secure email image

Email Scams & Email Security

Email Scams

I received a phone call today from a gentleman (who shall remain anonymous) regarding email scams and concerns with regard to email security, stating that he had received a threatening email claiming “to have set up malware on an adult web site that was recording the gentleman through his webcam”. The email was received on his work email address and he was obviously embarrassed at the content and concerned; even though he hadn’t been watching/viewing adult websites; he was embarrassed to mention it to his IT department (as he didn’t think they would believe his innocence). He had remembered reading an article recently by Digital Pathways, where we had alerted people to this scam. He had called for advice and I guess some reassurance. Here are the links to the articles in EssexLive, Daily Mail & The Mirror

These scams are malicious and can have a devastating effect. Our previous articles state that there have been instances whereby people have committed suicide as a result of these horrible threats and perfectly stable relationships have broken down.

It is thought that around £30 Million per year could be made from threatening innocent people. If you pay the demand you will undoubtedly receive more unsubstantiated threats and demands for payment.

Our recommendation is to ‘delete’ the email. If you feel comfortable doing so, then report it to your IT department, they can then decide if they want to investigate further and put the necessary defences in place to block future emails from the sender.

“DO NOT PAY THE DEMAND”

This leads me to email security in general; and some basic recommendations on how to stay safe.

  1. Learn to recognise fake emails and websites (see a more detailed description on how to do this below)
  2. Recognise incorrect URL’s
  3. Do not use unsecured websites (Look out for the padlock symbol in the URL bar)

Recognising malicious and fake emails.

  1. Firstly, check the email address of where the email is coming from. Email scammers can use extremely clever ways to make it look like the email is coming from a legitimate sender by creating similar looking email addresses or by masking the email sender under a legitimate address. The simplest way to check this is by hovering over the email sender. Does the address match the genuine address? The spoof email addresses are usually quite unusual underneath.
  2. Recognising incorrect URL’s – the links in spoof emails usually don’t match the genuine URL’s of legitimate websites, again these can be checked by hovering over the link. If you are unsure DO NOT CLICK ON THE LINK!
  3. Genuine websites will have the padlock symbol, especially if they are from well-known brands or official sites; like Banks & Government web sites.

2 out of 3 Phishing attempts use malicious links and over half contain malware. Please be vigilant. If you are unsure please contact the official company/contact direct.

Companies can and should invest in a security solution that can identify an attack and stop it before it reaches your inbox. For more information on Email Security and you can check out some of your other options here.

internet connected devices

New Year, New Gadget?

Given a security camera or voice-activated device this Christmas?  Here’s what you need to know!

The ultimate Christmas present and just what you always wanted, a voice-activated device to cater to your every command and a security camera tool to help keep you, your family or your business safe.

Hoorah!

You’ve set them up and are enjoying making use of their many benefits.

If you work from home or are using your new connected device in a corporate environment, please be aware.

Do you know who else is using them too? 

No, not other members of your family, not even friends. Total strangers, hackers, yes, hackers!

There have been several reported incidents recently, mainly in the USA, where hackers have gained access to these devices and have been able to monitor activity within the home and even to speak directly to children in their own bedrooms. Very scary stuff indeed.

Such devices are often not designed with security as a key feature as it is not as sexy as having a high-resolution camera or massive storage capabilities. Also, a low price point, when it comes to sales, means features are removed and sadly, security is often one of those to go or to be reduced in scope or quality.

So, if you have been the recipient of such a device, here are some essential steps to take, in order to ensure the hackers don’t invite themselves into your home.

  1. Check your security settings. Any quality device will allow you to view the security options and make changes. Never leave a device at ‘factory settings’ as these are the starting point for any hacker attack.
  2. Look at the passwords you are using.  Passwords should be strong, that is to say that they should, ideally, be long, include upper and lower case letters, numerals and special characters.  Try to avoid personal information and do not fall into the trap of opting for your birthday or pets name!  Default passwords should be changed immediately.
  3. And, ensure that you regularly review and change your passwords.
  4. If you find it hard to think of suitable passwords or have difficulty in remembering them, try using a password manager such as LastPass. These services can generate strong passwords for you as well as storing them, where only you have access.
  5. Definitely establish two-factor authentication security, if an option. This process involves you not only entering a strong password but also a unique, one time used password, which is sent via text or a code and taken from your Smartphone.  This code is then used to establish your identity. These password generators are often free and are available from many companies such as Google and Microsoft.
  6. A voice-activated device will usually connect to your internal network to gain access to the worldwide web, so always check your router settings and ensure you have enabled strong passwords and encryption (you will see terms such as WEP in your settings for the encryption).
  7. Be aware of any device being activated in an unusual or unexpected manner. If you have not sent instructions for it to do something, it is possible that someone else did.
  8. Check your router’s activity log to see if any device is communicating out to the world wide web. This could indicate your device has been compromised and is sending out your personal data. Or, it could be being used along with thousands of other devices to be used to attack other web sites, as was the case with Spotify, Netflix, and PayPal, who were temporarily shut down due to such an attack.
  9. Switch off any features you don’t need on a device or router such as remote access. Many options appear as default settings. The less that are enabled, the smaller the attack footprint there will be.
  10. Change the device or router name so it does not identify the manufacturer or ISP, this makes it harder to identify from the outside. Also never use your surname or address as an identifier, this will expose your personal information which could be used against you

Words of wisdom from Colin Tankard, our Managing Director at Digital Pathways,

“These voice-activated devices have become commonplace in many of our homes and are a useful and helpful addition. However, we must consider their downsides too. Remember, many of these devices are driven by voice command and consequently, are also listening. There have been accusations of companies ‘listening’ in, storing data in order to send through tailored advertisements.”

“A voice-activated device and systems that monitor activity, such as CCTV, are good at alerting you to intruders but they are two-way and can be used by outsiders to watch you. So when installing these, consider not only all of the security steps above but also, where you locate them. If your device is compromised you might not want your bedroom or bathroom activities seen!

“Such technology is only likely to grow and evolve.  The onus of keeping safe must rest with us. Employ the simple password control strategy backed up with two-factor authentication and you are in a much safer space.”