Monthly Archives: July 2013

Office 365 and Active Sync for Mobile Devices

Some clients have been having issues (especially on their Blackberry’s) with getting their emails from Office 365.

The Problem

Randomly, but fairly frequently, email stops flowing to your mobile device from your Exchange Active Sync account on Office 365.  Your device will prompt you to re-enter your password.  It’s a minor nuisance to re-enter your password every couple days but as long as you get prompted it’s not a horrible issue.

The worse problem is that on BB10 devices, the prompt could take hours to come!  At the time of this writing my Android device prompted for my new password about 8 hours ago, my BB10 device has not prompted me yet!

The (Potential) Solution

I found this quick fix on a blackberry message board which seems to be working so far, but it only applies to BB10 devices.

If your mail server setting defaulted to m.outlook.com when BB ‘set up” the account,

  1. go into the email account settings (from the settings icon) open your email account,
  2. select the advanced set up icon at the bottom of the screen (beside the trash icon)
  3. scroll down to server address change it to outlook.office365.com

In early testing this seems to be causing fewer drops in connectivity.

Let me know if this works for you, and let me know if you have any other insight on these nuisance dropsies.

Note: on my  Android device the server was correctly set to outlook.office355.com and that account still drops, however my other O365 account it set to pod12345.outlook.com (where 12345 is a 5-digit number I didn’t feel like going to look up again right now) and it has not been affected with the dropsies.  I don’t recommend you change your server setting to the pod server because this is an old setting and I don’t believe it’s supported any longer.

How I Got Phished

Yes, it’s true, it happened to me.  I got phished.  In my defense, it was late at night and I wasn’t paying close attention to what I was doing. And in that moment of carelessness my password was compromised.

Wikipedia defines phishing as:

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

Phishing scams are extremely common, and in fact spam filters stop the majority of them from even getting to our inbox.

So I took the bait late one night in the following fashion: I was online, socializing, surfing. I got an email which appeared to come from a legitimate photo sharing website (on which I have an account as do several of my friends and family) that said “someone” had shared some photos with me. Here’s clue # 1: it didn’t say who just “someone” the real site is specific about who is sharing the photos in order to prevent spam. So I clicked on the link to see the photos.  Clue #2: the log in page was very similar to the normal log in page for this website – but it was just a little different.  I actually thought to myself “hmm, I wonder why the log in page is different than usual?”

Clue #3: I proceed to enter my username and password and they failed (no biggie, sometimes late at night my fingers can’t keep up with my brain and I mistype stuff) so I tried again and the password still failed.  Now I check for Clue #4:  the website I’m on is not actually “www.photosharingsite.com” but “www.photosharingsite.com.you.are.being.phished” (actual URLs changed to protect the innocent  – but you get the picture).  So you can see how on first glance it looks like I’m on “photosharingsite.com” but I’m really not.

How to recover from a phishing attempt

So how is it I survived to write this cautionary tale for you?  So after two failed log in attempts it took me about 2.3 seconds to realize that I’d been phished.  So I closed my browser to leave that page and make sure it’s not doing more naughty things (such as collecting cookies or keystrokes), cleared my cache, including cookies, opened a new browser and went directly to the legitimate “photosharingsite.com” logged in and changed my password.  Then for the next couple of days I tested that log in and my activity to make sure the breach wasn’t exploited.

If you have been phished immediately do the following:

  1. If your password was compromised, then log in to the legitimate site and change the password right away.
  2. If you use the same password in multiple places, then change them in all those places.
  3. If you gave up financial information, notify your bank, the government and credit bureaus right away.  There are several tools that they use to prevent identity theft and fraud that will help protect you.
  4. If you gave up health info then notify your health insurance provider and your local health authority in order to prevent identity theft or medical fraud.

What did I learn from this exciting adventure?

  1. Never, never, never open a link you receive in email!  If you think that’s a bit excessive, talk to any security expert and the majority will tell you they never open a link they receive in their email (or Instant Messages for that matter).
  2. Use different passwords for all your accounts. I know this sounds crazy because I have several dozen accounts all over the web. But luckily for me the password I used at this photo sharing site was unique, so I only needed to change it once.  If it was the same password I use everywhere, then I’d have to change my password at dozens of sites.
  3. Never, never, never, give up personal information (especially health or financial information) online.  Your bank, your doctor and the government already have all that info, they don’t need it again and they won’t ask for it. So if you’re being asked, it’s likely a phishing scam.
  4. If you’re going to ignore rule #1, (but don’t because that’s how you get viruses too!)  firstly be extra sure you trust the sender (an email with your banks logo is not enough to trust).  Then, before you click, hover over the link to see the true address it links to: most browsers and mail clients it comes up at the bottom of the window.  Make sure that link goes to where it says it does.  Finally Triple check the link you end up at before entering any info.  That is, check the address bar of your browser, not just the link in the email message.

One moment of carelessness caused me about 2 hours of grief and that was just over a simple photo sharing site.  If I had given away personally identifiable information, especially financial info, I could have been in for months of grief to ensure my identity and my finances were intact.