Threats to Be Aware of If You Use a Gmail Account

If you have a Gmail account, you should be concerned. Why? Because there are millions of malicious emails that are sent to users of Gmail every day.

gmailNow while Google upsets many people for many reasons, they do a pretty good job at keeping your email account secure. And they provide a number of tools to accomplish that task. The problem is not usually Google, the problem is usually in the “seat” and that’s you buddy. All of you fools using the same password across multiple accounts are potential victims of “credential stuffing” and those of you using the same pass code across multiple accounts are just, well dumb. No offense. But really, it’s just stupid.

If you want to know if your email address and it’s associated password have been included in any of the 12+ billion stolen records we have access to, head over to my company’s website ProtectNowLLC.com and plug your email address and any associated passwords in to see if you have been breached. And don’t worry, we don’t have access to any of your data nor do we store your information.

If you want to engage in best practices regarding your Google account, head over to Googles Security Checkup and run through your security settings. You’re crazy (or lazy) if you don’t.

Google is pretty secure, though, and many of these scammy emails are stopped right in their tracks. However, not all of them are, and if you use a corporate Gmail account, you could be more at risk than others. Here are some statistics for you to take a look at:

  • Scammers send more than 4 times the number of malware emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 6 times the number of phishing emails to corporate Gmail accounts than they do to personal Gmail accounts.
  • Scammers send more than 4 times the number of spam emails to corporate Gmail accounts than they do to personal Gmail accounts.

Focusing on Threats to Corporate Gmail Accounts

You may be shocked to know that scammers like to focus on certain Gmail corporate accounts than others. For instance, when you think of all the corporate email addresses out there, educational entities and non-profits are more than two times more likely to be attacked with malware than others.

Google is Doing Its Best to Stop the Scammers

Google is well aware of these threats, and it has taken some big steps to stop the hacks. First, the company has installed an email classifier, which has an almost 100 percent accuracy rate when detecting scammy emails. Google also can send alerts to people who want to visit websites that are known for phishing or malware.

On top of that, Google offers two-step verification when users want to access their accounts, and the company also uses a hosted S/MIME feature, which

is helping to ensure that content of any email is secure and safe when it’s sent.

Finally, Google uses a TLS encryption indicator, which, when used, means that only the person you send the email to can read it.

Identifying a Phishing Email

Though Google has done a great job at stopping these threats, you may still find them getting into your email box. Here are some tips:

  • Expect the Unexpected – Most of the phishing emails out there look remarkably like legitimate emails. Thoroughly examine any email before you download files or click on links.
  • See Who Sent It – If you don’t know the sender’s name, be cautious, especially if the email asks for account information, including passwords.
  • Don’t Click on Links – Additionally, you should make sure that you are not clicking on links that appear in emails. If you must go to the site, type the address into the browser manually.
  • Look at Grammar – You also want to take a look at the grammar in emails. A lot of typos or bad grammar is a sure sign of a scam.
  • Notice Threatening Language – Finally, if you notice any threats in the email, it is probably a scam. A great example of this is “your account has been compromised.”

This is definitely not a full list of scams, but it does give you a good idea of what you might be up against. If something looks like a scam, it probably is.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

It’s Fake News!!! How Social Media Has Turned into a Weapon

A lot of people just want to follow the crowd. You might not be one of them, but you have surely heard of some calling others “sheep” or cattle,” because they want to be led by another. I say it all the time, MOOOOOOOOOOOOOO! There isn’t anything inherently wrong with this on the surface. The problem arises, however, when the people doing the leading are doing it for personal gain and when the followers blindly follow because they want to be lead and/or because it’s convenient and/or because they are stupid. In this day and age, the most common way to do this is via social media.

social mediaCambridge Analytica actually did this to win elections and do other things. For instance, it was first used in first world countries, and then with Brexit. It was also used in the 2016 US presidential election.

Here’s how it can go down and how social influence can be used to change the minds and hearts of others:

Company or country leaders began to realize that they could use social media to influence people. They could manipulate facts and post information that is just not true, and people began to believe it supported by confusing data and just plain wrong. This is often accomplished by using clickbait headlines, viral memes, and videos just filled with lies and emotion.

At a basic level, spreading this type of misinformation is called a confidence scam or confidence trick. When someone is confident in another person, they trust them. Trust is an inherent human trait required as an interdependent species. Without trust, we as a species would cease to exist. If women had no confidence in men and did not trust them, they would not allow themselves to be received. We wouldn’t be able to function unless we trust each other. The conman’s motivation is to influence the victim enough so that the victim is confident in the message. The conman wants to be trusted, of course, and when they are, well…it’s like shooting fish in a barrel.

Of course, the outcome of this is that the conman wants to divide and conquer, or even rule the people who fall for this manipulation. When we try to define “divide and conquer,” we can say it is the practice of maintaining control of victims by encouraging them to disagree amongst themselves. In other words, the conman can tell both sides, “don’t trust them, trust me.”

People used to share disinformation by speech. However, when the press came into play, decades and decades ago, in the form of leaflets and pamphlets, books, political cartoons, newspapers, and magazines. Now, it generally spreads via social media, which is great for the conmen, because they know it is spread like wildfire.

When we look at the word “disinformation,” we find that it comes from a Russian word, dezinformatsiya. Joseph Stalin actually started using the word in 1923 within the KGB’s “Special Disinformation Office.” At the time, the word was defined as “false information with the intention to deceive public opinion.”

Remember, disinformation is meant to confuse the target and instill fear by blurring the lines between what is fact and what is fiction. The purpose is to spread conspiracy theories that isolate targets from other viewpoints, which ultimately creates a cloud of paranoia and confusion.

Disinformation on social media is born as a lie, and it is a lie that you believe to be true…and you agree with it, like it, and then share it with friends. Once you take on this role, you are just as much a perpetrator and that of a victim of everyone else who falls for it.

The Five P’s of Persuasion

When it comes to persuading others, there are five “P’s” that you should keep in mind:

Persuasion

When you have a particular belief, or a persuasion, it means that you already have made up your mind about something. One example of this is political persuasion. You might be under the Republican persuasion or the Democrat persuasion. You can also define persuasion as the act of influencing someone else to change their mind or to do something that they might now do without influence.

Psychographics

The word “psychographics” is the study of people based on criteria including their attitudes and aspirations. This especially comes into play when looking at market research. Psychographics is often used to describe someone based on their psychological attributes and it can be applied to the study of personality, attitudes, values, interests, opinions, and lifestyles.

Psychological Operations (PSYOPS)

PSYOPS, or psychological operations, can be used to explain information and indicators to an audience in a way that it influences their reasoning, motives, and emotions. Ultimately, it can affect the behavior of entire governments or organizations as well as groups and individuals.

Psychological Warfare

This is the practice that some use during a war or during a time where war could be a danger. It is made up of propaganda, threats or other non-violent techniques. It may also apply in times of political unrest in order to intimidate, demoralize, or influence the thinking or behaviors of an enemy.

Propaganda

You can define propaganda by saying it is information that is not objective and used to either further an agenda or influence a target audience. This is generally done by only presenting facts that can encourage a particular perception or using language to create an emotional response, not a rational response, to particular information. There are a several different types of propaganda:

  • White propaganda is a type of propaganda that is put out on purpose by a transparent source and credited by the source. Basically, it is a valid opinion of someone or something. A good example of this is a political ad that is created to discredit an opponent. The conclusion of this ad would say, “My name is Candidate Name, and I approve this message.”
  • Grey propaganda is a type of propaganda where the information is not credited nor expressed, and the source of the propaganda is hidden. The information doesn’t have to be accurate or inaccurate, as it might be true, or it might be false. One example of this is a small company putting an ad out about a competitor claiming said competitor uses poor quality materials. The information might be true, but the creator of the add doesn’t want to be known as the one who released the ad.
  • Black propaganda is totally false information that is created to seem like it was created by the entity that it is intended to discredit. For instance, you might see a video or meme that looks like it comes from Black Lives Matter that shows a black man attacking a white man. Obviously, this is something that Black Lives Matter would not want people to see, but if the video says, “The video brought to you by Black Lives Matter,” and it is spread from one person to another on Facebook, ultimately, this discredits the organization.

Now that you have all of this information available, there is one question that you have to ask yourself: Are you someone who is area of the disinformation that you is out there, or are you a sheep? MOOOOOOOOOOOOOOOO!

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Creating Passwords that are Bulletproof

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And once the bad guy finds his way in, especially logging into your email, it is game over. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

All it takes is a cracker to find this password, and now every account you have is compromised. And finding that password is even easier. Some studies show as many as 40 million records were compromised in 2021. Many of those records are passwords. At ProtectNowLLC.com, we have a tool that has access to over 12 billion compromised records where you can search your username aka your email address to find out if your username and associated password have been compromised on a variety of breached accounts.

Thankfully, there is an easy solution: use a password manager. I’ve had a password manager in place since 2004. At this point I probably have close to 700 different online accounts. And I might know the password for maybe five of them. The rest, only my password manager knows the password which I can easily look up. But I’ve never committed them to memory. Most people say “what if the password manager gets hacked” while this might be a valid concern, it’s not a concern of mine.

The low hanging fruit isn’t a password manager getting hacked, it’s people reusing the same passcode across multiple accounts and those credentials being available on the dark web. But, if you don’t want to use a password manager because you’re afraid the password manager is going to get hacked, you can also do the following:

Creating a Unique Password

Research shows that the best passwords are 14 characters long. Those that are shorter than that are easier to figure out. If a site doesn’t let you create a password that is 14 characters, it is possible to adapt it. Password managers do a very good job of creating/generating long strong unique complicated passcodes.

First, make a list of all of the sites you have a username and password for, and then put those sites into categories. For example, all of your sites for social media would be in a category, all of your email sites together, all of your banking sites together, and all of your shopping sites together.

Then you want to create a password that is eight characters. This will serve as the first part of any other password that you create. For example, the first eight characters might look like this:

CM&@t*yZ

Next, remember your categories? You will create a three-character password that is significant to those. For instance:

  • Social media sites – SM#
  • Email sites – &eM
  • Shopping sites – $h0
  • Banking sites – 8aN

So, this gives you 11 characters of the recommended 14-character password that you want to use. Now, you need three more characters, and that would be specific to the site.  So, let’s say you are creating a password for your bank. This is made up like the following:

Eight-character + three-character password (category) + three-character (site)

So, for your bank, it would look like this:

CM&@t*yZ8aNp$X

This is a very difficult password to guess, and for many people, easier to remember. But it’s not easy for everyone to remember. There is a solution, but first, keep this in mind. When you have to change your password, you can keep the final six characters and just change the first eight.

Now, how can you remember the first part of the password? One way to do this is to simply write it down and store it in a safe place. However, don’t keep it near your computer. Another thing you can do is to create a phrase that will help you remember.

Here’s an example. Let’s say our phrase is “My brother asked me for bread and salt.” If you take the first letter for all of the words, it would be this:

MBAMFBAS

This could be your eight-character first part…and you can make it more secure by making some swaps:

M3@MFBA$

This still makes the password very difficult for a hacker to guess but makes it easier for you to remember. You can use the same method, of course, for the smaller parts of the password.

Honestly, if you’ve got even this far in this article, congratulations to you. You must be some weird math savant with an elephants memory. Frankly, the above gives me a headache. Like I said in the first three paragraphs, it’s best to just use a password manager and forget all of this work, but if you don’t want to, this method works pretty well.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.