Email Trick or Treat

Email Trick or Treat

Halloween is coming soon. I can't wait to see the kids in their costumes and the haunted yard displays in our area.
 
Trick or treat also brings something else to my mind: Every single email that arrives in your inbox.
 
Treat or trick? Yes, that's the issue - every time you check your in-box you have to determine if any particular email is a treat, that is, something you do want, expected, or appreciate. Or if it's a trick - a phishing email trying to con you.

Phishing for suckers (aren't we all)
Phishing, the practice of scammers using email (or text messages) to dupe you into giving them confidential information or infect your computer, has been growing rapidly over the past few years.

When in doubt, throw it out! 
If you suspect a trick email, delete it. Or if you're on the fence because it looks legitimate, like from a friend, colleague or reputable business, call them up. Not from a number provided in the email, but using their actual number of record. 

Scrutinize those weblinks!
The most common way crooks will try to scam you is by sending an enticing email that includes a weblink, which may look legitimate until further inspection.

Many spam filters and security programs will trap such threats. But because big money can be made, the fiends are getting increasingly canny with their lures. So you need to depend on your own wariness, not just your software defenses.
 
Our brain jacked into tech flow
I think it's relevant to consider the psychology of computer use (including phones, tablets, etc.) so we understand how we can be conned. Our tech devices encourage efficient use because they work so fast and reward us so quickly for the many worthwhile things we do on them. 

For example, if you're efficiently working through emails, reading, responding, filing, etc. at a certain pace you may not be in a defensive state of mind. You're in a flow. And a well-crafted phishing email can exploit this guard-down flow state. 

Back out while you still can!
But just clicking the link doesn't mean you're immediately infected or fully exploited. Often the criminals want you to login to a bogus site so they can steal your username and password, or provide a form you can fill in. The good news is you can stop right there.Don't input any info.

If the weblink tries to infect your computer or device and you see something suspicious happening, like an unusual pop up window (which often quickly occurs after an infection), you can shut off the computer, unplug the modem and router, and get local tech support before the exploit worsens. 
  
This scenario is like being exposed to a virus or bacteria: the sooner you take action to treat it, the higher the success rate. 

Spread the word
Below is an informative site about phishing. If you're in a company you might want to print some of the recommendations from this site and share with staff or post on a wall. It's important we all get smart about phishing prevention.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Thanks for reading!
-Sam

Beware of Click and Tap Fever

Beware of Click and Tap Fever

Living much of our lives on digital devices has programmed us to be adept clickers of the mouse or tappers of the finger. Kids especially do this at lightning speed!

But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.

Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)

So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete.  If the message is important enough, the person will call, or you can call them.

Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.

Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.

The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)

https://www.dhs.gov/stopthinkconnect

Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.

I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.

Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software. 

Here's the site: https://www.malwarebytes.com

After you buy and install it, close all programs on your computer and run a full scan, including your external drives. 

Wishing you a safe day in cyberspace!

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

More Conscious Clicking

More Conscious Clicking

What's the issue?
Living much of our lives on computers has programmed us to be adept clickers of the mouse. But we have become so adept we're clicking reflexively when it would behoove us to be more deliberate, especially clicking weblinks. 

Why should you care?
Clicking weblinks without thinking can get us into big trouble, as one little click can cause a computer infection, or worse yet, a completely hijacked machine. 

How to protect yourself?
Stop.Think.Connect. This is a campaign run by the federal government to help citizens be safer online. It's managed by US-CERT, the United States Computer Emergency Readiness Team. 

Here are some security tips I have culled and adapted from their website. The tips go beyond mouse clicking, which is a form of connecting, to other considerations. 

• Do NOT open emails, links, or attachments from strangers. When in doubt, delete. If the message is important enough, the person will call. 

• Make your passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase). Use at least 8 characters. Some can be word or phrase conversions to help you remember. For example, "I love Fido" (your dog, named Fido) becomes iL@v51do. Get creative, but be sure to remember your passwords. I recommend lastpass.com to help with the chore of creating and storing passwords.  

• Change your passwords regularly (every 45 to 90 days). If you access a server at work, consult with your network administrator.

• Do NOT give any of your usernames, passwords, or other computer/website access codes to anyone.

• Do NOT install or connect any personal software or hardware to your organization's network without permission from your IT department. This includes USB jump drives, which can contain viruses. 

• Make electronic and physical back-ups or copies of all your important work. You can scan documents. You can copy docs and keep a copy stored somewhere securely off-site. 

• Report all suspicious or unusual problems with your computer to your IT department or consultant ASAP. The sooner security breaches are dealt with, the less damage will be done. 

When should you do it?
Start your more careful computing habits right away. Implement one new security tip or practice each day. Forming good habits will help prevent bad things from happening to your confidential data and your computer. 

Where can you find more info on this topic?
For more details, please check the CERT website.

Who can help?
If some of the recommendations are too techie for you, it may be best to hire an IT consultant to get the job done. You'll sleep better after. 

In Sum
We are not completely at the mercy of computer criminals. We can up the odds of security by making many small changes in our computer use. One place to start is being more careful before clicking any weblink. 

Thanks for reading. You're feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.