How to Access that Old Email Account

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect your USPS Mail from Getting Stolen

USPSID stands for U.S. Postal Service Informed Delivery. It is a good thing to sign up for because it informs you of your expected deliveries.

But there’s a problem: Someone ELSE could pose as you and sign up for this service, getting your mail before you have a chance to.

In fact, it has already happened. Crooks have signed up as other address owners and collected their mail.

This can lead to credit card fraud if some of that mail includes new credit cards or credit card applications.

And what if the mail includes a check? The thief could find a way to get it cashed. What a thief could do with your mail is limited only by his or her imagination.

Krebsonsecurity.com reports that seven crooks in Michigan used the USPS to, not surprisingly, apply for credit cards via those applications that we all get.

Then they waited for the new cards to arrive. They knew just when they’d arrive, too, and planned to raid the owner’s mailbox on that date. Of course, the owners never even knew that the cards were applied for.

The crooks obtained the cards and spent a total of about $400,000. Needless to say, they didn’t bother stealing the bills.

Though a key on your mailbox will surely help, you can add an extra layer of protection by emailing eSafe@usps.gov to opt out of the service. This will prevent anyone from using it in your name.

KrebsOnSecurity reports that this email address may be inactive. So at least have your mailbox fashioned with a lock – even if you do get a response from that email address.

Another thing you can do is get a credit freeze, though this doesn’t guarantee 100 percent that a thief won’t be able to sign up your address with the USPS, but the freeze will prevent new credit cards being opened in your name.

What Else Can You Do?

  • Check your existing credit card statements every month for any odd or unfamiliar charges and report them immediately even if the amount is small.
  • Contact credit reporting agencies (Equifax, Experian and TransUnion) and sign up for alerts to any changes in your credit report.
  • Can’t be said enough: Get a locking mailbox, there’s simply too much sensitive information not to.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

 

Protect Yourself From Gift Card Scams

So maybe Christmas now means the very predictable gift card swap, but hey, who can’t use a gift card? But beware, there are a ton of scams. This includes physical, not just digital, gift cards.

Regardless of who gave you the card, you should always practice security measures. Below are two common ways that fraudsters operate.

Transform Gift Card to Cash Twice.

If someone gives you a $200 gift card to an electronics store and then it’s stolen, you technically have lost money, as this is the same as someone stealing a wad of cash from your pocket.

Nevertheless, you’ll feel the loss just as much. Crooks who steal gift cards have numerous ways of using them.

  • Joe Thief has plans on buying a $200 item with your stolen gift card from your gym locker.
  • But first he places an ad for the card online, pricing it at a big discount of $130 saying he doesn’t need anything, he just needs money.
  • Someone out there spots this deal and sends Joe the money via PayPal or Venmo.
  • Joe then uses the $200 gift card to buy an item and sells it on eBay
  • And he just netted $130 on selling a stolen gift card that he never shipped.

Infiltration of Online Gift Card Accounts

Joe Thief might also use a computer program called a botnet to get into an online gift card account.

  • You must log into your gift card account with characters.
  • Botnets also log into these accounts. Botnets are sent by Joe Thief to randomly guess your login characters with a brute force attack: a computerized creation of different permutations of numbers and letters – by the millions in a single attack.
  • The botnet just might get a hit – yours.

Here’s How to Protect Yourself

  • Be leery of deals posted online, in magazines or in person that seem too good to be true and are not advertised by reputable retailers.
  • Buy gift cards straight from the source.
  • Don’t buy gift cards at high traffic locations, at which it’s easier for Joe to conceal his tampering.
  • Change the card’s security code.
  • Create long and jumbled usernames and passwords to lessen the chance of a brute force hit.
  • The moment you suspect fraudulent activity, report it to the retailer.
  • Spend the card right away.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Genealogy Websites Scare Me, But This is Good

Investigators in Sacramento have arrested Joseph James DeAngelo for rape, but they only found him based on records from a genealogical website.

10 Internet Security Myths that Small Businesses Should Be Aware OfThe effort wasn’t easy, but this guy is now off the streets. The process started with taking a look at DNA that was collected from the crime scene, which happened many years ago. Investigators didn’t have a match. However, recently, they started comparing DNA with genetic profiles that have been collected from ancestry sties. These are companies that collect DNA from people to tell them more about their family backgrounds.

Though DeAngelo’s DNA was not found, investigators were able to match the DNA of his family members with the DNA found at the crime scene. Investigators looked closer and noticed that DeAngelo not only lived in the area where the rape occurred, but also was in the same age range as the suspect. The investigators began watching DeAngelo and picked up a piece of trash that he discarded. They tested it in the lab, and the DNA on it was a perfect match to the DNA at the crime scene.

Once investigators realized they had a match, they knew that they had to spring into action. They were able to quickly make an arrest. DeAngelo was booked into jail and charged with two murders. He is also expected to face an additional 12 homicide charges, which occurred from 1974 to 1986. Because the crimes occurred in several counties, it is likely that county prosecutors will come together as one prosecution team to put DeAngelo on trial. It is also likely that the trial would not be held in Sacramento because the majority of the crimes occurred in Southern California. There is also the question as to if the prosecution team will charge DeAngelo with rape, as the statute of limitations has expired. There is no statute of limitations for murder in the state of California.

Some prosecutors, however, are looking to the FBI to help put DeAngelo behind bars for the alleged rapes, too, including Jeff Reisig from Yolo Country, and the DA from Contra Costa County. They believe that DeAngelo is the so-called East Area Rapist, who has been connected to 12 murders, 51 rapes, and hundreds of burglaries.

There are certainly some issues with these DNA tests, but that can be for another time. For now, it’s pretty important to know that there is some good that can come out of it, especially if it means getting criminals off the street.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Digitally Secure The Remote Teleworker

If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.

New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.

Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:

  1. Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
  2. Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
  3. Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
  4. Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
  5. Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
  6. Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
  7. Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
  8. Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.

Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Consumers Have Given Up on Security

According to a recent study, online security for most people is too bothersome. The US National Institute of Standards and Technology published the study, which shows that most people who use the internet have just given up and don’t follow the advice given to them about online security.

The result of this is that consumers are engaging in risky online behavior, and according to one survey participant, if “something happens, it is going to happen” and “it is not the end of the world.”

This is concerning to many, including security experts and survey authors. During this survey, approximately 40 people were interviewed in order to understand how those without a technical background feel about computer security. Though this isn’t a total significant sample size, it is a surprising look at how people feel about the information that experts are giving them. Each interview ran from 45 minutes to an hour, and the goal of the researchers was to find out where the average person stands on online security.

The authors of the report were surprised by the resignation of the interviewees during the survey. Essentially, they saw that people just can’t keep up with security changes. The survey participants, overall, believe that online security is too complex, and these people don’t see the benefits of making any efforts.

Some of the people who took the survey seemed to be under the impression that they didn’t have any information that a hacker would want. For example, one person claimed that they don’t work in a government agency and they don’t send sensitive information over email, so if a hacker wants to take their blueberry muffin recipe, they can go ahead and take it.

What’s interesting is what the study’s authors found when comparing those who had experienced identity theft with those who hadn’t. Those who have had an incident with the theft of their identity were much more focused on their online security.

To help the survey participants better understand their risks and to change their minds about internet security, study authors advise that those involved in technology and security must work diligently to help the people using the internet understand the dangers of lax security. They also must work to make it easy for internet users to do the best they can when keeping their accounts safe. It’s important for people who use the internet to make it a habit to remain more secure.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to erase Yourself from your Job

You shouldn’t leave any digital trace of yourself after you leave a job. Hopefully, you’ll be leaving voluntarily and thus have the time to first make backups before you delete anything. This may seem easy, but you need to take inventory to make sure you get EVERYTHING.

3DNote: make sure that every suggestion below is allowed via a company’s internal policies.

An article at wired.com gives these recommendations:

  • Use a flash drive for smaller amounts of data.
  • An alternative is a personal account with Dropbox or Google Drive.
  • For more data use an external hard drive.
  • Don’t include company information in your backups.
  • Forward e-mails you want to save to your personal e-mail.
  • Delete all e-mail files, then close down your e-mail account.
  • Check USB slots.

Your Computer

  • Clear out your personal data if you don’t have authority to wipe the device.
  • Delete all your passwords, usernames, etc., that are stored in the computer.
  • Browsers like Chrome and Firefox will save passwords and tie them to Google ID or Firefox Sync. Don’t just close out of the browser; log out so that nobody sees your passwords. Do what you can to make the browser forget your passwords.
  • In Chrome is “Manage Saved Passwords” in the settings. Use this to delete passwords from any Google account you’ve used. Warning: Hopefully you don’t use the same password and username for workplace Chrome as you do for home, but if you do, deleting this information at workplace Chrome will also clip them at your home computer.
  • In Safari, go to “Preferences,” then “Passwords” and delete.
  • For Microsoft Edge, click the three dots in the upper right; go to “Settings” and then “View Advanced Settings.” Click “Manage Saved Passwords” and delete.
  • If you’re allowed to, wipe the computer.
  • The wired.com article recommends KillDisk and DP Wipe.

Your Phone

  • Wipe your mobile device that’s provided by the company, assuming you have permission.
  • If you don’t have permission, ask the IT team to do this. Just make sure you’re logged out of all applications.
  • Shut your company voicemail down—after you delete remaining messages.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Thieves steal 30 Cars using Software

Who needs a hanger to steal a car when you can use a laptop? Despite today’s vehicles having far more sophisticated security protection, thieves can still break in—like the two crooks who stole at least 30 Dodge and Jeep vehicles…with just a laptop computer.

11DIn Houston, video showed the pair in the act, though authorities are still working on piecing together just how the capers were pulled off.

One possibility is that a database contains codes that link key fobs to cars. Perhaps the thieves, who may be part of a ring, somehow got access to this database (one theory is that a crooked employee sold them the access), and from there, created key fobs based on vehicle ID numbers. VINs are visible on vehicles. Vehicles that are targeted for theft don’t “know” an authentic fob from a fraudulent one.

Again, this is all conjecture, but one thing’s for sure: The pair did not steal the vehicles the old-fashioned way.

Though today’s electronic security measures will stop the thief who lacks techy know-how and prefers the coat hanger and hotwire method, technology won’t stop smarter, more ingenious crooks who feel quite at home committing cyber based crimes.

With more and more criminals relying on the Internet of Things to commit all sorts of crimes, maybe the best security for a motor vehicle would indeed be one of the old-fashioned security features: install a kill switch.

Robert Siciliano, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Inside the Business E-mail Compromise Scam

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Jihadis using easy to get Privacy Software

Over the past two years, the media has tended to sensationalize jihadists’ rapid adoption and strategic use of social media. Despite perpetual news coverage on the issue, the public, by and large, continues to be relatively in the dark about the intricate ways in which many jihadists maintain robust yet secretive online presences.

To accomplish their goals — ranging from propaganda dissemination and recruitment to launching attacks — jihadists must skillfully leverage various digital technologies that are widely advertised and freely accessible online.

Just as smartphones and portable devices have transformed the way much of the world communicates and interacts, jihadists, too, have rapidly adopted and availed themselves of these technologies.

Their grasp of technology, which is quite savvy, yields one of the most frequently asked questions about the jihadists today: What is in their digital toolbox and how do they exploit these technologies to benefit their activities? This report explores these questions.

ISIS is no exception to the many entities out there, good and evil, who want a strong grasp on technical savvy, particularly software that can oppose surveillance. The Dark Web is abuzz with jihadist threads about how to beat surveillance systems. And they’re learning a lot, says a report from Flashpoint, a cybersecurity firm.

For instance, ISIS knows how to use Tor and Opera to scavenge the Web undetected. That’s just the beginning of their software knowledge. Jihadists also use:

In short, ISIS is very well keeping up with communications technology. Evil can be technologically savvy, too. Do not underestimate the technical prowess of jihadists, even though it seems as though some of them live rather primitively.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.