Posts

Protect Your Mail From Thieves

Do you have Informed Delivery from the US Postal Service? If not, you should. Every day, it sends you an email that shows what is coming in your mail.

Robert Siciliano, CSP, SAFR.MEHowever, there is also the possibility that someone could pose as you and get your Informed Delivery. This means that they could get your mail before you do.

In fact, this is already happening. The bad guys are signing up with the addresses of other people, and then collecting their mail. Why? Because they want to get access to things like credit card applications or new credit cards.

What if your mail contains a check? The thief could easily cash it before you even realized it was gone.

There are numerous reports that show groups of thieves in actually used the USPS to apply for credit cards via an application that we all get in our mail. They then just had to wait. They knew the exact day the credit cards would arrive because they had access to the owners’ mail via Informed Delivery. By doing this, they were able to spend around $400,000, and the owners didn’t realize it until it was too late.

A locking mailbox could certainly help, and you can also opt out of informed delivery by emailing eSafe@usps.gov. This prevents anyone from signing up for it in your name.

You can also consider a credit freeze. This does not guarantee that a thief won’t be able to steal your identity and open a credit card, but it makes it much more difficult.

Other Things You Can Do

Here are a few other things you can do:

  • Check your credit cards statements each month for any charges that look strange or unfamiliar, and then immediately report them, even if it is a small amount.
  • Contact the three major credit reporting agencies and sign up for alerts to get any changes in your credit report.
  • Get a mailbox that locks. There is too much information out there not to have this.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Fake Emails are Becoming a Major Issue for Businesses

You might be surprised to know that more than 3.4 billion fake emails are sent around the globe each day. What does this mean? It means that almost every company out there is vulnerable to cybercrimes in the form of “spoofing” and “phishing.” On top of this, most companies out there have not protected themselves from this type of cyber attack. What’s even more interesting is that the vast majority of these emails are not coming from some foreign land, but they are coming from sources based in the US.

This all sounds pretty dreary, but it’s not all bad. Research is showing that many industries in the US are making strides against these fake emails, though some are working harder than others.

To get the data for this research, companies like Valimail is using data from internal analysis of billions of different email authentication requests. The company also used almost 20 million public records about email to publish its report.

This report shows that email impersonation, which made up 1.2 percent of all emails sent during the first quarter of 2019, is the favorite weapon of cyber criminals to get access to a network. They also try to get access to sensitive information and intellectual property.

Fake emails are a problem, and they are not blocked by cybersecurity defenses that are traditionally used.

These fake emails are one of the biggest sources of cyberattacks. As more businesses recognize email vulnerabilities, organizations should start using authentication technology to protect against fraudulent and untrustworthy senders.

The fact is this: too many cybercriminals are using fake emails to get through these defenses, and better methods to identify senders is needed to make sure that email is more trustworthy both now and in the future.

Protect Yourself

  • The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part.
  • Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
  • A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
  • Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
  • Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How to Access that Old Email Account

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Inside the Business E-mail Compromise Scam

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of the CEO E-mail Scam

Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.

emailThe hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.

The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.

Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.

This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:

  • Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
  • Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.

Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.

Next, the victim should file a complaint with the IC3.

How can businesses protect themselves from these scam e-mails?

  • Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
  • Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to unsend or cancel an E-mail

If the person you are sending an e-mail to pretty much instantaneously receives it, how on earth can you unsend or cancel it? Well, you have several options.

emailCriptext

  • This is a browser plug-in that works for Chrome and Safari.
  • Your message including attachments will be encrypted.
  • You will know when it’s been opened.
  • You can recall messages and assign them expiration times. The recall, of course, comes after the recipient has possibly opened the message, but if they’re, for instance, away from their computer when it comes in, and you recall the e-mail, they will never know it was there. Or maybe they will have seen it and decided to open it later, and when that time comes, they see that it has vanished and think they’re going crazy.

UnSend.it

  • Like Criptext, this plug-in will let you know when messages have been opened. In addition, it allows you to recall them and also set expiration times.
  • Missing, however, is the encryption feature.
  • It’s compatible with more browsers than is Criptext.

What about Gmail users?

  • Enable the “Undo Send” feature as follows.
  • In the upper right is a gear icon; click on it.
  • Select Settings to bring up the “General” tab.
  • Scroll to Undo Send.
  • Click checkbox for Enable Undo Send.
  • You can choose a cancellation time of five, 10, 20 or 30 seconds. A grace period of only five or 10 seconds doesn’t make much sense, so you may as well choose 30 seconds unless you routinely need recipients to receive your messages less than 30 seconds after you send them.
  • Hit Save Changes.

Virtru

  • This plug-in is compatible with Chrome and Firefox.
  • Those with Yahoo, Gmail or Outlook accounts can use it.
  • For $2/month, you can have message recall and self-destruction, along with message forwarding.
  • The free version does not offer any kind of recall or cancellation features, only secure messaging.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Is private NSA proof E-mail possible?

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

7WThe problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

6 Ways to Secure Your Email Account

On August 30th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item,
allowing us to connect and share information with friends, teachers, and co-workers.

emailTo celebrate email’s birthday, here are 6 ways to secure your email account.

  1. Think twice before opening unfamiliar emails. Do you open your front door to just anyone? Of course not. Don’t open strange emails or any email that you’re not completely confident in.
  2. Be cautious about email links and attachments. Hackers use links and attachments to download nasty malware onto your computer. If an email seems suspicious, don’t click or download anything.
  3. Use 2-step verification. Email services like Gmail allow you to enable two-step verification because it adds more security to your account. After you enter a password and username, you enter a code sent by the email service to your phone when you sign in.
  4. Beware of public computers. Never use a public computer to log into your email accounts, not even your cousin’s or best friend’s computer—you don’t know if they’ve been infected.
  5. Use strong, unique passwords. If your password is “password”, you might want to change it to something more unique. I recommend a password with 8 or more characters with a mix of upper-case letters, lower-case letters, and numbers.
  6. Use comprehensive security software. McAfee LiveSafe™ service can make protecting your email even easier with a strong firewall to block hackers, viruses, and worms and a password manager to help you remember all of your logins.

Happy Birthday email!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 Ways to remove Junk mail forever

If you’re sick of junk mail, stop putting off putting a stop to it, because you can actually make a difference by implementing the following 6 strategies. Though you won’t be able to completely eliminate junk mail, the following approaches will considerably de-clutter your mail box.1P

  1. Get off marketing lists. This is done by having the Direct Marketing Association contact direct mail companies and instruct them to stop sending you mail. Go to DMACHOICE.org to get started and free yourself of mail offerings from magazines, catalogues and credit card companies, to name a few. To stop credit card offers only, sign up with OptOutPrescreen.com. For optimal results, sign up for both.
  2. Look for a “privacy notice” in the mail from your credit card issuer or bank, because this notice has an opt-out choice to avoid getting marketing material. However, you may have tossed this notice, thinking it was junk mail (it’s actually not), so contact your bank or credit card company and inquire about their privacy policy. Don’t stop there; contact any entity that deals with your money, such as your auto insurance company.
  3. Sign up for the free TrustedID Mail Preference Service. This provides companies that you can seek the opt-out instructions for.
  4. For $35, 41pounds.org will stifle mail offers.
  5. Do not get a print magazine subscription. Otherwise you’ll set yourself up for reams of third-party junk mail. See if there’s a digital version of the magazine or if your gym has it available.
  6. Go electronic. To stop junk mail from coming with your snail mail bills, switch to electronic billing.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways to protect your Gmail Account

Protecting your Gmail account means you must activate some tools that Google offers, and you must increase your scam savvy intelligence in order to spot phishing scams. If you do both, you can have a very well-protected Gmail account.

2D#1. Google 2 Step Verification. This is the Holy Grail of account security. Not really, but it’s the best they have available. With 2 Step you get a onetime log in code to a secondary device like a mobile phone via text or the “Google Authenticator” app. I like text best. This will surely protect your Gmail account because a hacker would need access to this secondary device to bust into your account, since Google would require a six-digit unique code for this second device to access your account.

Speaking of codes, you can generate a number of one-time codes that you can use in the event of a mishap such as losing your device; you can use these codes to access your account from a temporary device.

#2. Stay out of Googles spam folder. Learn to ignore spam.Must you open every e-mail? Google does a pretty good job of spam/phish filtering. Leave the phishy/spammy messages alone and you’ll be in good shape.

Most malicious or “phishing” e-mails are very obvious, with any of the following in their subject lines:

–       Get back to me

–       Your money is waiting

–       If you don’t read this now you’ll hate yourself

–       Claim your reward

However, some subject lines look less suspicious, like “Your Amazon.com order has shipped.” If you use a unique e-mail account solely for Amazon or eBay, and then promise yourself never to click on a link inside the e-mail, you’ll be fine.

#3. Never give out your password.

Remember: If someone requests your Google account password, it’s malicious. If you think Google wants your password, don’t give it via any link in an e-mail. Instead go to https://www.gmail.com or https://accounts.google.com/ServiceLogin and login.

#4. Account recovery options: Keep up to date. Always keep your mobile phone number current because it’s what Google uses to send you a security code. So if a hacker gets your Gmail account password, it’s useless unless they have your smartphone number, which Google will use to send you that code to prove your identity.

#5. Have a recovery e-mail address that’s also up-to-date because Google uses this strictly for sending security codes for when you forget a password. You should have this second e-mail address also because Google will use it to send important security information.

#6. Secondary e-mail address. This is in addition to the recovery address mentioned prior because you can use this alternate to sign into your Gmail account. Note, however, that this alternate address must not be part of your Gmail account or even associated with a second Google account.

#7. Use secure connections. Gmail should always be set to use a secure connection, denoted by HTTPS before the URL. Go to Settings, General, Browser Connection to set it up. Use a secure VPN for logging in. Hotspot Shield protects and encrypts your wireless connections.

#8. Strong & long is the name of the game. Enough of passwords like Puppylover1, carfiend1979 and Darlingmama. Don’t use words that can be found in a dictionary. Include symbols like #, * and $. The more nonsensical and longer the password, the better. Next, do not ever use your Google password for any other account. Your e-mail passwords should be equally nonsensical.

#9. Incognito. Use the “incognito” or “private” mode in browsers when you’re on a public or shared computer such as at a hotel. These modes will prevent cookies, web history and other data formation from getting stored. If these modes are not available, clear your cookies and browsing history when you LOG OUT.

#10. Finally, to protect your Gmail account, keep your system up-to-date and secure with anti-virus and anti-malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.