mistakes others have made.
I’m doing my best to keep up the work and to meet the bar of excellence, to be an community lead, to build community and to share knowledge.
This award and your appreciation gives me the extra motivation to keep going and do better next year!
Have you ever assessed the maturity of #cybersecurity implementation?
The #ZeroTrust#maturity model assessment by #Microsoft provides you with great insights, where to start or which part of your security needs improvement.
Easy to use, easy to understand, great results and great guidance.
The page below is a (growing) overview of resources for GDPR info and compliance by Microsoft. The page is updated with other sources I find on my quest for GDPR.
Today the SCM team has finally released the SCM baselines for Windows 8.1, IE 11 and Windows Server 2012 R2.
To get the updates you can open the SCM tool and select the “Download Microsoft baselines automatically” in the tool:
Please carefully read the Release Notes for these baselines in the Attachments/Guides section as there are a couple of known issues that may affect capabilities that worked in the past, but are no longer working with SCM and other related tools.
Alternatively, you can download all the CAB files directly from the following links:
As requested by the PG, please continue to provide feedback through Connect. This allows MS to deliver a high-quality product which is solving your scenarios.
> Alle Outlook-instellingen weergeven.
Identity Underground 
You must be logged in to post a comment.