Email Trick or Treat

Email Trick or Treat

Halloween is coming soon. I can't wait to see the kids in their costumes and the haunted yard displays in our area.
 
Trick or treat also brings something else to my mind: Every single email that arrives in your inbox.
 
Treat or trick? Yes, that's the issue - every time you check your in-box you have to determine if any particular email is a treat, that is, something you do want, expected, or appreciate. Or if it's a trick - a phishing email trying to con you.

Phishing for suckers (aren't we all)
Phishing, the practice of scammers using email (or text messages) to dupe you into giving them confidential information or infect your computer, has been growing rapidly over the past few years.

When in doubt, throw it out! 
If you suspect a trick email, delete it. Or if you're on the fence because it looks legitimate, like from a friend, colleague or reputable business, call them up. Not from a number provided in the email, but using their actual number of record. 

Scrutinize those weblinks!
The most common way crooks will try to scam you is by sending an enticing email that includes a weblink, which may look legitimate until further inspection.

Many spam filters and security programs will trap such threats. But because big money can be made, the fiends are getting increasingly canny with their lures. So you need to depend on your own wariness, not just your software defenses.
 
Our brain jacked into tech flow
I think it's relevant to consider the psychology of computer use (including phones, tablets, etc.) so we understand how we can be conned. Our tech devices encourage efficient use because they work so fast and reward us so quickly for the many worthwhile things we do on them. 

For example, if you're efficiently working through emails, reading, responding, filing, etc. at a certain pace you may not be in a defensive state of mind. You're in a flow. And a well-crafted phishing email can exploit this guard-down flow state. 

Back out while you still can!
But just clicking the link doesn't mean you're immediately infected or fully exploited. Often the criminals want you to login to a bogus site so they can steal your username and password, or provide a form you can fill in. The good news is you can stop right there.Don't input any info.

If the weblink tries to infect your computer or device and you see something suspicious happening, like an unusual pop up window (which often quickly occurs after an infection), you can shut off the computer, unplug the modem and router, and get local tech support before the exploit worsens. 
  
This scenario is like being exposed to a virus or bacteria: the sooner you take action to treat it, the higher the success rate. 

Spread the word
Below is an informative site about phishing. If you're in a company you might want to print some of the recommendations from this site and share with staff or post on a wall. It's important we all get smart about phishing prevention.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Thanks for reading!
-Sam

Ransomware is Infecting the Aloha State too

Ransomware is Infecting the Aloha State too

Ransomware attacks are escalating, as indicated in various recent news reports. 

But this is not just happening "out there", somewhere else, like on the mainland or overseas. One of my small business clients on Hawaii Island was hit last week by a ransomware attack. 

Email link from Hell 

My client had clicked on a bogus email link*, then his computer was infected. The infection encrypted his files, effectively locking them up. 

He got a note from the criminals promising to unlock his files if he paid the equivalent of $450 in bitcoin. He consulted with me and we decided to not pay. 

His rationale? He had all his files backed up online. Plus he wanted to set up a new computer anyways, so he proceeded to download all his backed up files to the new laptop. 

Later we'll wipe his infected hard drive and reload his operating system, Windows. This should clean out the infection. 

Online backup salvation 

He was lucky. He was using an online backup service, which I can't recommend highly enough for all my clients, especially businesses. I recommend Mozy.com. 

Test your backups 

Be sure to test your online backup at least monthly by restoring one or more of the backed up files. 

You can read more about ransomware on my blog post here: 

https://cybersecurity808.blogspot.com/2015/06/watch-out-for-ransomware-attacks-theyre.html

And here's a recent article on a ransomware attack in Indiana:

http://arstechnica.com/security/2016/11/indiana-county-government-shut-down-by-ransomware-to-pay-up/

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.

*93% of all phishing emails contain encryption ransomware, per PhishMe, Q1 2016 Malware Review, June 2016.

Don't Mix Personal and Business Email

Don't Mix Personal and Business Email

Those of you in business know about the best practice of keeping separate personal and business bank accounts and credit cards. Any accountant will tell you this is a no-no for several reasons. 

It's best to follow this no-mix approach for email too. Limiting our business email accounts to business matters only, including creating spam and filter lists that black-list all non-business correspondence, will reduce the threats of malware and hacking.   

Will-nilly email sending
Why? Because of the willy-nilly approach many users take to opening, sending, and forwarding potentially unsafe emails (I'm guilty too!), you increase your risk of mixing those types of missives in your in-box with important business email. Some malware and hacks that gain a foothold on your computer via email can wipe out data, take over the email account, and infect the email program or browser. 

I'm not suggesting the business, professional, and governmental world does not bat around junk email and infected messages. But the variety and exposure is generally more limited. This is partly because many institutions have strict email use policies and stringent filtering of inbound and outbound email. This is largely not true for the personal email user. 

How to un-mix the accounts
The easiest remedy to un-mix your email - if you don't already have a personal email address - is to create a free gmail account. Choose a non-identifying address, one that doesn't include your name or pointers to who you are. For example, you can refer to a hobby (passion) like fishing: live.to.fish808@gmail.com. (It's easy to add a gmail account to your phone or tablet after set up in a web browser on a computer.)

Once you create the new email, notify all friends and family to send email only there. Re-route any subscription or online shopping accounts to that address too, or create a new email for that type of thing.

Filter your business mail
Then in your business email account/program, set up a filter to block anyone not in your business contacts list.  

The joy of a smaller inbox
One joy you will notice from doing this is your business email in-box will shrink dramatically. And you'll not be distracted by the noise of non-business messages. 

Personal email browser
As for your personal email, you can keep it handy in a browser window, which you can flip to when you like. If using gmail for your personal email, I recommend using Google Chrome. If you're already using Chrome for your business email, then I suggest using Firefox for the personal account. A better practice is to not access personal email on a work computer; use a personal laptop, tablet, or phone. 

Related article
You may also like to read my post about segregated web browsing, which dovetails with this article. 

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Use System Restore to Fix Your Windows Computer

Use System Restore to Fix Your Windows Computer

There are plenty of glitches that can plague our Windows computers, malware being just one. Programs break, drivers break, we users make unhelpful changes, etc. 

System Restore - the magic undo

The good news? There is a magic “undo” feature in Microsoft Windows – it’s called System Restore. It’s bailed me and my clients out of difficulties many times. And when you've been hit by malware you can use this to repair your computer before removing the infections with a security scanner. 

If you’ve used System Restore, you may recall your delight when it did its magic. If it’s new to you, let me explain.

A simple approach

Of course there are more detailed ways of diagnosing and remedying hardware and software problems, including malware infections. But if things were fine one day, and the next they’re not - and you don’t recall changing anything - System Restore is a handy tool.

To use it, locate the Run box after clicking your Start button (Windows 7), or type Run in the Windows search box (Windows 8 or 10). Then in the Run box type rstrui.exe, then click OK.

No change to data - but back up anyway

System Restore will launch. Click Next, then locate a recent restore point prior to the day you started having issues. Note: any programs or updates you installed after that date will be removed, but none of your data will be changed. (Nonetheless, it’s best to back up important data before running System Restore.)

Before running System Restore, close all open programs and save all work. Allow anywhere from 5-15 minutes for the Restore process.  

The computer will reboot and present your Windows login screen, and report whether System Restore succeeded or failed.

Creating a Restore Point

A proactive approach to take with System Restore is to set a Restore Point when things are working well. Open the Control Panel, then type Restore in the Search box. Then select Create a restore point. Choose your Windows drive (usually C). Then click Create and name the Restore Point.

Once this Point is created, you can roll back to this in the future should your computer be throwing a fit. (If it’s throwing a big fit, you may have to run System Restore from the command prompt in Safe Mode, but that’s another story.)

Deeper malware removal

If you're running System Restore to aid in malware removal, after Restore is done, go to your Programs in the Control Panel and remove any suspicious characters, sorting by date - a clue being programs you didn't intend to install. 

Then run malware removal scans by using programs like Malwarebytes. 

Restore doesn’t fix all problems, but it’s an easy “go-to” when you want a quick return to smoothing sailing after rough waters.   

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

More Conscious Clicking

More Conscious Clicking

What's the issue?
Living much of our lives on computers has programmed us to be adept clickers of the mouse. But we have become so adept we're clicking reflexively when it would behoove us to be more deliberate, especially clicking weblinks. 

Why should you care?
Clicking weblinks without thinking can get us into big trouble, as one little click can cause a computer infection, or worse yet, a completely hijacked machine. 

How to protect yourself?
Stop.Think.Connect. This is a campaign run by the federal government to help citizens be safer online. It's managed by US-CERT, the United States Computer Emergency Readiness Team. 

Here are some security tips I have culled and adapted from their website. The tips go beyond mouse clicking, which is a form of connecting, to other considerations. 

• Do NOT open emails, links, or attachments from strangers. When in doubt, delete. If the message is important enough, the person will call. 

• Make your passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase). Use at least 8 characters. Some can be word or phrase conversions to help you remember. For example, "I love Fido" (your dog, named Fido) becomes iL@v51do. Get creative, but be sure to remember your passwords. I recommend lastpass.com to help with the chore of creating and storing passwords.  

• Change your passwords regularly (every 45 to 90 days). If you access a server at work, consult with your network administrator.

• Do NOT give any of your usernames, passwords, or other computer/website access codes to anyone.

• Do NOT install or connect any personal software or hardware to your organization's network without permission from your IT department. This includes USB jump drives, which can contain viruses. 

• Make electronic and physical back-ups or copies of all your important work. You can scan documents. You can copy docs and keep a copy stored somewhere securely off-site. 

• Report all suspicious or unusual problems with your computer to your IT department or consultant ASAP. The sooner security breaches are dealt with, the less damage will be done. 

When should you do it?
Start your more careful computing habits right away. Implement one new security tip or practice each day. Forming good habits will help prevent bad things from happening to your confidential data and your computer. 

Where can you find more info on this topic?
For more details, please check the CERT website.

Who can help?
If some of the recommendations are too techie for you, it may be best to hire an IT consultant to get the job done. You'll sleep better after. 

In Sum
We are not completely at the mercy of computer criminals. We can up the odds of security by making many small changes in our computer use. One place to start is being more careful before clicking any weblink. 

Thanks for reading. You're feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.