Email Trick or Treat

Email Trick or Treat

Halloween is coming soon. I can't wait to see the kids in their costumes and the haunted yard displays in our area.
 
Trick or treat also brings something else to my mind: Every single email that arrives in your inbox.
 
Treat or trick? Yes, that's the issue - every time you check your in-box you have to determine if any particular email is a treat, that is, something you do want, expected, or appreciate. Or if it's a trick - a phishing email trying to con you.

Phishing for suckers (aren't we all)
Phishing, the practice of scammers using email (or text messages) to dupe you into giving them confidential information or infect your computer, has been growing rapidly over the past few years.

When in doubt, throw it out! 
If you suspect a trick email, delete it. Or if you're on the fence because it looks legitimate, like from a friend, colleague or reputable business, call them up. Not from a number provided in the email, but using their actual number of record. 

Scrutinize those weblinks!
The most common way crooks will try to scam you is by sending an enticing email that includes a weblink, which may look legitimate until further inspection.

Many spam filters and security programs will trap such threats. But because big money can be made, the fiends are getting increasingly canny with their lures. So you need to depend on your own wariness, not just your software defenses.
 
Our brain jacked into tech flow
I think it's relevant to consider the psychology of computer use (including phones, tablets, etc.) so we understand how we can be conned. Our tech devices encourage efficient use because they work so fast and reward us so quickly for the many worthwhile things we do on them. 

For example, if you're efficiently working through emails, reading, responding, filing, etc. at a certain pace you may not be in a defensive state of mind. You're in a flow. And a well-crafted phishing email can exploit this guard-down flow state. 

Back out while you still can!
But just clicking the link doesn't mean you're immediately infected or fully exploited. Often the criminals want you to login to a bogus site so they can steal your username and password, or provide a form you can fill in. The good news is you can stop right there.Don't input any info.

If the weblink tries to infect your computer or device and you see something suspicious happening, like an unusual pop up window (which often quickly occurs after an infection), you can shut off the computer, unplug the modem and router, and get local tech support before the exploit worsens. 
  
This scenario is like being exposed to a virus or bacteria: the sooner you take action to treat it, the higher the success rate. 

Spread the word
Below is an informative site about phishing. If you're in a company you might want to print some of the recommendations from this site and share with staff or post on a wall. It's important we all get smart about phishing prevention.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Thanks for reading!
-Sam

Use 2 Factor Authentication to Decrease Your Risk of Getting Hacked

Use 2 Factor Authentication to Decrease Risk of Getting Hacked


If you're even vaguely aware of the news these days about online account hacks - like the recent Facebook breach - then you know the importance of changing your password immediately if you're at risk.
 
Post breach, change password!
Changing your password asap after such a breach prevents a hacker from accessing your account, as long as you change it before the hacker logs in! Otherwise, you have to go through an often-stressful password reset process, during which you have to prove your identity by some other means such as email, phone, or security question answers.
 
Password reset game is no fun
I have helped many clients through this reset process and it's not fun. It's not hard, it just takes time and costs money: my billable time. Believe me, it's not a preferred IT task for either me or my clients. We get painfully reminded about the importance of locking down account access using multiple layers of identification.        
 
Use unique passwords 
While strong and unique passwords raise the bar for anyone trying to hack your account directly, they don't prevent the types of hacks Facebook disclosed. Yet if your Facebook password or any other online password is unique, and you change it right away after a reported breach, then your vulnerability is reduced.

Don't give the keys to the kingdom!
If, however, you use the same password on multiple sites and a hacker obtains info on you, such as your name, email location, and a precious password, you can bet they will try that same identify combination to crack your other accounts. That's why it's critical to have unique and complex passwords, not just variations of a theme like "mydogbruno" and "mydogbruno1".
 
2 Factor authentication boosts security
So, the first line of defense is strong and unique passwords for EVERY online account. The second line is two-factor authentication (2FA), which requires access to something besides the knowledge of a password, like a cell phone. (The password is considered something you know, a first factor. The phone is something you have, a second factor.) The phone lets you receive a call or a text with a code to unlock your account, so it authenticates you beyond your password.
 
2-Step Verification in Gmail
Not all accounts provide two-factor authentication, but for the ones that do, I highly recommend it. Gmail is one. Google calls it 2-Step Verification. Here is a simple scenario after you set this up in Gmail: You get a new device, you try to log in to your Gmail account on it, and Gmail won't let you until you receive a code texted to your phone. You type into your browser or Gmail app that one-time-only code, then you're given access to Gmail on that new device. You won't be asked again, unless something changes on that device to make Google not recognize it.  
 
After setting up 2-step in Gmail, if someone elsewhere tried to log in to your Gmail you'd receive a code on your phone. As long as that phone is with you, that person would have more difficulty accessing your email.
 
Set up 2 Factor where available
Besides Google, here is a short list of sites offering two-factor authentication: Facebook, Microsoft, Yahoo, AOL, and Twitter. If you have an account with any of these sites, take the time to set up 2FA.

Thanks for reading!
-Sam

A Case for Multiple Email Accounts

A Case for Multiple Email Accounts

As the web of our digital life expands, so does our risk of getting hacked. For various reasons and by various means, our email addresses are scattered around the Internet. Because of this exposure any one of us can become a target, even the kindly grandmother who rarely does much online. All it takes to get invaded is to click one poisoned weblink in an email. 

Sometimes the poisoned weblink infects only the browser (browser hijacking); sometimes it infects the whole computer (a ransomware attack). Sometimes though, the hack is a more focused attempt to breach an email account.

Tempting Targets
Email accounts are rich targets. If someone can gain unauthorized access to an email account s/he can view our contacts and our email database - the content of all the emails we keep, even the "deleted" stuff!

Don't Mix Business with Pleasure
For years I have been recommending that my commercial clients do not use business email accounts for personal use. It's best to use the company email for commercial contacts only. In my experience, hacks are more likely to occur through personal emails, as they're linked to social networking and a whole variety of people who may not be as security-conscious as corporate email systems tend to be.
 
Three's Company
For personal email accounts, I'd recommend three email accounts: one for family and close friends; another for finance and banking; and a third for everything else, such as subscriptions, online shopping, social networks, etc. 

For the first email, you can choose something personal, like part of your name for the address; for the second, be a little vaguer; for the third, be very vague - don't use any part of your name or personal info. 

Damage Control
Now just because you have three email accounts this doesn't mean you're bulletproof online. But if someone hacks the third account, they won't gain access to the content of the first or second. The last thing you want is someone gaining access to ALL your email contacts when they hack your account. That's a nightmare for everyone.   

A Vote for Gmail
As much as I like to support the "little guy and gal" in business, I think Gmail is the best bet for personal email. It has good spam filtering, good 2-step authentication, and other security features. Of course, when using Gmail, you must put up with ads and whatever online tracking Google is currently implementing. But it is free, so we can't expect to get something for nothing. 

Best Practices to Keep Safe
Whichever email service you use, and whatever strategy you use to keep some segregation between email accounts, it's best to use unique passwords for each email account, set strict spam controls, and be very careful when clicking any links in email messages. When in doubt, delete. And never transmit personally identifying information (PII) like social security numbers, etc. by email. 

Email is a wonderful tool for personal and business communications. Just keep your guard up while using it, because it's a portal to so much about you, and you have rights as to what is disclosed.   

Thanks for reading!
-Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.

Boost Your Email Security or Suffer

Boost Your Email Security or Suffer

For years now the electronic mail system of the Internet (email) has been a victim of annoying advertising spam and virus attacks. 

The latest threats to email include hacking to take control of the account, spam with links that when clicked infect a computer with ransomware, and tracking/spying on email usage by email providers and their affiliates.   

Below are some suggestions for boosting email security. Remember though, networking and the Internet were not designed from the ground up to be a secure communication system, nor was email. Whenever you send something via email it can be compromised somewhere along the communication chain. 

• Use separate accounts for business and personal use. In my opinion, it's generally more likely a personal email account will be compromised. You don't want your business contacts exposed by a hack. 
• Ditch Yahoo email. Use Gmail instead. True, there are privacy concerns with Gmail. But I believe Google does a much better job at security than Yahoo. Just read the recent news on the hacks of Yahoo's system and their failure to take action and disclose. 
• Use 2-step verification. This requires that someone trying to access your email from a device you haven't previously used/approved will need to enter a code sent by text to your phone to gain access. 
• Use unique, complex passwords for each account, and make sure passwords are not used for any other online accounts. 
• Don't send anything confidential by email. As mentioned earlier, email isn't inherently secure. So don't email account numbers, passwords, social security numbers, etc. If you must share this stuff via email, find a means to encrypt the data, such as zipping an attachment with the 7-zip program and using a password/encryption. This is not perfect security, but raises the bar. 
• Set your spam scanner on aggressive and check the spam folder often for valid email. You can white-list the wrongly labeled "spam" email so the filter won't screen it out next time. 
• Use Antivirus software to scan all email if you use a program like Outlook, Thunderbird, Windows Mail, etc. 
• If your email is hacked, changed your password immediately and monitor the account for oddities. If the hacker sent email from you to your contacts, immediately notify your contacts about the hack - tell them to be careful about suspicious content, including asking them to click links.

Bottom line, whenever you check your email, pretend you're walking in a strange city at night. Keep your guard up! Criminals and miscreants are trying every trick in the book to get to you via email. 

Wishing you a safe day in cyberspace!

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Beware of Click and Tap Fever

Beware of Click and Tap Fever

Living much of our lives on digital devices has programmed us to be adept clickers of the mouse or tappers of the finger. Kids especially do this at lightning speed!

But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.

Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)

So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete.  If the message is important enough, the person will call, or you can call them.

Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.

Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.

The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)

https://www.dhs.gov/stopthinkconnect

Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.

I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.

Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software. 

Here's the site: https://www.malwarebytes.com

After you buy and install it, close all programs on your computer and run a full scan, including your external drives. 

Wishing you a safe day in cyberspace!

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

The Hazards of Spam

The Hazards of Spam

Spam used to be merely an annoyance: junk email ads for meds, romance, degrees, etc.  Now it has graduated from annoyance to outright danger. The links provided in spam can lead you to a poisoned website where hackers are positioned to infect your computer.  

A tool of hackers
The hacker-run sites may be interactive - enticing you to click something to take further action, which infects your computer. However, in some cases just visiting the site could plague your computer with browser hijacking or a Trojan download. So, as you've heard from me and other IT pros, be very, very suspicious of each and every email you get. When in doubt, delete it!      

How did the spammers find you?
You might be wondering how spammers get your email. There are several sources: chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books to name a few. A certain class of bots, referred to as "collection bots" also sends spam to entire domains in order to identify the non-bouncing email addresses, which are then added to a commercial spam database. Nice, huh?

How do the spammers make money? 
It used to be that if a small percentage of users clicked the junk mail, and then purchased the product advertised, that would suffice. The cost of business for spamming is very low, as millions of prospects can be reached by sending numerous bulk emails. Now, as mentioned above, spammers and their network affiliates can make money from hacked computers too, including using ransomware attacks. 

Why can't they be caught and punished?
Spammers distance themselves from law enforcement by operating overseas and by using botnets of infected computers for spam distribution. There are millions of computers worldwide controlled by botnets. Those computers belong to people unaware their computers have been compromised. 

Is yours one of them? I suggest that you thoroughly scan your computer after reading this article with at least two scanners, such as Kaspersky or Malwarebytes. 

What can you do?
How can you protect yourself from this onslaught of spam? One way is to limit your exposure online. Be careful which websites you give your email to.  And consider creating an anonymous-looking email address (nothing to identify you) that you can use for email not relating to work, family and close friends, or trusted financial institutions or ecommerce sites. For example, if you'd like to subscribe to news services, games sites, or social or political causes, use the anonymous email. 

It's also best to use a spam filter in your email program, and set it to aggressive. Just make a habit of checking it so you don't miss any important messages. As for any undesirables that slip through the filter, just mark them as spam and they should not reappear. 

Open a new email account
If you just can't seem to screen out the volume of spam you get, it's best to open a new email account, and only give it to those contacts in the spam-barraged account you care to maintain contact with. Then just check the old account once a week to see if you're missing anything. But never respond to emails from it. 

It takes some effort, but you can fight back against the spam industry.  

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Don't Mix Personal and Business Email

Don't Mix Personal and Business Email

Those of you in business know about the best practice of keeping separate personal and business bank accounts and credit cards. Any accountant will tell you this is a no-no for several reasons. 

It's best to follow this no-mix approach for email too. Limiting our business email accounts to business matters only, including creating spam and filter lists that black-list all non-business correspondence, will reduce the threats of malware and hacking.   

Will-nilly email sending
Why? Because of the willy-nilly approach many users take to opening, sending, and forwarding potentially unsafe emails (I'm guilty too!), you increase your risk of mixing those types of missives in your in-box with important business email. Some malware and hacks that gain a foothold on your computer via email can wipe out data, take over the email account, and infect the email program or browser. 

I'm not suggesting the business, professional, and governmental world does not bat around junk email and infected messages. But the variety and exposure is generally more limited. This is partly because many institutions have strict email use policies and stringent filtering of inbound and outbound email. This is largely not true for the personal email user. 

How to un-mix the accounts
The easiest remedy to un-mix your email - if you don't already have a personal email address - is to create a free gmail account. Choose a non-identifying address, one that doesn't include your name or pointers to who you are. For example, you can refer to a hobby (passion) like fishing: live.to.fish808@gmail.com. (It's easy to add a gmail account to your phone or tablet after set up in a web browser on a computer.)

Once you create the new email, notify all friends and family to send email only there. Re-route any subscription or online shopping accounts to that address too, or create a new email for that type of thing.

Filter your business mail
Then in your business email account/program, set up a filter to block anyone not in your business contacts list.  

The joy of a smaller inbox
One joy you will notice from doing this is your business email in-box will shrink dramatically. And you'll not be distracted by the noise of non-business messages. 

Personal email browser
As for your personal email, you can keep it handy in a browser window, which you can flip to when you like. If using gmail for your personal email, I recommend using Google Chrome. If you're already using Chrome for your business email, then I suggest using Firefox for the personal account. A better practice is to not access personal email on a work computer; use a personal laptop, tablet, or phone. 

Related article
You may also like to read my post about segregated web browsing, which dovetails with this article. 

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Be Careful with Email Attachments and Links

Be Careful with Email Attachments and Links

I know you've heard this many times, but it's easy to fall prey to scammers while we're zipping through our email.

Malware is commonly activated when people click on an email attachment or a link that launches the malware. 

So don't open attachments or click on links unless you're certain they're safe, even if they come from a person or company you know. It's better to err on the side of suspicion. If you're not sure of the source, call the person or company. 

Be especially wary of attachments with sensational names, emails that contain misspellings, or emails that try to entice you into clicking on a link or attachment (for example, an email with a subject like that reads, "Hey, you won't believe this picture I saw of you on the Internet!"). 

We live in an age where one click of the mouse can ruin our day. Don't let yourself become another cybercrime victim.  Like they teach us when we learn to drive, be defensive.  Look out for yourself. 

Thanks for reading, 

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.