email security Archives

How to Protect Your Email from Hackers

October 13, 2021/0 Comments/in hackers, online safety, online security /by Robert Siciliano

It is easier than you might think to secure your email from hackers. The number one thing you can do is set up two step verification. Even if your username and password is compromised, bad guys will still need your mobile phone to access your account. And of course, never ever click on any links that come through your email unless you are positive it’s coming from a trusted sender. Not clicking on those links is easier said, than done, and even though is sometimes not enough.

Hackers have a saying – “Own the email, and you’ll own the person.” If you get hacked, the scammers will now have access to many, if not all, of the accounts that are associated with your email address.

How do they get access? Well, they send phishing emails, which look very much like real messages from a source you trust like UPS, PayPal, the IRS, your bank, a friend, your mom, etc.

Even people who seem smart or those who are in leadership positions can get tricked into clicking links in emails. Even John Podesta, who was the campaign chairman when Hillary Clinton, fell for a hack like this. He clicked on a link that seemed like it was from Google, but really it was a hacker…and that hacker got into his entire email account.

Don’t Let a Hacker Get Into Your Email Account

If you see a link and you want to or are supposed to click it, there are a few things you should do:

Hover your mouse over the URL to see if it looks strange. If the email says it’s coming from Chase Bank, but the URL looks like a bunch of nonsense, it’s probably not safe to click.
Many times, however, the URL can look very legitimate. So, you want to look for some other signs.
Look at the email for things like misspellings, grammar mistakes, or other odd things.
When in doubt, contact the sender via telephone

Additional Tips

If you see some type of urgency in the email, such as your account being compromised or your account being suspended, don’t be so quick to click.
There might also be some good, unexpected news in the email that you want to click…but again, be smart and only click if you are absolutely sure.
Is the message telling you that you must re-set your password? Be careful here. It’s likely a scam.

Emails from UPS, the IRS, PayPal, a major retailer, or your bank could also be suspicious, so again, don’t click until you are totally sure the link is safe.

Tips for Protecting Your Account

Here are some final tips that you can use to protect your account:

Employers need to engage security awareness training in the form of phishing simulation training.
Use strong passwords that are long and difficult to guess. They should be mixed with letters, numbers, and symbols.
Use two-factor authentication for all accounts, including your email account.
Don’t click on attachments unless you know exactly what they are.

When you really think about it, protecting your email account is one of the most important things that you can do to keep your information safe. Everything here is simple to do and understand, and it can make a big difference in your life, especially when you consider how easy it is to get hacked.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protect Your Mail From Thieves

July 8, 2021/0 Comments/in Credit Freeze /by Robert Siciliano

Do you have Informed Delivery from the US Postal Service? If not, you should. Every day, it sends you an email that shows what is coming in your mail.

However, there is also the possibility that someone could pose as you and get your Informed Delivery. This means that they could get your mail before you do.

In fact, this is already happening. The bad guys are signing up with the addresses of other people, and then collecting their mail. Why? Because they want to get access to things like credit card applications or new credit cards.

What if your mail contains a check? The thief could easily cash it before you even realized it was gone.

There are numerous reports that show groups of thieves in actually used the USPS to apply for credit cards via an application that we all get in our mail. They then just had to wait. They knew the exact day the credit cards would arrive because they had access to the owners’ mail via Informed Delivery. By doing this, they were able to spend around $400,000, and the owners didn’t realize it until it was too late.

A locking mailbox could certainly help, and you can also opt out of informed delivery by emailing eSafe@usps.gov. This prevents anyone from signing up for it in your name.

You can also consider a credit freeze. This does not guarantee that a thief won’t be able to steal your identity and open a credit card, but it makes it much more difficult.

Other Things You Can Do

Here are a few other things you can do:

Check your credit cards statements each month for any charges that look strange or unfamiliar, and then immediately report them, even if it is a small amount.
Contact the three major credit reporting agencies and sign up for alerts to get any changes in your credit report.
Get a mailbox that locks. There is too much information out there not to have this.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Fake Emails are Becoming a Major Issue for Businesses

December 4, 2019/0 Comments/in computer security, internet safety, internet security /by Robert Siciliano

You might be surprised to know that more than 3.4 billion fake emails are sent around the globe each day. What does this mean? It means that almost every company out there is vulnerable to cybercrimes in the form of “spoofing” and “phishing.” On top of this, most companies out there have not protected themselves from this type of cyber attack. What’s even more interesting is that the vast majority of these emails are not coming from some foreign land, but they are coming from sources based in the US.

This all sounds pretty dreary, but it’s not all bad. Research is showing that many industries in the US are making strides against these fake emails, though some are working harder than others.

To get the data for this research, companies like Valimail is using data from internal analysis of billions of different email authentication requests. The company also used almost 20 million public records about email to publish its report.

This report shows that email impersonation, which made up 1.2 percent of all emails sent during the first quarter of 2019, is the favorite weapon of cyber criminals to get access to a network. They also try to get access to sensitive information and intellectual property.

Fake emails are a problem, and they are not blocked by cybersecurity defenses that are traditionally used.

These fake emails are one of the biggest sources of cyberattacks. As more businesses recognize email vulnerabilities, organizations should start using authentication technology to protect against fraudulent and untrustworthy senders.

The fact is this: too many cybercriminals are using fake emails to get through these defenses, and better methods to identify senders is needed to make sure that email is more trustworthy both now and in the future.

Protect Yourself

The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part.
Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How to Access that Old Email Account

February 21, 2019/0 Comments/in online safety, online scams, online security /by Robert Siciliano

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Inside the Business E-mail Compromise Scam

December 1, 2016/in Identity Theft, online safety, online security /by Robert Siciliano

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

That’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of the CEO E-mail Scam

May 11, 2016/in online safety, online scams /by Robert Siciliano

Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.

The hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.

The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.

Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.

This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:

Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.

Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.

Next, the victim should file a complaint with the IC3.

How can businesses protect themselves from these scam e-mails?

Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to unsend or cancel an E-mail

December 28, 2015/in online safety, online security /by Robert Siciliano

If the person you are sending an e-mail to pretty much instantaneously receives it, how on earth can you unsend or cancel it? Well, you have several options.

Criptext

This is a browser plug-in that works for Chrome and Safari.
Your message including attachments will be encrypted.
You will know when it’s been opened.
You can recall messages and assign them expiration times. The recall, of course, comes after the recipient has possibly opened the message, but if they’re, for instance, away from their computer when it comes in, and you recall the e-mail, they will never know it was there. Or maybe they will have seen it and decided to open it later, and when that time comes, they see that it has vanished and think they’re going crazy.

UnSend.it

Like Criptext, this plug-in will let you know when messages have been opened. In addition, it allows you to recall them and also set expiration times.
Missing, however, is the encryption feature.
It’s compatible with more browsers than is Criptext.

What about Gmail users?

Enable the “Undo Send” feature as follows.
In the upper right is a gear icon; click on it.
Select Settings to bring up the “General” tab.
Scroll to Undo Send.
Click checkbox for Enable Undo Send.
You can choose a cancellation time of five, 10, 20 or 30 seconds. A grace period of only five or 10 seconds doesn’t make much sense, so you may as well choose 30 seconds unless you routinely need recipients to receive your messages less than 30 seconds after you send them.
Hit Save Changes.

Virtru

This plug-in is compatible with Chrome and Firefox.
Those with Yahoo, Gmail or Outlook accounts can use it.
For $2/month, you can have message recall and self-destruction, along with message forwarding.
The free version does not offer any kind of recall or cancellation features, only secure messaging.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

Is private NSA proof E-mail possible?

September 18, 2014/in online security /by Robert Siciliano

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

The problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

6 Ways to Secure Your Email Account

September 15, 2014/in hackers /by Robert Siciliano

On August 30^th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item,
allowing us to connect and share information with friends, teachers, and co-workers.

To celebrate email’s birthday, here are 6 ways to secure your email account.

Think twice before opening unfamiliar emails. Do you open your front door to just anyone? Of course not. Don’t open strange emails or any email that you’re not completely confident in.
Be cautious about email links and attachments. Hackers use links and attachments to download nasty malware onto your computer. If an email seems suspicious, don’t click or download anything.
Use 2-step verification. Email services like Gmail allow you to enable two-step verification because it adds more security to your account. After you enter a password and username, you enter a code sent by the email service to your phone when you sign in.
Beware of public computers. Never use a public computer to log into your email accounts, not even your cousin’s or best friend’s computer—you don’t know if they’ve been infected.
Use strong, unique passwords. If your password is “password”, you might want to change it to something more unique. I recommend a password with 8 or more characters with a mix of upper-case letters, lower-case letters, and numbers.
Use comprehensive security software. McAfee LiveSafe™ service can make protecting your email even easier with a strong firewall to block hackers, viruses, and worms and a password manager to help you remember all of your logins.

Happy Birthday email!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

6 Ways to remove Junk mail forever

June 24, 2014/in phishing emails /by Robert Siciliano

If you’re sick of junk mail, stop putting off putting a stop to it, because you can actually make a difference by implementing the following 6 strategies. Though you won’t be able to completely eliminate junk mail, the following approaches will considerably de-clutter your mail box.

Get off marketing lists. This is done by having the Direct Marketing Association contact direct mail companies and instruct them to stop sending you mail. Go to DMACHOICE.org to get started and free yourself of mail offerings from magazines, catalogues and credit card companies, to name a few. To stop credit card offers only, sign up with OptOutPrescreen.com. For optimal results, sign up for both.
Look for a “privacy notice” in the mail from your credit card issuer or bank, because this notice has an opt-out choice to avoid getting marketing material. However, you may have tossed this notice, thinking it was junk mail (it’s actually not), so contact your bank or credit card company and inquire about their privacy policy. Don’t stop there; contact any entity that deals with your money, such as your auto insurance company.
Sign up for the free TrustedID Mail Preference Service. This provides companies that you can seek the opt-out instructions for.
For $35, 41pounds.org will stifle mail offers.
Do not get a print magazine subscription. Otherwise you’ll set yourself up for reams of third-party junk mail. See if there’s a digital version of the magazine or if your gym has it available.
Go electronic. To stop junk mail from coming with your snail mail bills, switch to electronic billing.