Posts

Protect Your Mail From Thieves

Do you have Informed Delivery from the US Postal Service? If not, you should. Every day, it sends you an email that shows what is coming in your mail.

Robert Siciliano, CSP, SAFR.MEHowever, there is also the possibility that someone could pose as you and get your Informed Delivery. This means that they could get your mail before you do.

In fact, this is already happening. The bad guys are signing up with the addresses of other people, and then collecting their mail. Why? Because they want to get access to things like credit card applications or new credit cards.

What if your mail contains a check? The thief could easily cash it before you even realized it was gone.

There are numerous reports that show groups of thieves in actually used the USPS to apply for credit cards via an application that we all get in our mail. They then just had to wait. They knew the exact day the credit cards would arrive because they had access to the owners’ mail via Informed Delivery. By doing this, they were able to spend around $400,000, and the owners didn’t realize it until it was too late.

A locking mailbox could certainly help, and you can also opt out of informed delivery by emailing eSafe@usps.gov. This prevents anyone from signing up for it in your name.

You can also consider a credit freeze. This does not guarantee that a thief won’t be able to steal your identity and open a credit card, but it makes it much more difficult.

Other Things You Can Do

Here are a few other things you can do:

  • Check your credit cards statements each month for any charges that look strange or unfamiliar, and then immediately report them, even if it is a small amount.
  • Contact the three major credit reporting agencies and sign up for alerts to get any changes in your credit report.
  • Get a mailbox that locks. There is too much information out there not to have this.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Fake Emails are Becoming a Major Issue for Businesses

You might be surprised to know that more than 3.4 billion fake emails are sent around the globe each day. What does this mean? It means that almost every company out there is vulnerable to cybercrimes in the form of “spoofing” and “phishing.” On top of this, most companies out there have not protected themselves from this type of cyber attack. What’s even more interesting is that the vast majority of these emails are not coming from some foreign land, but they are coming from sources based in the US.

This all sounds pretty dreary, but it’s not all bad. Research is showing that many industries in the US are making strides against these fake emails, though some are working harder than others.

To get the data for this research, companies like Valimail is using data from internal analysis of billions of different email authentication requests. The company also used almost 20 million public records about email to publish its report.

This report shows that email impersonation, which made up 1.2 percent of all emails sent during the first quarter of 2019, is the favorite weapon of cyber criminals to get access to a network. They also try to get access to sensitive information and intellectual property.

Fake emails are a problem, and they are not blocked by cybersecurity defenses that are traditionally used.

These fake emails are one of the biggest sources of cyberattacks. As more businesses recognize email vulnerabilities, organizations should start using authentication technology to protect against fraudulent and untrustworthy senders.

The fact is this: too many cybercriminals are using fake emails to get through these defenses, and better methods to identify senders is needed to make sure that email is more trustworthy both now and in the future.

Protect Yourself

  • The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part.
  • Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
  • A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
  • Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
  • Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Inside the Business E-mail Compromise Scam

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to unsend or cancel an E-mail

If the person you are sending an e-mail to pretty much instantaneously receives it, how on earth can you unsend or cancel it? Well, you have several options.

emailCriptext

  • This is a browser plug-in that works for Chrome and Safari.
  • Your message including attachments will be encrypted.
  • You will know when it’s been opened.
  • You can recall messages and assign them expiration times. The recall, of course, comes after the recipient has possibly opened the message, but if they’re, for instance, away from their computer when it comes in, and you recall the e-mail, they will never know it was there. Or maybe they will have seen it and decided to open it later, and when that time comes, they see that it has vanished and think they’re going crazy.

UnSend.it

  • Like Criptext, this plug-in will let you know when messages have been opened. In addition, it allows you to recall them and also set expiration times.
  • Missing, however, is the encryption feature.
  • It’s compatible with more browsers than is Criptext.

What about Gmail users?

  • Enable the “Undo Send” feature as follows.
  • In the upper right is a gear icon; click on it.
  • Select Settings to bring up the “General” tab.
  • Scroll to Undo Send.
  • Click checkbox for Enable Undo Send.
  • You can choose a cancellation time of five, 10, 20 or 30 seconds. A grace period of only five or 10 seconds doesn’t make much sense, so you may as well choose 30 seconds unless you routinely need recipients to receive your messages less than 30 seconds after you send them.
  • Hit Save Changes.

Virtru

  • This plug-in is compatible with Chrome and Firefox.
  • Those with Yahoo, Gmail or Outlook accounts can use it.
  • For $2/month, you can have message recall and self-destruction, along with message forwarding.
  • The free version does not offer any kind of recall or cancellation features, only secure messaging.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

6 Ways to Secure Your Email Account

On August 30th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item,
allowing us to connect and share information with friends, teachers, and co-workers.

emailTo celebrate email’s birthday, here are 6 ways to secure your email account.

  1. Think twice before opening unfamiliar emails. Do you open your front door to just anyone? Of course not. Don’t open strange emails or any email that you’re not completely confident in.
  2. Be cautious about email links and attachments. Hackers use links and attachments to download nasty malware onto your computer. If an email seems suspicious, don’t click or download anything.
  3. Use 2-step verification. Email services like Gmail allow you to enable two-step verification because it adds more security to your account. After you enter a password and username, you enter a code sent by the email service to your phone when you sign in.
  4. Beware of public computers. Never use a public computer to log into your email accounts, not even your cousin’s or best friend’s computer—you don’t know if they’ve been infected.
  5. Use strong, unique passwords. If your password is “password”, you might want to change it to something more unique. I recommend a password with 8 or more characters with a mix of upper-case letters, lower-case letters, and numbers.
  6. Use comprehensive security software. McAfee LiveSafe™ service can make protecting your email even easier with a strong firewall to block hackers, viruses, and worms and a password manager to help you remember all of your logins.

Happy Birthday email!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

5 No-brainers for Keeping Your Email Safe

It’s time to face the fact that for most of us, email is the single most important digital asset we own: more than anything else, it is our digital DNA. To some degree, email is connected to every online account we have; it contains the username, password reset, and an archive of most of our digital doings. It’s been said that if a criminal owns a person’s email, he owns the person.

With more and more people keeping tabs on their financial statements, contact information and other sensitive data via email, it’s time to double-check your email habits to see if you’re putting yourself at risk.

#1 Never use public PCs. A public computer can be likened to a public toilet. You don’t really know who’s used it before you and you don’t know what kind of virus you can catch from it. PCs in libraries, hotel business centers or internet cafés can easily have keyloggers or keycatchers installed that can steal your usernames and passwords. Checking email on an unsecured computer that you don’t have any control over is risky and, frankly, irresponsible.

#2 Use a VPN over wireless. Wireless was born to be convenient, not secure. Sniffers can read wireless communications over free public WiFi and get usernames and passwords. Always use a wireless VPN, such as Hotspot Shield, that encrypts your wireless access.

#3 Log out of your device when not in use. Staying logged in 24/7/365 is risky. Anyone that has access to your computer or mobile device at home or work can own your email. Contractors, cleaners, vendors, burglars and even a spouse can put you at risk.

#4 Delete phishing emails. Any emails you receive that request you to click links to updating accounts, shipped packages, problems with accounts or for special offers are suspect. Phishing leads to keyloggers or compromised username/passwords. If these emails end up in your spam folder, leave them there.

#5 Never click links. I only click links in emails when it’s a “confirmation” email from signing into a new account or when I’m communicating with a friend, family member, colleague or known contact who then sends me a link. Otherwise, I never click links in emails, including in online statements. I always use my favorites menu or a password manager to get where I need to go.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Managing a Digital Life: Snooping on a Spouse’s Email

Your spouse, boyfriend, girlfriend, or partner just headed out to do errands without logging out of his or her email account. The computer’s sitting right there. Would you feel compelled to check it out?

According to a recent study, there’s a good chance that you will eavesdrop on your significant other’s cell phone and email conversations.

38% of people who are younger than 25 and in a relationship have snooped on their significant other by reading private email. 10% of the time, this snooping revealed that the other person had been unfaithful, resulting in a break up.

36% of people in long-term, committed relationships indicated they check emails or call histories without their significant other’s knowledge. 3% of married snoopers discovered they were being cheated on.

33% of women say they snoop on their spouse or partner, while 30% of men do.

Is this okay? Trust is a fragile intangible that can be irreparably broken. But aside from the moral and ethical implications, is it legal?

CBS News reports, “An Internet law designed to protect the stealing of trade secrets and identities is being used to levy a felony charge against a Michigan man after he logged onto his then-wife’s Gmail account and found out she was cheating… [He] is being charged with felony computer misuse, and faces up to five years in prison after logging into the email account of now ex-wife…on a shared laptop using her password.”

So before you go clandestine and hack your honey’s Hotmail, know that the long arm of the law may toss you into the hoosegow .

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking email on Fox News. Disclosures