Email Trick or Treat

Email Trick or Treat

Halloween is coming soon. I can't wait to see the kids in their costumes and the haunted yard displays in our area.
 
Trick or treat also brings something else to my mind: Every single email that arrives in your inbox.
 
Treat or trick? Yes, that's the issue - every time you check your in-box you have to determine if any particular email is a treat, that is, something you do want, expected, or appreciate. Or if it's a trick - a phishing email trying to con you.

Phishing for suckers (aren't we all)
Phishing, the practice of scammers using email (or text messages) to dupe you into giving them confidential information or infect your computer, has been growing rapidly over the past few years.

When in doubt, throw it out! 
If you suspect a trick email, delete it. Or if you're on the fence because it looks legitimate, like from a friend, colleague or reputable business, call them up. Not from a number provided in the email, but using their actual number of record. 

Scrutinize those weblinks!
The most common way crooks will try to scam you is by sending an enticing email that includes a weblink, which may look legitimate until further inspection.

Many spam filters and security programs will trap such threats. But because big money can be made, the fiends are getting increasingly canny with their lures. So you need to depend on your own wariness, not just your software defenses.
 
Our brain jacked into tech flow
I think it's relevant to consider the psychology of computer use (including phones, tablets, etc.) so we understand how we can be conned. Our tech devices encourage efficient use because they work so fast and reward us so quickly for the many worthwhile things we do on them. 

For example, if you're efficiently working through emails, reading, responding, filing, etc. at a certain pace you may not be in a defensive state of mind. You're in a flow. And a well-crafted phishing email can exploit this guard-down flow state. 

Back out while you still can!
But just clicking the link doesn't mean you're immediately infected or fully exploited. Often the criminals want you to login to a bogus site so they can steal your username and password, or provide a form you can fill in. The good news is you can stop right there.Don't input any info.

If the weblink tries to infect your computer or device and you see something suspicious happening, like an unusual pop up window (which often quickly occurs after an infection), you can shut off the computer, unplug the modem and router, and get local tech support before the exploit worsens. 
  
This scenario is like being exposed to a virus or bacteria: the sooner you take action to treat it, the higher the success rate. 

Spread the word
Below is an informative site about phishing. If you're in a company you might want to print some of the recommendations from this site and share with staff or post on a wall. It's important we all get smart about phishing prevention.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Thanks for reading!
-Sam

Beware of Click and Tap Fever

Beware of Click and Tap Fever

Living much of our lives on digital devices has programmed us to be adept clickers of the mouse or tappers of the finger. Kids especially do this at lightning speed!

But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.

Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)

So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete.  If the message is important enough, the person will call, or you can call them.

Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.

Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.

The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)

https://www.dhs.gov/stopthinkconnect

Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.

I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.

Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software. 

Here's the site: https://www.malwarebytes.com

After you buy and install it, close all programs on your computer and run a full scan, including your external drives. 

Wishing you a safe day in cyberspace!

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

We Have Met the Enemy and He is Us

We have met the enemy and he is us

If you're doing your best to keep your computer protected from cyber attacks - using a router firewall, running security software, keeping software current, etc. - please be aware, the main threat is closer at hand. 

That threat is you. And by you, I mean all of us end users, sitting between the system and the keyboard. In most attacks, we are the primary means of exploit. 

Social engineering
In many cases, cybercriminals prey upon our good nature to gain access to our computers and/or our private information. A term used to describe this is "social engineering." 

Examples of social engineering include: phone calls to our homes or businesses offering bogus computer tech support; calls pretending to be an institution we belong to; or even calls supposedly from charities. These approaches are tried via email too, in which case they're called "phishing" attacks.  

Don't be polite
Suspicion is the name of the defensive game here. Don't feel the need to be polite when you sense you're being probed in this manner. Disengage from the phone call. Delete the email. Close the webpage. 

Take action
If you feel you may have been scammed, contact the actual institution or business immediately to notify them. If you feel an online account has been compromised, change your password at once. If your computer has been hacked turn it off, unplug from the Internet, and call trusted local tech support asap. 

In sum, to quote that famous Pogo cartoon line: "We have met the enemy and he is us." We have to change our behavior to keep ourselves safer from cybercrooks. All the software and hardware filters we use are just aids and deterrents, not final solutions.   

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

The Hazards of Spam

The Hazards of Spam

Spam used to be merely an annoyance: junk email ads for meds, romance, degrees, etc.  Now it has graduated from annoyance to outright danger. The links provided in spam can lead you to a poisoned website where hackers are positioned to infect your computer.  

A tool of hackers
The hacker-run sites may be interactive - enticing you to click something to take further action, which infects your computer. However, in some cases just visiting the site could plague your computer with browser hijacking or a Trojan download. So, as you've heard from me and other IT pros, be very, very suspicious of each and every email you get. When in doubt, delete it!      

How did the spammers find you?
You might be wondering how spammers get your email. There are several sources: chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books to name a few. A certain class of bots, referred to as "collection bots" also sends spam to entire domains in order to identify the non-bouncing email addresses, which are then added to a commercial spam database. Nice, huh?

How do the spammers make money? 
It used to be that if a small percentage of users clicked the junk mail, and then purchased the product advertised, that would suffice. The cost of business for spamming is very low, as millions of prospects can be reached by sending numerous bulk emails. Now, as mentioned above, spammers and their network affiliates can make money from hacked computers too, including using ransomware attacks. 

Why can't they be caught and punished?
Spammers distance themselves from law enforcement by operating overseas and by using botnets of infected computers for spam distribution. There are millions of computers worldwide controlled by botnets. Those computers belong to people unaware their computers have been compromised. 

Is yours one of them? I suggest that you thoroughly scan your computer after reading this article with at least two scanners, such as Kaspersky or Malwarebytes. 

What can you do?
How can you protect yourself from this onslaught of spam? One way is to limit your exposure online. Be careful which websites you give your email to.  And consider creating an anonymous-looking email address (nothing to identify you) that you can use for email not relating to work, family and close friends, or trusted financial institutions or ecommerce sites. For example, if you'd like to subscribe to news services, games sites, or social or political causes, use the anonymous email. 

It's also best to use a spam filter in your email program, and set it to aggressive. Just make a habit of checking it so you don't miss any important messages. As for any undesirables that slip through the filter, just mark them as spam and they should not reappear. 

Open a new email account
If you just can't seem to screen out the volume of spam you get, it's best to open a new email account, and only give it to those contacts in the spam-barraged account you care to maintain contact with. Then just check the old account once a week to see if you're missing anything. But never respond to emails from it. 

It takes some effort, but you can fight back against the spam industry.  

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Don't Mix Personal and Business Email

Don't Mix Personal and Business Email

Those of you in business know about the best practice of keeping separate personal and business bank accounts and credit cards. Any accountant will tell you this is a no-no for several reasons. 

It's best to follow this no-mix approach for email too. Limiting our business email accounts to business matters only, including creating spam and filter lists that black-list all non-business correspondence, will reduce the threats of malware and hacking.   

Will-nilly email sending
Why? Because of the willy-nilly approach many users take to opening, sending, and forwarding potentially unsafe emails (I'm guilty too!), you increase your risk of mixing those types of missives in your in-box with important business email. Some malware and hacks that gain a foothold on your computer via email can wipe out data, take over the email account, and infect the email program or browser. 

I'm not suggesting the business, professional, and governmental world does not bat around junk email and infected messages. But the variety and exposure is generally more limited. This is partly because many institutions have strict email use policies and stringent filtering of inbound and outbound email. This is largely not true for the personal email user. 

How to un-mix the accounts
The easiest remedy to un-mix your email - if you don't already have a personal email address - is to create a free gmail account. Choose a non-identifying address, one that doesn't include your name or pointers to who you are. For example, you can refer to a hobby (passion) like fishing: live.to.fish808@gmail.com. (It's easy to add a gmail account to your phone or tablet after set up in a web browser on a computer.)

Once you create the new email, notify all friends and family to send email only there. Re-route any subscription or online shopping accounts to that address too, or create a new email for that type of thing.

Filter your business mail
Then in your business email account/program, set up a filter to block anyone not in your business contacts list.  

The joy of a smaller inbox
One joy you will notice from doing this is your business email in-box will shrink dramatically. And you'll not be distracted by the noise of non-business messages. 

Personal email browser
As for your personal email, you can keep it handy in a browser window, which you can flip to when you like. If using gmail for your personal email, I recommend using Google Chrome. If you're already using Chrome for your business email, then I suggest using Firefox for the personal account. A better practice is to not access personal email on a work computer; use a personal laptop, tablet, or phone. 

Related article
You may also like to read my post about segregated web browsing, which dovetails with this article. 

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Reduce Hacker Risk - Use Mobile Devices for Online Work, PC for Offline Work

Reduce Hacker Risk - Use Mobile Devices Online, PC Offline 

What's the issue?
Many of my clients are multi-device users. That is, they have a smartphone, a tablet, and a laptop or desktop, at least. They use them all for email, web surfing, and social networking. Often the laptop or desktop is primarily used for offline activities and larger programs such as bookkeeping, gaming, word processing, photo editing, and music library management. 

I'm beginning to recommend to my clients that they can reduce the risk of computer hacks by not using Windows-based systems for the web or email. In other words limit email, social networking, and most web surfing to phones and tablets. 

Why?
Because most hacking occurs via web browsers and emails, targeting Windows-based computers. These hacks occur when user land on certain websites, click weblinks in emails or on social networking sites, and open infected emails. If you don't do these activities on your Windows computer, you likely won't get hacked. (Macs are inherently more secure and so far not widely targeted.)

You still have to be careful about phishing exploits, which can trick you to reveal confidential information on any device. If you'd like to educate yourself on phishing, here's one site to check. 

As a bonus, you should notice improved computer performance. Why? Because having browsers open (especially more than one, with several tabs in each) can slow down the system.  

How to limit web and email use on your PC?
Start by limiting web use to recognized secure sites like your bank, amazon.com, and reading news at legitimate sites like cnn.com. While on your computer you can download updates to your photo-editing software, your bookkeeping program, etc. because the updates come directly from the software vendor. The same goes for updating banking data in your bookkeeping program, which links securely to your bank. 

Here's a recommendation for company managers: If your organization depends on staff using the web and email for work, you can at least prohibit access of non-work-related websites. Here's a template your organization can adapt concerning acceptable use of its computers.

When should you do it?
Try this approach for a few days: Don't do any email or social networking on your computer. Ask yourself how it's working for you. Perhaps you can tweak my recommendation for your purposes. 

I know what I'm proposing seems extreme, but trying it will at least bring more awareness to how you use the Internet and what risks you're taking.

Where can you find more info on this topic?
If you'd like to get more educated about the most common online threats, check out this article by Symantec.

Who can help?
You may want to hire an IT consultant--especially if you run a business--to learn how you can reduce your exposure to online hacking threats. It can be money well spent, as business data connected via your network to the Internet (most always the case) is at risk. 

In Sum
Knowledge is power. Keep educating yourself on computer security, take appropriate action, and you will reduce threats to your confidential data. 

Thanks for reading. You're feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.