| Visit Our Catalog at SteelGuitarShopper.com |

Post new topic Citrix ShareFile email
Reply to topic
Author Topic:  Citrix ShareFile email
Jon Light


From:
Saugerties, NY
Post  Posted 4 Dec 2018 5:47 am    
Reply with quote

I received an email notification that I needed to change/update my password. I've googled this and apparently it is a thing. Seems legit. Trouble is, I have never heard of Sharefile and have never knowingly used it.
Hovering over the link, I see:

https://secure.sharefile.c*m/login#ForgotPassword
(I inserted an error so that it is not a hot link)

A search of my system shows no such program installed. But it is an available free download from the Microsoft store.

The combination of legit company and apparently real notifications going out about new logins combined with other patterns indicating opportunistic scam has me confused.

I'm doing nothing, not clicking on the link or anything. The only concern is that this is some sort of background program that my Win10 computer uses everyday; email/cloud thing or something.

Anyone have some insight?
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 4 Dec 2018 9:42 am    
Reply with quote

Feel free to forward the original email to me "as an attachment." If you want to do this, send me a PM and I will provide an email address for you to sent it to.

Emails forwarded as attachments maintain all of the original headers that are needed to determine both the source and legitimacy of a sender. I used this system to develop the Nigerian Blocklist that is still protecting this forum from Nigerian 419 scammers to this very day.

Note, that normally forwarded emails do not have the original headers and are mostly useless for reporting and tracing purposes. All I have to work with in those are URLs used in the body or names of possibly hostile attached files.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Jon Light


From:
Saugerties, NY
Post  Posted 4 Dec 2018 11:29 am    
Reply with quote

Thanks for the response. It's too complicated to explain the problems I'm having right now but I seem to have deleted it via my phone (I've got a lot of sync confusion between phone, desktop and gmail) and even though it's sitting in a trash folder in the phone, it refuses to be restored or forwarded to another of my accounts. So I'm just going to walk away from this and say forget it. But thanks.
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 4 Dec 2018 5:10 pm    
Reply with quote

Jon Light wrote:
Thanks for the response. It's too complicated to explain the problems I'm having right now but I seem to have deleted it via my phone (I've got a lot of sync confusion between phone, desktop and gmail) and even though it's sitting in a trash folder in the phone, it refuses to be restored or forwarded to another of my accounts. So I'm just going to walk away from this and say forget it. But thanks.


In some instances, with Gmail's web interface, it's possible to display the "original message," complete with the incoming headers. It is a drop down option on the right side when you are viewing a message in your browser. I know it works in the spam folder and will test the Trash folder is a few parsecs.

Okay, Show Original l is available for messages in the Gmail Trash folder. I'm guessing that the option is in all folders once you click on an email to open it in Gmail. The option is found in the drop down options under the three vertical dots on the right side.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes


Last edited by Wiz Feinberg on 4 Dec 2018 5:22 pm; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Jon Light


From:
Saugerties, NY
Post  Posted 4 Dec 2018 5:17 pm    
Reply with quote

Sure enough. Yes, I've got the original, headers & all. I just sent you a PM.
View user's profile Send private message Send e-mail Visit poster's website
Jon Light


From:
Saugerties, NY
Post  Posted 5 Dec 2018 7:59 am    
Reply with quote

Thanks for the help, Wiz.
You have found that this is legit. I am still puzzled by the fact that not only is this app not on my new computer (to which I've only installed selected programs rather than an Acronis image transfer of lots of junk from the old), I just checked and it is not on my previous one either. Could be from an even older rig. Maybe I had to register to receive someone's tracks. Anyway, it's not a phish. Good to know.
Thanks.
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 5 Dec 2018 10:28 am    
Reply with quote

This is a good time to pass along the notice from Citrix and Sharefile that there is a forced password reset campaign in progress. This is a countermeasure in light of some high visibility thefts of username/password combinations from other major websites to attempt to log into accounts of Citrix Sharefile customers who may have reused the same credentials. This is known as a credential stuffing attack.

If you use Citrix Sharefile, you will need to reset and choose a new password to continue to use the service. If you previously used Sharefile and you still have the same email address that was registered there, you too will receive an email from Citrix telling you about this issue.

I do urge caution whenever a password reset email is received. Oftentimes, scammers use a similar tactic to phish credentials from unsuspecting people. This one was legit, but scammers may pick up on it and try to scam you. The only safe way to know where a hyperlink is pointing to is by reading the source code.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Support This Forum



BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron