June. 26, 2020
1:00-2:00AM PST
With more than 1.5 billion active users worldwide, Google's Gmail currently dominates the email provider market and has grown leaps and bounds since its inception in 2004. And professionally, Google's G Suite service is utilized by more than 5 million companies, empowering businesses across countless industries to communicate, collaborate, and share important files, documents, etc. every day. In 2020, the platform is both frequented and beloved for the convenience and efficiency that it offers users.
Unfortunately, Gmail does not provide adequate data protective measures. By performing regular scans of user emails and gathering data to inform advertisers, Google ultimately puts users' utmost sensitive and valuable information in jeopardy. Although many users have come to brush this fact off, in some cases, deeming it a harmless, unavoidable part of technological life, emails in transit can become intercepted by third parties with the potential to become leveraged for malicious purposes. Although seamless and built-in, Gmail's S/MIME (Secure/Multipurpose Internet Mail Extensions) and TLS encryption options are lacking, only working correctly if both the sender and recipient are equipped with it. Without proper email encryption enabled, confidential attachments pertaining to business, financial, and even personal information might fall into the wrong hands. Thankfully, third-party encryption software is available to ensure the security of all attachments and messages transmitted via Gmail.
Confidential Mode in Gmail
To boost email security offerings, Gmail rolled out its confidential mode option in 2018, allowing "users to send emails that recipients can't forward, copy, print, or download." Although the name of this security method evokes a sense of heightened data safety and confidentiality, in actuality, it effectively provides neither. With confidential mode enabled, users are also empowered to generate passcodes, activate message expiration dates, and rescind recipient access to specific emails. Thus, Gmail's confidential mode thwarts any sharing -- whether accidental or otherwise -- on the part of the email's recipient. And a recipient that intends to share an email's messages or attachments with unintended viewers is not prevented from doing so with ease via a simple screenshot. Furthermore, this security mode does not offer end-to-end encryption, permitting Gmail and additional providers to scan and collect email contents.
How to Encrypt Your Emails and Attachments
The attachments shared via email are often just as sensitive, or potentially more so than their corresponding messages. End-to-end encryption masterfully encrypts an email's contents while in flight and at rest, ridding emails of most security vulnerabilities. Undoubtedly, this makes end-to-end encryption the most secure method of email encryption, as it protects the user's valuable messages, files, documents, etc. Although Google has often entertained the conversation around implementing end-to-end encryption on Gmail, it has failed to do so as of yet. Gmail offers users a few added security options at a price. Still, to fill the void left behind by Google, several third-party encryption services have stepped up to offer their own applications and extensions.
Upgrade Your Account
In order to upgrade the data security which operates within your email account, one might consider upgrading their Gmail account from the free model to one of the platform's paid offerings. Both the G Suite Enterprise and G Suite Education plans provide S/MIME encryption. A step up from the standard TLS encryption provided by Google, which performs automatic encryption on all outgoing emails, S/MIME encryption enables users to encrypt emails with keys unique to the user and are required to be shared with the intended recipient. Users of either of Gmail's paid models can discern the level of encryption being employed by any given email.
With this being said, S/MIME encryption can only be successful if exercised by both the sender and the recipient. In other words, an email, even if sent utilizing S/MIME encryption, will remain unencrypted if the intended recipient uses an email provider free of encryption. And to top it off, S/MIME does not prevent Google's scanning of emails for advertising data collection.
Find Another Email Provider
For those transmitting highly sensitive, confidential, or classified data via email, Gmail might not be a suitable fit. Although creating and transitioning to a new email account can be burdensome, it may help to achieve the level of security that is necessitated by your business, personal affairs, etc. It is critical to be incredibly diligent when researching a new email provider to ensure that this switch will be permanent and provide the desired privacy and data protection. Along with end-to-end encryption, the most secure email provider should offer guaranteed encryption, no matter the recipient's provider, as well as a zero-knowledge policy.
Use Encryption Software from Trustifi
In order to securely use Gmail, email attachments must be encrypted before being sent. By doing so, in the event that an email is intercepted and/or forwarded by a malicious actor, the attachments will remain encrypted, rendering them useless to cybercriminals, hackers, and other third-party entities. However, discovering the most streamlined, user-friendly, and efficient method of email encryption does not have to be a daunting task. While the encryption solutions provided by Google seem to miss the mark and most third-party plug-ins are challenging to use, users who intend to stick with Gmail can seek the assistance of an encryption software provider.
Trustifi is a comprehensive email security platform that offers cost-effective and versatile encryption options to a variety of clients, spanning virtually all industries, including highly regulated ones like: Pharmaceutical, Healthcare, Financial, Legal, and Real Estate. As an add-on extension, Trustifi integrates seamlessly with Gmail. And with NSA-grade end-to-end email encryption and secure mobile relay, Trustifi delivers user-friendly, complete protection for both incoming and outgoing messages to all clients. Moreover, Trustifi's customizable encryption solutions enable clients to recall, block, modify, and set expirations on previously sent and received emails. Trustifi also allows clients to prevent the printing and removal of metadata from email attachments. Overall, Trustifi's encryption solutions provide Gmail users with unmatched visibility and security measures, enabling increased oversight and peace of mind.
Conclusion
Email messages and attachments landing in the wrong hands is not an uncommon occurrence. And "this is especially frightening because email remains the most popular business communication method, which puts millions of companies at risk of both reputational and financial loss." Highly sensitive data in the form of business presentations, contracts, agreements, mock-ups, and the like are sent and received via email every day. And typically, once such emails are sent out, users lose control over these attachments entirely.
Fortunately, email encryption software and solutions like those provided by Trustifi are here to help, serving as the user's first line of defense against email data breaches and malicious interceptions. With Trustifi's NSA grade end-to-end email encryption services, clients can rest assured that any attachments sent and received via Gmail will be secured, protected, and only accessed by intended viewers.
References
“How to Easily Encrypt and Track Your Gmail Attachments.” Digify, 26 May 2020,
digify.com/blog/encrypt-gmail-attachments-digify.
Simpson, Eva. “How to Send Secure Email Attachments in Gmail.” NordLocker, NordLocker, 15
Nov. 2019, nordlocker.com/blog/how-to-send-secure-email-attachments-in-gmail/.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
June. 16, 2020
1:00-2:00AM PST
Email continues to experience immense growth in popularity -- for business and personal uses alike. And as more and more individuals worldwide continue to navigate their transition to remote work -- however permanent or temporary that might be -- email has only become more heavily relied upon, replacing lengthy in-person meetings and in some cases, phone calls. As a result of this switch, the contents of emails are growing increasingly sensitive. With that being said, it is imperative that businesses, their employees, and business associates ensure that any private information sent or received via email is properly and thoroughly secured. With the help of email encryption, individuals can avoid the negative effects of phishing, spoofing, and malware that are, unfortunately, often mobilized via email. Overall, email encryption can provide users with the necessary security to protect this vector of communication from potentially dangerous vulnerabilities.
What is Email Encryption?
When individuals include sensitive information -- like bank account numbers, social security numbers, usernames, passwords, etc. -- in emails, this data can be vulnerable to malicious actors. In order to prevent this valuable data from landing in the wrong hands, individuals are advised to turn to an email encryption service. Through email encryption, an email’s contents are disguised, protecting them by making them illegible to hackers, cybercriminals, and other unintended parties. Thus, when enabled, email encryption makes it so that all encrypted emails can only be accessed by their intended senders and recipients.
Email encryption is carried out with the use of public key infrastructure (PKI), which effectively encrypts and decrypts email contents. Senders and recipients are assigned digital codes that serve as both public and private keys. Public keys encrypt email contents and are “stored on a key server along with the person’s name and email address, and can be accessed by anyone.” On the other hand, private keys decrypt email contents and are stored in a secure and private location within the sender’s device that is only accessible to that individual. Private keys can also serve as the sender’s digital signature and thus, confirm the email’s origins and provide the recipient with peace of mind.
Why is Email Encryption Important?
Email encryption is an individual’s first line of defense against email data breaches. When an email is encrypted, its contents become scrambled and entirely illegible to any and all individuals who are not intended to access them. With that in mind, even if an email is intercepted, the encrypted contents are rendered completely useless to malicious actors. According to Panda Security, more than 13 billion data records have been lost or have become victims of theft since 2013. Such data breaches can be extremely costly to individuals and companies, in terms of both time and money. This is due to the fact that pinpointing the source of a data breach can be an especially arduous task, and containing these breaches is typically not a much easier one. However, by enabling email encryption, individuals can secure their sensitive data and steer clear of such disadvantageous circumstances.
How to Secure Email Using S/MIME Email Encryption Certificates
There are many avenues of email encryption available to businesses and individuals. However, S/MIME email encryption is one of the two most popular variations of email encryption protocol. Already built into the majority of OSX and iOS, S/MIME email encryption depends on a central authority that determines particular encryption algorithms. Moreover, S/MIME is also a built-in feature supported by many web-based email providers, most notably Gmail, Apple, and Outlook. And S/MIME functions as a more automated option for email encryption, creating the necessary key code for the use, rather than requiring the user to create it.
How S/MIME Works
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an email signing protocol that serves as an incredibly effective way to encrypt emails that might contain confidential business or sensitive personal information. This is due to the fact that S/MIME email encryption “uses asymmetric encryption to protect your email data both in transit and when it’s at rest… [, meaning that] you use a public key to encrypt the email data and your recipient uses a matching private key to decrypt it.” So, when a sender creates an email that is encrypted using S/MIME, the unencrypted contents (text, files, documents, etc.) of that email are encrypted using the recipient’s public key. Once the email makes its way to its intended recipient, the recipient’s private key is utilized, to decrypt or unscramble the contents, reverting the email back to it’s original “plaintext” form. Consequently, S/MIME email encryption supplies data protection for emails, both while in flight and at rest.
Moreover, S/MIME encrypts email content via the utilization of certificates. These certificates act to secure email correspondence, utilizing cryptography to protect them from being accessed by hackers, cybercriminals, or other malicious actors. Additionally, S/MIME certificates validate sender-identity, for all practical purposes, by providing timestamped digital signatures. In doing so, S/MIME certificates encrypt emails prior to them being sent out, whether to a mail server or onto the World Wide Web, as well as decrypt those same emails once they arrive at their intended destination. Thus, by certifying file credibility and legitimacy, S/MIME certificates encourage, expedite, and secure the process of file sharing online.
Step by Step: How to Send Encrypted Email on Three Mail Clients
In order to protect confidential and delicate data from landing in the hands of a hacker, cybercriminal, or other malicious actors, it is crucial to enable email encryption. Lucky for modern device users, many web-based email providers are already equipped for S/MIME encryption. No matter the platform or provider used, first thing’s first: users are required to obtain an email encryption certificate. Such certificates can be purchased, either from a certificate authority or a trusted seller. Following the purchase, the certificate must be installed onto the email platform.
How to Send an Encrypted Email in Gmail
Unfortunately, Gmail has failed to fulfill its promise of end-to-end email encryption for its users. But, luckily for Gmail users, this web-based email provider already has S/MIME built-in. However, it is crucial to understand that Gmail supplies users with hosted S/MIME, meaning that the provider hosts users’ S/MIME certificates on its own servers. And this capability is only available to paid users who subscribe to G Suite Enterprise.
For G Suite Enterprise users, which encompass those utilizing either G Suite Enterprise or G Suite Enterprise for Education, S/MIME can be enabled can easily be enabled through the Google Admin console, and your certificate easily uploaded. In order to encrypt and digitally sign all outgoing G Suite Enterprise emails, users must:
- Compose an email as they regularly would, designating a recipient, including attachments, etc.
- Click on the padlock icon, located in the top right corner of the screen (to the right of the recipient and next to the CC and BCC fields).
- Click on “View Details” in order to alter S/MIME settings and see if the designated recipient has enabled encryption.
- When making changes to the S/MIME settings, users are urged to take notice of the color-coded encryption levels: green conveys that S/MIME encryption has been enabled, yellow signifies that emails are only protected by TLS (Transport Layer Security), and red indicates a total lack of encryption.
- Select “Settings,” click on “Enhanced Encryption (with digital signature)”, and confirm your choice by clicking “OK”.
- Finally, complete the process by pressing “Send”.
How to Send an Encrypted Email in Outlook
Like Gmail, Outlook also has built-in capabilities for S/MIME email encryption. Enabling S/MIME on Outlook is also rather simple once the user has obtained and installed their certificate. The user must acquire a certificate from their organization’s administrator. Following this, S/MIME control can be installed onto Outlook.
In order to encrypt all outgoing emails, as well as equip those emails with a digital signature, the user must:
- Go to the gear menu and click on “S/MIME Settings”.
- This is where the user has the opportunity to encrypt the contents and attachments of all emails sent. And this is also where the user can add or enable their timestamped digital signature.
- Click on “More Options” (signified by three side-by-side dots) located at the top of the new composition and choose “Message Options”.
- Doing so will enable the user to encrypt or remove specific email correspondences.
- Select or deselect “Encrypt this message (S/MIME)”.
- When prompted to install S/MIME control by running or saving the file, click “Run”.
- Users will once again be prompted to verify their intention to run the software. Click “Run” again to proceed.
- Also, note that users will be required to close and then reopen Outlook in order to fully enable S/MIME.
Individuals who receive an S/MIME encrypted email but do not have S/MIME enabled will be prompted by Outlook to install it. Moreover, it is important for users to be aware of the fact that S/MIME encryption is only effective if both the sender and recipient have it enabled. If an intended recipient does not have S/MIME encryption enabled, then any messages that they receive that are S/MIME encrypted will remain encrypted -- permanently scrambled and illegible.
How to Send an Encrypted Email in Yahoo
By default, Yahoo protects accounts with an SSL, or Secure Sockets Layer. In order to enable S/MIME encryption on Yahoo, a third-party service is required. However, this is not to be considered a downfall. Third-party encryption tools, like Trustifi, offer an added layer of protection for both the sender and the recipient, supporting both parties with a reliable, trustworthy, and user-friendly option for email security. By linking an email provider with the Trustifi app, users can easily send encrypted responses. As previously described by Trustifi, “once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” Thus, full-coverage, NSA-grade protection is facilitated on both ends of email correspondence.
Final Thoughts
Businesses, across nearly every industry, are encountering an increasing need to operate seamlessly in the digital world, only deepened by the bustling trend of remote work. By taking precautions and being proactive regarding email security, companies will do well to avoid a potential onslaught of cybersecurity threats. By obtaining or purchasing an S/MIME certificate and installing S/MIME control onto the email platform used, users can leverage timestamped digital signatures, as well as a capacity for advanced encryption.
Going one step further, businesses and their employees are highly encouraged to seek out the assistance and expertise of a third-party encryption service. Whether a company is a small business or an extremely large corporation, preventing malicious attacks like phishing and spoofing scams can save an immense amount of precious time and money. This can all be avoided with the help of a third-party encryption tool like the Trustifi app. Easy to use and reputable, the Trustifi app enables senders and recipients alike to rest assured that they will receive the highest level of privacy protection, securing the utmost confidential and sensitive messages and attachments that might be sent via email.
References
Crane, Casey. “How to Send Encrypted Email on 3 Major Email Platforms.” Hashed Out by The
SSL Store™, 3 June 2019,
www.thesslstore.com/blog/how-to-send-encrypted-email-on-3-major-email-platforms/.
Panda Security. “How to Encrypt Email (Gmail, Outlook, IOS, Yahoo, Android, AOL).” Panda
Security Mediacenter, 7 Feb. 2019,
www.pandasecurity.com/mediacenter/panda-security/how-to-encrypt-email/.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
June. 05, 2020
10:00-11:00AM PST
Given the current state of the world, sensitive and valuable data is being stored on countless devices and networks at staggering rates. This creates an even greater need for advanced cybersecurity measurements. One of the most surefire methods of data security is end-to-end email encryption. As schemes like phishing and spoofing become increasingly prevalent, email encryption provides a defense against potentially malicious links or identity impersonations. End-to-end email encryption effectively secures data sent via email so that it is only accessible and legible to the sender and the recipient. In other words, the two parties at either end can read the contents. Any attempts at interception will wind up with a scramble of illegible gibberish.
Encryption, in general, is a core line of defense for Internet usage, data storage, and web-based communication. Data security and Internet privacy cannot be achieved without the use of encryption. Once highly sensitive data like credit card numbers, emails, or voice calls are unleashed onto the complicated and confusing web that is the Internet, there is nothing standing between that data and random, unknown devices, networks, routers, and servers that may be vulnerable to a cybersecurity attack. If emails are intercepted, they can be read very easily. Encryption serves as the solution to this problem.
Through the process of encryption, a user’s data is transformed into a mixed up, universally illegible product that is only decipherable once it arrives in the possession of its intended recipient. The latter element of this process is commonly referred to as decryption. Via the combined efforts of an encryption key and an encryption algorithm, the unencrypted data -- or plain text -- is converted into encrypted data -- or cyphertext. The proper encryption key, along with the algorithm, is the only way for the recipient to eventually decipher the encrypted data. So, only those with the correct key, which is supplied by the encryption software and not required to be remembered by the user, will ever be able to read the encrypted data. This means that any parties attempting to intercept the encrypted messages, including but not limited to government actors, hackers, and even the server the data is traversing, will be unsuccessful.
Asymmetric Encryption
Through the use of asymmetric encryption, users are provided with an even more secure solution to the security of their data. Asymmetric encryption entails “two types of keys [that] are used for each party, one public key and one private key, that is each party has a public key and a private key.” The public key is accessible to both parties, along with any other parties that they care to grant access to, prior to the initiation of email correspondence. In effect, the sender utilizes the recipient’s public key to encrypt the message. Thus, the message is then only decipherable with the use of the recipient’s public key and private key (which is only stored on their device). And it is crucial to note that the recipient’s private key is exclusively theirs. Not even the sender has access to this private key, making it completely unfeasible for an outside party to intercept and read the contents of the email.
With end-to-end encryption, third party interception becomes impossible -- no matter where it may be on its path to its intended recipient. To put this in simpler terms, if two parties correspond via Gmail without the use of end-to-end encryption, there is nothing preventing Google from accessing messages stored on their server. Without access to a recipient’s private key, malicious actors making any attempts and intercepting email data will be left with undecipherable content. Thus, through end-to-end email encryption, the contents of emails are guaranteed to be received in their entirety and free of interference.
PGP Email Encryption
One form of end-to-end email encryption is PGP email encryption. This method of email encryption utilizes public key infrastructure, along with symmetric encryption, and is widely considered to be one of the most secure options in terms of email encryption. However, PGP email encryption is not the most user-friendly, as it necessitates thorough training in order to avoid security vulnerabilities. Attacks on PGP systems are unfortunately rather common, due to the fact that their standards do not mandate that evaluations are made on the recipient end to ensure that interception has not occurred.
s/MIME Email Encryption
s/MIME, or the Secure/Multipurpose Internet Mail Extensions, is an additional system that depends on end-to-end email encryption. s/MIME operates via the use of digital email certificates, which are supplied by a certificate authority, in order to encrypt data through an encryption algorithm. s/MIME email encryption does have its flaws. The element of digital email certificates may prove challenging for the enterprise, as multiple certificates can be difficult and time-consuming to supervise and monitor. Moreover, s/MIME email encryption is not an option for those using web-based email platforms like Gmail. However, through its support and combination of both digital signature and message encryption, s/MIME is a balanced and secure method of email encryption.
The Trustifi Solution
Although it has the potential to be rather complicated, email encryption doesn’t have to be an intimidating or taxing task. Trustifi’s NSA-grade end-to-end email encryption expertly overcomes the hurdles encountered by those utilizing PGP and s/MIME email encryption. “Once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” This efficiently and masterfully provides the sender and the recipient alike with adequate protective measures.
And end-to-end email encryption is certainly the most effective form of email security, supplying users with an increased level of communication privacy and protection. Trustifi’s email encryption platform is both user-friendly and highly secure. With trustworthy, dependable services that have the ability to seamlessly integrate with servers like Outlook that enable users to send secure messages without requiring them to switch platforms, Trustifi expertly protects the senders and recipients of all email correspondence -- including attached files, documents, photos, etc., and masterfully provides all clients with peace of mind.
References
“Data Protection Archives.” Trustifi, trustifi.com/category/data-protection/.
Unuth, Nadeem. “What Is End-to-End Encryption?” Lifewire, Lifewire, 12 Aug. 2019,
www.lifewire.com/what-is-end-to-end-encryption-4028873.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
June. 5, 2020
1:00-2:00AM PST
Devices and technology have rapidly evolved over the past several years. Unfortunately, this evolution has brought along with it more opportunities and the elevation of numerous forms of malware. Malware, or malicious software, is a piece of software created for the purpose of device impairment, data theft, and overall network upheaval. Coming in many shapes and sizes, and varying greatly in threat-level, malware often serves as tools for hackers hoping to achieve economic gains -- by either disseminating it themselves or selling it at a hefty cost on the Dark Web. But attaining monetary winnings is far from the only goal of malware; protests, security tests, or the instigation of war between governments are additional motives for malware usage. Two types of malware in particular -- trojans and ransomware -- have recently experienced a spike in popularity within the hacking community. Understanding the functionality of each of these methods of malware, as well as the ways in which they can work together to cause severe damages, will help users to avoid disastrous encounters with them.
What is a Trojan?
A trojan, more formally referred to as a trojan horse, is a type of malicious software or code that appears legitimate and wellfounded but can result in a user’s total loss of control over their device or network. Trojans are especially dangerous, as they are typically devised in order to disrupt, damage, steal, or impose impairment and distress onto a user’s data or network. And “unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.” To put it simply, trojans disguise themselves as genuine files and/or applications in order to dupe users into loading and implementing the malware onto their devices. Once a user successfully installs a trojan onto their device, it is empowered to perform its designed functions and duties.
A user is critical to the success of a trojan. Without a user or host’s execution of a trojan, it is entirely useless. However, once a user executes a trojan -- opening and downloading what they have so innocently assumed to be a legitimate attachment or file, often from a sender impersonating someone the user knows -- the consequently installed malware can spread to other files, wreaking untold havoc on the device.
The following are some of the most prevalent types of trojans that a user may encounter:
- A Backdoor Trojan has the ability to produce a “backdoor” to a user’s device, providing attackers with access and control of the device. This type of trojan can enable hackers to download and steal valuable user data, as well as provide an opportunity for additional malware to be uploaded to the device.
- A Downloader Trojan targets already-infected devices, downloading and installing new, updated versions of malicious software.
- An Infostealer Trojan seeks to steal precious data from a device plagued with malware.
- A Mailfinder Trojan aims to steal any or all email addresses that have been amassed on a device.
What is Ransomware?
Ransomware is an additional type of malicious software, designed with the goal of locking and encrypting user data located on a device. This data is only returned to its rightful owner following the payout of a ransom to the attacker. Cases have existed in which users are given a strict deadline to which they must pay a cybercriminal, and failure to do so has the potential to result in the permanent loss of their data. But even giving into the desired payouts of the attacker might not guarantee restored access, as many who deploy ransomware are actually cyberthieves. Ransomware keeps users from their personal files and data -- eliminating access to a user’s photos, documents, and even financial information. While these files still live on the user’s device, the ransomware has encrypted the data, rendering it entirely futile and nonfunctional.
Regaining access to one’s data following a ransomware attack is far from simple. For this reason, it is crucial to be aware of the various forms of ransomware, as well as how to most successfully approach them. The following are some of the most common and typical variations of ransomware:
- Crypto malware is especially disastrous, encrypting a user’s folders, files, documents, and hard-drives.
- Scareware takes the form of fake software that pretends to be a cleaning tool or anti-virus program. This ransomware typically demands a payout in exchange for fixing nonexistent problems plaguing one’s device. Scareware often has the ability to lock one’s device or flood it with an onslaught of pop-ups.
- Lockers are a form of ransomware that often plague android users’ operating systems, locking them out, and ultimately preventing the access of any files or applications on the device.
- Doxware, otherwise known as extortion-ware or leak-ware, threatens to publish sensitive, valuable, and previously private information onto the Internet if a ransom is not paid.
It is imperative to note that paying ransoms has the potential to lead users down a slippery slope. Payouts may not guarantee the return of your data, and cybercriminals may even require additional payouts -- extorting users to no end -- all while users never regain access to their valuable data, files, photos, documents, etc.
Avoiding Trojans, Ransomware, and Hybrids of Both
As user data grows increasingly sensitive, a large percentage of users will remain willing to payout ransoms. And consequently, the combination of multiple forms of malware that can perform more functions is growing in popularity. According to Lindsey O’Donnell at ThreatList, “ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019.” For example, commonly utilized banking trojans have empowered hackers to more rapidly deploy ransomware. And so, pinpointing the exact strain of malware has become increasingly difficult, but doing so is also even more crucial than ever in terms of addressing device or network infections. Exhibiting care when dealing with email attachments, regularly backing up files on an external hard-drive, consistently changing passwords, keeping software as up to date as possible, installing and deploying firewalls, utilizing security software, and taking advantage of services provided by “the cloud” are all actions that users can take to ensure the security of their data.
Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid malware, like trojans and ransomware, is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect clients against. With the support of our highly skilled and experienced team, users are provided with consistent alerts of any cybersecurity threats or malicious actors that may plague their device or network.
References
“Cisco Security Threat and Vulnerability Intelligence.” What Is the Difference: Viruses, Worms,
Trojans, and Bots?, 10 Nov. 2014,
tools.cisco.com/security/center/resources/virus_differences.
O'Donnell, Lindsey. “ThreatList: Ransomware Trojans Picking Up Steam in 2019.” Threatpost
English Global Threatpostcom, 14 June 2019,
threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
May. 28, 2020
2:00-2:30AM PST
In order to ensure that your data, or your business’s data, is sufficiently protected against advanced threats, it is vital to understand the different methods of hacking-based attacks that may arise. Advanced threat protection (ATP) is a designation for “security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data.” ATP is available in the form of both managed services and software solutions, and can vastly differ in methods and elements. However, more often than not, ATP solutions consist of an integrated approach -- utilizing “endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.” And ATP systems and strategies are all geared at keeping user’s data and other sensitive information secure.
However, it is important to note that there are varying degrees of protection when it comes to ATP. Most are familiar with antivirus software, but “a proper antivirus recognizes and defends against any kind of software that's designed with malicious intent, not just viruses.” Due to the fact that it is incredibly difficult to monetize viruses, “the vast majority of malicious programs aren't viruses.” This necessitates full-service malware protection services that will protect against a slew of different threats, in all of their many forms.
What is Malware?
Malware is a type of “software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner.” Malware can take a variety of forms -- from spyware to viruses, to ransomware and worms, to trojan horses and adware, etc. Experiencing heightened popularity, malware is a means for money to “be made through organized Internet crime.” Utilized for economic gains, vandalism, and the destruction of targeted machines, malware can be incredibly detrimental to both you and your devices.
In order to prevent any variety of malware from affecting your device and derailing your work, harming your data, or causing undue economic distress, multi-layered malware protection safeguards are advised -- “along with high-level network visibility and intelligence.”
What is a Virus?
A device can “contract” a virus “when the user launches an infected program or boots from an infected disk or USB drive.” With the ability to give rise to grave technological damages, a computer virus is “a type of [malware, or] malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.” Much like the type of virus that a human may fall victim to, viruses plaguing technological devices are “designed to spread from host to host,” all while continuously evolving and replicating. However, in order to reproduce, such viruses must live through files, documents, etc.
What makes viruses so frightening is their ability to remain hidden, lying dormant “until circumstances cause the computer or device to execute its code.” And once a virus latches onto one device, it can easily travel to other devices on that same network. Although some viruses are benign in nature, others are incredibly malicious and can result in the devastating harm of one’s device by “stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over [one’s] machine.” There are several methods in which a virus can spread from device to device, including, but not limited to illegitimate app downloads, audio and video files, “email and text message attachments, Internet file downloads, and social media scam links.”
There are many possible symptoms of a virus plagued device:
- Frequent Pop-up Windows
- Changes to Homepage
- Mass Emails sent via Your Email Account
- Frequent Crashes
- Unusually Slow Device Performance
- Unusual Activity, i.e. Password Changes
- Unknown Programs that Initiate When A Device is Powered On
In order to protect your device from viruses, it is advised to be extremely cautious when “surfing the web, downloading files, and opening links or attachments.” Scanning email attachments and files downloaded from file-share drives will also help to avoid viruses. Moreover, steering clear of file attachments that contain executables, like “a file with an extension like EXE, COM or VBS” will help to prevent viruses because “an executable can do any sort of damage it wants.” Whether to achieve a thrill, bragging rights, destruction, or cashflow -- those creating viruses have the power to cause physical damage to your device, as well as to provoke real economic or productivity loss for a user and/or their business.
What is Spyware?
As the name suggests, spyware is a type of malware that takes the form of “software that spies on your computer and steals your passwords or other personal information.” On the other hand, through the use of spyware, hackers may “literally spy on you by peeking through your computer's webcam.” Throughout the past several years, spyware has experienced a surge in popularity, resulting in the inclusion of antispyware elements in many of today’s antivirus software options.
Easily infecting devices and often hard to pinpoint, spyware “is one of the most common threats on the internet” and can affect a variety of devices -- ranging from iPhones to PCs. Certain activities may leave your device vulnerable to spyware, like “accepting a prompt or pop-up without reading it first,” “downloading software from an unreliable source,” “opening email attachments from unknown senders,” or even “pirating media such as movies, music, or games.” However, if your device is experiencing a spyware issue, it can often be immensely difficult to recognize. Spyware is, by nature, “deceptive and hard to find.” If your device slows or crashes out of the blue, begins running low on hard drive space, or experiences pop-ups when whether online and offline, it is very possible that it may be infected with spyware.
Spyware can take four different forms:
- Adware, which “tracks your browser history and downloads, with the intent of predicting what products or services you’re interested in.”
- Trojan, which is controlled by third-party entities, is a “kind of malicious software disguises itself as legitimate software.”
- Tracking cookies, which “track the user’s web activities, such as searches, history, and downloads, for marketing purposes.”
- System monitors, which “can capture just about everything you do on your computer.”
Although harmful, spyware can be removed and prevented. Using reputable anti-spyware solutions, refraining from opening emails or downloading files from unknown sources, and avoiding interactions with pop-up advertisements will help prevent spyware issues.
In Conclusion
Through consistent network scanning, careful measures, and full-scale malware protection services, you can avoid any and all forms of malware. Although malware will almost certainly plague all devices in varying degrees at some time or another, the right antivirus software will keep your data, money, files, and devices safe and secure.
References
Fenlon, Wesley. “How Computer Viruses Work.” HowStuffWorks, HowStuffWorks, 1 Apr. 2000,
computer.howstuffworks.com/virus7.htm.
Lord, Nate. “What Is Advanced Threat Protection (ATP)?” Digital Guardian, 11 Sept. 2018,
digitalguardian.com/blog/what-advanced-threat-protection-atp.
“Malware 101: What Is Malware?” Official Site, us.norton.com/internetsecurity-malware.html.
Rubenking, Neil J. “Viruses, Spyware, and Malware: What's the Difference?” PCMAG, PCMag,
27 Nov. 2018,
www.pcmag.com/how-to/viruses-spyware-and-malware-whats-the-difference.
“What Is A Computer Virus?” What Is A Computer Virus?,
us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html.
“What Is Malware? - Definition and Examples.” Cisco, Cisco, 16 Apr. 2020,
www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware
.html#~how-malware-works.
“What Is Spyware? And How to Remove It.” Official Site,
us.norton.com/internetsecurity-how-to-catch-spyware-before-it-snags-you.html.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
May. 29, 2020
1:00-2:00AM PST
In the wake of the COVID-19 pandemic that currently faces most of the planet, countless companies across the globe made a rapid transition to remote work. Offices closed and employees at every level were forced to change the ways in which they operated and worked on a daily basis, trading in meetings in conference rooms for zoom calls. Prior to this new work-from-home era born out of the coronavirus, the Bureau of Labor Statistics found that a mere “29% of Americans” had the capacity to work remotely. And according to Buffer’s annual report entitled State of Remote Work, “99% [of 2,500 individuals] said they would [have] like[d] to work remotely at least some of the time for the rest of their careers” back in the pre-coronavirus world of 2019. So, it seems -- although via an unorthodox route -- that Americans are getting the remote work transition that some have long yearned for. However, working from home undoubtedly poses some cybersecurity risks.
Without a choice, the majority of nonessentials are currently working from home. And as they do, some are facing a slew of complications. This is due to the fact that many businesses were not previously equipped with sufficient “cyber and network security system[s]”. As a result, these businesses lack knowledge regarding just how risky it can be for their employees to connect and work remotely. Companies, ranging vastly in size and scope, are now experiencing “an uptick in email-based threats, endpoint-security gaps, and other problems as a result of the sudden switch to a fully remote workforce.”
In order to spot the catastrophic outcomes of cybersecurity breaches, employees working from home should keep an eye out for the following symptoms:
- The sudden appearance of previously uninstalled, new programs.
- Slowed operation and function of the computer.
- The appearance of strange, pop-up advertisements.
- The inability to control the keyboard and/or mouse.
Workers who experience any of the aforementioned signs while working remotely are advised to notify their “company’s IT administrator so they can immediately mitigate risk.”
Unfortunately, there are several hazards and issues that come along with remote work. For one, an employee working from home will be connected to their home’s WiFi network. When at home, “IT managers can [no longer] control the security of all Wi-Fi networks,” and hackers typically are granted easier access to networks -- thanks to the weaker protocols often associated with home WiFi. Additionally, insecure passwords pose another threat to working remotely. Individuals sometimes use “simple passwords [that] are incredibly easy for hackers to crack” for personal devices and accounts. In this work-from-era, such elementary passwords may give hackers the opportunity to “gain unauthorized access to multiple accounts in a very short period of time.” Furthermore, working remotely has opened up countless individuals to phishing attacks on their personal devices, which in turn, puts their sensitive work-related data, files, etc. at risk. Through the use of easily created and seemingly legitimate, yet deceptive emails, hackers are “able to gain access to the employer’s device” through a single, innocent click of a malicious link. As disturbing as it may be, there have been several email phishing scams as of late that take the form of illegitimate COVID-19 related company policy changes.
Each and every business has data, files, media, etc. that are sensitive, at least at some stage. As the majority of states remain under rather strict Stay-At-Home orders, companies and their workers must adapt -- taking more advanced security measures in an effort to keep their business running as safely and as successfully as possible. Devices and data should be protected when working remotely, just as they are in the office. And although this may be a challenge, it certainly is not impossible to achieve.
Employees can ensure that they maintain a secure connection by regularly performing several precautionary and proactive actions. It is strongly advised that employees stay in consistent contact with their supervisors and/or employers, as well as to keep an eye out for all policy changes and updates. Amidst the ever-changing circumstances surrounding this COVID-19 pandemic, it is crucial to keep abreast of “new policies to help keep you, your coworkers, and the business safe.” Moreover, it is much easier for employees to keep company information secure if they utilize company-supplied tech tools when working remotely. Many companies supply laptops and mobile devices to their employees that “likely include firewall and antivirus protection, along with security features like VPN and 2-factor authentication.” Making use of these “your company’s cybersecurity tools” and their built-in security measures will aid you in protecting both company data and devices. In addition, it’s vital to stick with previously vetted collaboration tools because, unfortunately, “you can’t be sure a quick-fix tool you’ve downloaded has the same protections [of those already approved for use by your employer].” It is also immensely important to ensure that employees working from home are remaining up to date on software updates and patches. These updates not only “help patch security flaws and help protect your data,” but also “add new features to your devices and remove outdated ones.” Another helpful addition to your work-from-home routine is the consistent use of a VPN, as this “can help protect the data you send and receive while you work from home.” The adoption of a VPN can provide a secure link between employees and businesses by encrypting data, “help[ing to] protect against cybercriminals and snoops from seeing what you do online during a workday.”
Overall, working remotely requires businesses and their employees to make changes in their everyday routines in order to ensure that their sensitive data is not vulnerable to cybersecurity breaches. “Structuring your day to work efficiently and maintain[ing] contact with your team” may help to maintain normalcy, high productivity, and data security. Cybersecurity is a delicate and quite unstable thing to maintain, but staying diligent and utilizing the tools at your disposal will undoubtedly yield wonderful results.
Trustifi has compiled a Remote Employee Security Playbook so that all individuals working remotely, both now and in the future, may be better equipped to face the growing threat of cyber criminals. With the guidance and expertise of our team, employees across every industry can confidently and safely work from home.
References:
“Remote Employee Security Playbook.” Trustifi, trustifi.com/remote-employee-security-playbook/.
Rubinstein, Carrie. “Beware: Remote Work Involves These 3 Cyber Security Risks.” Forbes,
Forbes Magazine, 10 Apr. 2020,
www.forbes.com/sites/carrierubinstein/2020/04/10/beware-remote-work-involves-these-3-cyber-security-risks/#2b8978c961c4.
“State of Remote Work 2019.” Buffer, 2019, buffer.com/state-of-remote-work-2019.
Symanovich, Steve. “Working Remote Due to the Coronavirus? These 7 Tips Can Help Keep
Your Connections Secure.” Working Remote Due to the Coronavirus? These 7 Tips Can
Help Keep Your Connections Secure | NortonLifeLock, us.norton.com/internetsecurity-emerging-threats-working-from-home-due-to-coronavirus.html.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
May. 29, 2020
1:20-2:10AM PST
As more and more businesses and their employees turn to email as their main method of communication, the security and invulnerability of email communications become exponentially crucial. Email encryption makes a strong effort to address this issue of data, file, and messaging security, and entails “encrypting, or disguising, the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients.” Although sensitive information shared via email like Social Security numbers, log-in credentials, and bank account numbers benefit greatly from email encryption, “it’s not just those who may email sensitive information” who are advised to invest in email encryption. As relied upon as email may be, it is quite a vulnerable form of communication; “particularly when emails are sent over unsecured, or public, Wi-Fi networks.” And any email account can be vulnerable to the attack of a hacker, putting their attachment, content, and sometimes the entirety of their email account at risk of being compromised.
Earlier this year, Tony Bradley of LifeWire made an incredibly thoughtful and insightful analogy to help individuals better understand the importance of email encryption for data security: “If you are on vacation you might send a picture postcard to a friend or family member with a quick "wish you were here" sort of message. But, if you are writing a personal letter to that same friend or family member, you would be more inclined to seal it in an envelope.” One method of email encryption -- a personal email certificate -- “digitally signs your messages, reducing the [number] of spam messages that can be sent using your name and email account.” A personal email certificate’s digital signature confirms to recipients that the sender did in fact send the message that was received. An added bonus of utilizing a personal email certificate is that it provides users with “help to stem the tide of spam and malware being distributed in [their] name.”
Through email encryption, “the sender [is equipped] with a comprehensive set of tools that gives them an unprecedented level of control over the[ir] content.” A private email key, “stored on your computer,” is utilized to unlock emails and decrypt original messages. In other words, “each person with an email address has a pair of keys associated with that email address, and these keys are required in order to encrypt or decrypt an email.” One such key is deemed a “private key,” and is housed within a keyserver, linked with your name and email address, and any individual can access it. Contrastingly, your private key is yours alone and access cannot be shared. Thus, senders encrypt using the public key, “while the intended recipient would use the private key to decrypt those messages into a readable format.” This system of keys is known as public key infrastructure (PKI) and it is the most common form of email encryption.
There are several variations of email encryption protocol, but the most prevalent are:
- OpenPGP, which is a method that utilizes “both symmetric and public-key encryption,” and is often recommended for large businesses, as it provides individuals who may have never met in-person to “exchange encrypted messages” without the use of private keys.
- S/MIME, which is a method that “relies on a centralized authority to pick the encryption algorithm and is a popular method of encryption simply because it’s already built into some large party email platforms such as Google, iOS, and Outlook.”
Oftentimes, to avoid any difficulties for individual employees, companies will opt for automatic email encryption using an email encryption service. Such services typically supply software that configures emails to “pass through a gateway appliance that is set up to be compliant with the company’s security policies.” That being said, it is important to point out that cloud-based email encryption offers individuals added ease of use, convenience, and economic savings. While maintaining the utmost email security, the cloud-based format gives users more flexibility and command over the ways in which their messaging, files, and data are interacted with via email. Moreover, cloud technology provides businesses and individuals with opportunities for increased scalability, reduced IT costs, collaboration efficiency, flexibility, improved access updates, and stronger business continuity.
Email encryption services are multipurpose when it comes to securing vulnerable information.
- In encrypting the connection between email providers, hackers are prevented from intercepting both outgoing and incoming messages advancing from server to server. As a result, this “prevents unauthorized users on the network from intercepting and capturing your login credentials and any email messages you send or receive”.
- An email’s content (including attachments) can be encrypted, making even intercepted emails unreadable to the human eye. The encryption of emails prior to them being sent out into the world, in other words, renders them essentially useless and void of any information.
- Encrypting old and archived emails will stop attackers from gaining access to emails that are not in transit. If hackers gain access -- despite password protection of your accounts and even your device -- to backed-up emails, email encryption guarantees that the contents are indecipherable.
Consistently encrypting all emails, sent and received, will ultimately result in the best outcomes in terms of email data, file, attachment, etc. security and protection. In saving email encryption for emails containing delicate information, a flag is raised for hackers, “pointing them directly to the messages that are most likely to contain valuable, sensitive information – the very information you’re trying to prevent outsiders from gaining access to in the first place.” And so, a full-scale, holistic approach to email encryption will undoubtedly create a greater, multi-layered barrier to entry for hackers, as even the most dedicated data sleuths will find a one-by-one email examination process too burdensome and daunting.
Even emails sent via a seemingly secure company network are not entirely safe from hackers. No matter the pre existing security measures provided by a given network, “encryption is an important added security measure that makes sure that even if a message is intercepted, its information cannot be accessed.” A strong and thorough email security approach, like email encryption, can help to prevent hackers from conducting breaches, as they “rely primarily on email to distribute spam, malware, and other threats.” And as employees -- from entry-level to executives -- rely more heavily on the flexibility of their technology security services, the demand for cloud-based email encryption is sure to skyrocket.
References
Bradley, Tony. “Here's Why and How to Encrypt Your Email.” Lifewire, Lifewire, 30 Jan. 2020,
www.lifewire.com/you-should-encrypt-your-email-2486679.
“Data Protection Archives.” Trustifi, trustifi.com/category/data-protection/.
“Email Security Archives.” Trustifi, trustifi.com/category/email-security/.
“Email Security - Securing Cloud Email.” Cisco, 21 Apr. 2020,
www.cisco.com/c/en/us/products/security/email-security/index.html.
Lord, Nate. “What Is Email Encryption? Definition, Best Practices & More.” Digital
Guardian, 3 Jan. 2019, digitalguardian.com/blog/what-email-encryption.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
May 20, 2020
10:00-11:00AM PST
With the novel coronavirus forcing thousands of people across the country to work remotely, there has been a massive wave of phishing attacks aimed at stealing employee information. The scammers have been more effective in these latest attacks than we have seen in years. One issue that some companies are encountering is that a home computer security network is significantly different from the office cybersecurity systems, and personal computers are often less secure. There has been a number of CEO impersonation emails, luring employees to fake websites where they give out personal information. The scammers have been impersonating health officials like the CDC and the World Health Organization (WHO). These tips can help you and your employees stay safe from phishing emails.
Two-Step Authentication
One way to help keep your company information secure is to require two-step authentication on all email accounts and applications. This is one of the best ways to help reduce the risk of phishing scams. With two-step authentication, you not only have to enter your password, but you also have to have a code sent to a specific phone number and you cannot log on until you have input that code correctly.
Many applications and programs are offering this now because of how much it reduces the risk of an account being hacked, even if your employee accidentally clicks on a link they should not. A password can be cracked, and for a good hacker, it can be cracked pretty easily, this just adds another layer of protection to make it a little bit harder for someone to steal your information.
Use a VPN
A Virtual Private Network (VPN) is software that can be used on home and public wifi to encrypt data even when you are using a public internet signal. A VPN will authenticate your information with the firewall in your network before anything is sent through it. This is especially important for a company that has employees handling sensitive data because it encrypts all of your data.
It is a good idea to have a VPN set up for your employees when they are working remotely because it can prevent hackers from accessing any of your company information, whether your employee is working at home or at a cafe — once things reopen.
Safeguard Your Email Accounts
Email is how most hackers will reach out to attempt to scam you to steal your information. An email encryption service can be a big help with keeping your communications safe.
Encrypted Video Conferences
There have been a lot of issues with video conferencing services since the pandemic forced so many people to work from home. Zoom especially has had hackers find their way into a video conference and disrupting the meeting; there have been accounts of "Zoombombers" showing pornography during a meeting, calling people racial slurs, and just being generally disruptive.
The best way to avoid things like this is to use a paid video conferencing service; they are usually a little more secure than Zoom. If you are using something like Zoom, check the privacy settings for the meeting before the meeting begins to make sure only those you invite can join the meeting. Another option is to protect your video conference meeting through Trustifi.
Anti-Phishing Training
Some people do not know how to recognize a phishing email when they see one. Take the time to show your employees some of the telltale signs of a phishing email and show them what to do if they see an email that appears suspicious. Great training that we recommend is provided by Lucy Security.
Anti-Virus Software
Good anti-virus software can get expensive; however, if you provide it for all of your employees and keep it up to date if someone does accidentally click on a malicious link or download an attachment from a suspicious email, there is a better chance that the virus may not work its way into your system. If you have good virus protection, it should catch a virus before it is even downloaded, and it can warn you when you click on a suspicious link that it may not be a safe website to go to.
Require Strong Passwords
While we may not like having elaborate passwords because they can be annoying to keep track of, they exist for a reason. Approximately 75 percent of people in a poll said they "use the same passwords for multiple accounts, and a high percentage of people haven’t changed duplicate passwords in over five years."
A weak password is a hacker's best friend. Have your employees use a strong password to keep hackers at bay. You can use a password generator to create completely random and strong passwords, but if they are annoyingly elaborate, your employee will need to write them down, and there is a good chance it will be saved somewhere on their computer.
For a strong email encryption service that can help keep the phishers at bay, contact Trustifi today to learn what we can do to make your business more secure.
References
Sundar, Venkatesh. “How to Maintain Security with Remote Workers?” Indusface, 7 May 2020, www.indusface.com/blog/maintain-security-remote-workers/.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
May. 20, 2020
1:00-2:00AM PST
Whether you have opened them or not, you have probably received at least a few emails that seem to be from your bank, the IRS, or another organization that has important information about you. They may claim your account has been blocked, or something needs to be updated because of a change to their policy. The email usually has a link to click to correct the error they are claiming exists or to verify your identity, and from there, they want you to provide personal information like your Social Security number or a certain password. These emails are phishing scams.
These emails are created by hackers and the links in them will lead you to fake websites — that usually look close to the real thing — in an attempt to steal your information. Just by clicking the link, you may be putting your information in danger; the links often bring viruses with them and can also put malware and spyware on your computer. Hackers have been working on their techniques for years to prey on unsuspecting victims to steal their identity and bank information. Unfortunately, this can sometimes make these emails difficult to recognize right away.
Recognizing Phishing Attempts
While it can sometimes be difficult to tell at a glance if something is a phishing email, there are a few telltale signs that an email is a phishing scam. Here are a few things to look for when you receive a questionable email.
The “From” Address
One sign that an official-looking email is phishing is the email address it came from. If you look closely at the email address, it usually has a Gmail or Yahoo ending, or a similar one using like-letters. For example, a phishing email that claims to be from US Bank might have email@vsbank.com. Notice the "U" is actually a "V." This is a little trick of the eye that a scammer will use to make it seem like a legitimate email. If you ever think an email address is questionable, do not follow the link. You can always call the organization the email claims to be from to check if the email is indeed legitimate.
Urgent Call to Action
A scammer may try to use an urgent call to action to scare you into clicking on the link in the email without thinking. These types of messages may:
- "Say they’ve noticed some suspicious activity or log-in attempts”
- "Claim there’s a problem with your account or your payment information”
- "Say you must confirm some personal information”
- "Include a fake invoice”
- "Want you to click on a link to make a payment”
- "Say you’re eligible to register for a government refund”
- "Offer a coupon for free stuff"
- Claim an account will be closed if you do not act now
Generic Greetings
Phishing emails are usually generic because they are created to be sent out to hundreds, if not thousands of people all in a single batch. They also typically do not have your name, just your email address, so they cannot personalize an email like the real organization would do.
Emails that start with "dear customer/member" and things along those lines may be a phishing attempt. Most businesses these days will address you by name if they have your name.
Poor Spelling and Grammar
Businesses usually have decent spelling and grammar in their emails to customers, because it is professional, and if something is filled with poor spelling and grammar, it is hard to read, and you will probably not read them. A phishing email is usually full of spelling and grammatical mistakes, making this a potential sign that the email you are looking at is a scam.
Inspect the Link
When you hold your mouse over a link in an email, the full link will be displayed in the bottom left corner of your screen. If you are on your phone, you can press and hold your finger down, after a few seconds a box should pop up in the middle of your screen that displays the full link. Here is where it gets tricky; just like when they make the return email appear to be real by using slight spelling tricks, they can deploy that strategy here too, using phony websites that look like the real URL.
To use our US Bank example again, you may see the link displayed as “uvbank.com,” “usbnk.com,” or “usbnak.com.” The letters have been changed, removed, or transposed in these three examples. If you were to quickly glance at the link without scrutinizing it, you might not realize the mistake.
The Promise of Money
There are a few variations on this type of scam email. This may be the longest-running type of internet scam out there because it works. In 2018, Americans lost over $700,000 to this type of scam, according to a report from ADT.
You receive a random email that tells you a sad tale about this person who has a large sum of money and for just a small payment from you, they can access it and will share it with you. If you pay it, they may invent further fees they need help to get to the money, but they promise they will pay as soon as possible. These people will take as much money from you as possible then vanish forever.
Another version asks for your bank account information to transfer their large sum of money to you to keep safe on their behalf; victims of this scam often end up with empty bank accounts.
Yet another version is some distant relative you have never heard of has died and left you a considerable amount of money. The person sending the email needs something from you before they can send you your inheritance.
What to do if You Get Scammed
If you think you may have fallen victim to a scam, there are a few things you can do:
- Run a virus scan on the computer you opened the email from.
- Change your passwords on a different device than the one you opened the email from.
- Contact your bank.
- Report the scam to the FTC.
Tips to Protect Yourself
To help avoid falling prey to email scams, do not click on any links that may be suspicious or download attachments in emails. Take a moment to scrutinize any email you get that may seem suspicious, following our criteria above.
You should feel safe when you check your email, and one way to do that is to contact an email security service to give you an extra layer of protection.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization
April. 30, 2020
1:00-2:00AM PST
No matter your reasons for choosing an email provider, it’s probably safe to assume that you want to rely on their services to provide a high level of security when it comes to your privacy. However, if you are using a mainstream email provider (such as Gmail or Yahoo), it’s a common misconception that your account is actually private. You set up a password, and although you access your email through the internet, it often doesn’t occur to people that the privacy of their inbox is not being respected.
While many people who use their emails for everyday life and non-business related matters may not be overly concerned about the insecurity issues related to larger email providers, those who rely on their email for more personal matters, or as a business tool, should definitely seek to increase the security levels of their emails. But deciding to switch your email provider is only the easy part, actually choosing a secure email provider can be a daunting task, especially if you aren’t overly tech literate. So, we’re here to help you identify the steps you can take towards picking the correct secure email provider for your business.
- Identify what’s important to you
The first step in picking a secure email provider for your business is to identify the features that are most important to you. Some companies (particularly those handling sensitive financial information) will want to choose a provider who can deliver the absolute highest level of security possible. Other companies may be willing to sacrifice some security measures for features such as how user-friendly or accessible the platform is.
- Is the provider “client-friendly?”
This is a big consideration for those who are sending emails to a large number of different clients. Some secure email providers are not compatible with third-party email. While this is a good security feature, it may also be extremely inconvenient and unrealistic, so it’s a good idea to pay attention to whether or not the provider you choose can be used with third-party email clients.
- Level of Security
While it may be a common misconception to think that a secure email provider will automatically be, well… secure, there are different methods by which the security is actually provided. For example, you may want to research the differences between companies when it comes to, say, types of encryption; are emails encrypted in transit or at rest?
- Where is the service located?
The jurisdiction of an email provider can matter when it comes to security. You may never have thought to research email security based on where the provider is located, but it is worth looking in to. Different privacy laws in different countries can have an effect on how secure a provider’s services are. For example, there are a number of highly recommended secure email providers located in Germany and Switzerland, where privacy laws are stricter than in the United States.
- Supported features.
For many people, switching from a provider they are familiar with is an unwelcome hassle. If you decide to switch to a more secure email service, it would be wise to check how easy it is to, say, import existing emails, or whether or not they provide user-friendly features like calendars and contact lists.
If you’re running a business it’s critically important to ensure that the privacy of both your company and, most importantly, your clients are protected. Shopping for a secure email provider can seem like a daunting task. The good news is there’s plenty to pick from, so follow these simple steps, and with a little time and research, you’re sure to find one that fits your needs.
Resources
Crane, Casey. “How to Send Encrypted Email on 3 Major Email Platforms.” Hashed Out by The SSL Store™, 3 June 2019, www.thesslstore.com/blog/how-to-send-encrypted-email-on-3-major-email-platforms/.
Kaufman, Lori. “The Best Free Ways to Send Encrypted Email and Secure Messages.”, How-To Geek, 12 July 2017, www.howtogeek.com/135638/the-best-free-ways-to-send-encrypted-email-and-secure-messages/.
Taylor, Sven. “12 Best Private and Secure Email Services.” Restore Privacy, 29 Dec. 2019, restoreprivacy.com/private-secure-email/.
Try Trustifi Today
For Individuals
Our Free Trial Is Forever Free
For Business
See if Trustifi Is Right for Your Organization