Spotting and Protecting Against Malware: Adware and Malvertising

June. 12, 2020

3:00-4:00AM PST

The type of malware most commonly on the minds of tech-using individuals around the world is the computer virus, however, there are several variations of malware that can plague your device, network, server, etc. at any given time. Although the average user is highly unlikely to  encounter elite hackers that unleash the utmost technically-advanced malicious attacks, “run-of-the-mill, profit-generating malware, on the other hand, is rampant.“ For this reason, it is imperative to understand the characteristics of numerous kinds of malware so that you might be able to avoid data theft and destruction that might be left in their wake.

What is Adware?

Adware very well may be the variation of malware that the average user is most likely to face. To put it simply, adware is a type of malicious software that illegally slips into a user’s browsers and apps for the purpose of originating phony profits. Adware is quite similar to the pop-up ads of the past. However, while adware is a particular software that operates on a device, pop-ups ads are comprised of rogue web scripts that project ads onto a user’s device. And cyber-scammers have begun to utilize the nature of the widely held advertising revenue model to their advantage. By creating and putting more illegitimate ads onto the Internet, a larger quantity of eyeballs become likely to view such advertisements, which results in greater revenue placed in the pockets of these scammers. Although these ads were often obvious, conspicuous, and clumsy at their inception, most have evolved into more undistinguishable, refined, and stealthy versions of themselves over time.

 

Unfortunately, smartphones have become a near-perfect launching pad for the release of adware. This is due to the fact that scammers can disperse adware-tainted apps via smartphones via third-party app stores available to Android users. Moreover, these cyber-scammers can even leverage highly trusted app stores like the Google Play Store and Apple’s App Store by utilizing them to disseminated apps that are contaminated with adware. In doing so, such apps have the potential to land in the hands of millions of smartphone owners. These apps can distribute disingenuous ads onto these devices which either operate in the background or out in the open for the device owner to see. This is what separates adware from other forms of malware. Without necessitating the carrying out intricate cyber attacks, or even attempting to steal money from device owners, adware sneaks onto a device and causes mere inconvenience or slowed operating speed for the user. In doing so, the scammer behind the adware hopes to accumulate advertising revenue. And more often than not, adware supplies scammers with the greatest opportunity to generate profits. However, it is important to keep in mind that although adware may not pose an immediate danger to users, this type of malware effectively creates opportunities for future malicious activities that can put user data, networks, devices, etc. in jeopardy. Furthermore, it is not impossible for adware and other malicious software to be transmitted as a package deal, foretelling subsequent grave attacks.

Users can make an active effort to avoid adware by exclusively utilizing official app stores and downloading credible applications. Additionally, users should rid their phones of applications that they do not often use, as well as applications that regularly experience glitches or that are ad-heavy. Overall, since adware is the type of malicious software that smartphone users are most likely to run into, users should keep a consistent and vigilant eye out for it.

What is Malvertising?

An incredibly tough problem to address, malvertising is a type of malware that users often find most difficult to wrap their heads around entirely. Malvertising is the propagation of malicious code that lives within online advertisements, waiting for just the right moment to contaminate the device of an unknowing user. Malvertising has found success, in part, due to user’s seemingly unshaken trust in mainstream websites such as Youtube and Reuters. Individuals visiting these sites often do so with peace of mind founded in the credibility associated with such platforms, but malicious actors are taking advantage of this confidence in order to infect user devices, networks, etc. -- sometimes without a single click of a button -- via third-party content that typically goes unnoticed by the user. It isn’t enough to steer clear of sketchy websites because “mainstream, high-trafficked Web sites today outsource the ad content on their pages to a vast array of third-party ad networks, including household names like Google (DoubleClick) to start-up providers and others well under the radar.” When users utilize these mainstream sites, their device -- unbeknownst to most -- is, in fact, making connections with several additional URLs. The main purpose of this is to boost convenience and efficiency on the web, offering features like video files and more in-depth web interactions. However, this effectively opens the doors to malvertising attempts, rendering the credibility of sites almost entirely inconsequential. In fact, malvertising is oftentimes dependent on this credibility, as it makes it easier to attract unsuspecting users to other contaminated domain addresses.

Moreover, malicious attackers leveraging malvertising greatly benefit from their easily maintained anonymity. This is typically due to the fact that the operators of the sites that ultimately serve these harmful advertisements entirely lack visibility of such ads. To top it off, ads rotate from site to site at rapid speeds and can even be purchased with theft credentials and assets, making it increasingly difficult to identify the malicious actor in question. And much of the success of malvertising is thanks to the preexisting nature of the modern advertising industry. The modern ad model only makes it easier for malicious actors to weaponize frequent user behavior, as it enables these cyber attackers to benefit from the profiling and targeting that is already in place -- all while they remain anonymous. And it doesn’t look like malvertising is going to lose its popularity any time soon. Malvertising is an incredibly lucrative form of malicious activity that is bolstered by the credibility and reputation of mainstream sites, and that, unfortunately, cannot be anticipated and is terribly tough to avoid without the mobilization of antivirus tools.

References

Newman, Lily Hay. “Here's the Malware You Should Actually Worry About.” Wired, Conde Nast,

21 July 2019, www.wired.com/story/adware-most-common-malware/.

Rahul Kashyap, Bromium. “Why Malvertising Is Cybercriminals' Latest Sweet Spot.” Wired,

Conde Nast, 7 Aug. 2015,

www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Spotting and Protecting Against Malware: Trojans and Ransomware

June. 5, 2020

1:00-2:00AM PST

Devices and technology have rapidly evolved over the past several years. Unfortunately, this evolution has brought along with it more opportunities and the elevation of numerous forms of malware. Malware, or malicious software, is a piece of software created for the purpose of device impairment, data theft, and overall network upheaval. Coming in many shapes and sizes, and varying greatly in threat-level, malware often serves as tools for hackers hoping to achieve economic gains -- by either disseminating it themselves or selling it at a hefty cost on the Dark Web. But attaining monetary winnings is far from the only goal of malware; protests, security tests, or the instigation of war between governments are additional motives for malware usage. Two types of malware in particular -- trojans and ransomware -- have recently experienced a spike in popularity within the hacking community. Understanding the functionality of each of these methods of malware, as well as the ways in which they can work together to cause severe damages, will help users to avoid disastrous encounters with them.

What is a Trojan?

A trojan, more formally referred to as a trojan horse, is a type of malicious software or code that appears legitimate and wellfounded but can result in a user’s total loss of control over their device or network. Trojans are especially dangerous, as they are typically devised in order to disrupt, damage, steal, or impose impairment and distress onto a user’s data or network. And “unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.” To put it simply, trojans disguise themselves as genuine files and/or applications in order to dupe users into loading and implementing the malware onto their devices. Once a user successfully installs a trojan onto their device, it is empowered to perform its designed functions and duties.

A user is critical to the success of a trojan. Without a user or host’s execution of a trojan, it is entirely useless. However, once a user executes a trojan -- opening and downloading what they have so innocently assumed to be a legitimate attachment or file, often from a sender impersonating someone the user knows -- the consequently installed malware can spread to other files, wreaking untold havoc on the device. 

The following are some of the most prevalent types of trojans that a user may encounter:

  • A Backdoor Trojan has the ability to produce a “backdoor” to a user’s device, providing attackers with access and control of the device. This type of trojan can enable hackers to download and steal valuable user data, as well as provide an opportunity for additional malware to be uploaded to the device.
  • A Downloader Trojan targets already-infected devices, downloading and installing new, updated versions of malicious software.
  • An Infostealer Trojan seeks to steal precious data from a device plagued with malware.
  • A Mailfinder Trojan aims to steal any or all email addresses that have been amassed on a device.

What is Ransomware?

Ransomware is an additional type of malicious software, designed with the goal of locking and encrypting user data located on a device. This data is only returned to its rightful owner following the payout of a ransom to the attacker. Cases have existed in which users are given a strict deadline to which they must pay a cybercriminal, and failure to do so has the potential to result in the permanent loss of their data. But even giving into the desired payouts of the attacker might not guarantee restored access, as many who deploy ransomware are actually cyberthieves. Ransomware keeps users from their personal files and data -- eliminating access to a user’s photos, documents, and even financial information. While these files still live on the user’s device, the ransomware has encrypted the data, rendering it entirely futile and nonfunctional. 

Regaining access to one’s data following a ransomware attack is far from simple. For this reason, it is crucial to be aware of the various forms of ransomware, as well as how to most successfully approach them. The following are some of the most common and typical variations of ransomware:

  • Crypto malware is especially disastrous, encrypting a user’s folders, files, documents, and hard-drives. 
  • Scareware takes the form of fake software that pretends to be a cleaning tool or anti-virus program. This ransomware typically demands a payout in exchange for fixing nonexistent problems plaguing one’s device. Scareware often has the ability to lock one’s device or flood it with an onslaught of pop-ups.
  • Lockers are a form of ransomware that often plague android users’ operating systems, locking them out, and ultimately preventing the access of any files or applications on the device.
  • Doxware, otherwise known as extortion-ware or leak-ware, threatens to publish sensitive, valuable, and previously private information onto the Internet if a ransom is not paid.

 

It is imperative to note that paying ransoms has the potential to lead users down a slippery slope. Payouts may not guarantee the return of your data, and cybercriminals may even require additional payouts -- extorting users to no end -- all while users never regain access to their valuable data, files, photos, documents, etc.

Avoiding Trojans, Ransomware, and Hybrids of Both

As user data grows increasingly sensitive, a large percentage of users will remain willing to payout ransoms. And consequently, the combination of multiple forms of malware that can perform more functions is growing in popularity. According to Lindsey O’Donnell at ThreatList, “ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019.” For example, commonly utilized banking trojans have empowered hackers to more rapidly deploy ransomware. And so, pinpointing the exact strain of malware has become increasingly difficult, but doing so is also even more crucial than ever in terms of addressing device or network infections. Exhibiting care when dealing with email attachments, regularly backing up files on an external hard-drive, consistently changing passwords, keeping software as up to date as possible, installing and deploying firewalls, utilizing security software, and taking advantage of services provided by “the cloud” are all actions that users can take to ensure the security of their data.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid malware, like trojans and ransomware, is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect clients against. With the support of our highly skilled and experienced team, users are provided with consistent alerts of any cybersecurity threats or malicious actors that may plague their device or network.

References

“Cisco Security Threat and Vulnerability Intelligence.” What Is the Difference: Viruses, Worms,

Trojans, and Bots?, 10 Nov. 2014,

tools.cisco.com/security/center/resources/virus_differences.

O'Donnell, Lindsey. “ThreatList: Ransomware Trojans Picking Up Steam in 2019.” Threatpost

English Global Threatpostcom, 14 June 2019, 

threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

The Power of an Email Address: Our Digital Identity

April 10, 2018

10:00-11:00AM PST

Bill’s first sign of trouble came with a few unexpected “authentication” requests — you know those follow-up texts or emails that banks, Amazon, or Google send when your account is accessed from an unknown computer? A few of his online accounts were being logged in from such faraway places as Armenia, San Paolo, and even Muncie, Indiana.

(For the record, Bill lives in San Diego and has never been to those places)

Bill wasn’t sure what was going on but was soon locked out from a number of his social accounts, and now needed to validate his identity, change a few credentials, keep track of the new creds, etc. While it was an imposition on Bill’s already busy day, resetting access to his Twitter feed wasn’t really a huge deal.

That said, it was a little unnerving to Bill to think that someone actually got into his accounts, but from what he could tell, no real harm was done. No one posted anything crazy in his name, Bill’s status wasn’t changed to “separated” on Facebook, his LinkedIn profile still reflected his current job — all looked pretty ok. Bill figured all this must have just been a glitch in the matrix…

It was not a glitch in the matrix.

After a bit of research, Bill discovered that his emails were somehow being intercepted and that this had been going on for an undetermined period. He didn’t know if the hacker had been reading or stealing all of his emails for the past year or if it was sporadic theft for an even longer period, but no matter. This breach opened a Pandora’s box of trouble that gave Bill a headache in the short term but could evolve (devolve?) into privacy and financial troubles that he couldn’t yet define or foresee.

Bill Could Be Anyone
This is Bill’s story, a warning shout to the world to get us all to deeply consider how email is used in our lives and perhaps how we need to better defend a daily used but invisible “pipe” into our homes — one just as important as electricity or water.

Way beyond just a casual correspondence method, our email today transmits and stores all manner of information — some obviously confidential as well as other oft-shared information that can be leveraged for a longer term con.

Those multi-factor authentication requests mentioned at the top? Stop for a moment and try to remember how many accounts you set up where the secondary verification goes to your email. You’re probably like Bill; when two-factor verification caught on a few years back, he sometimes gave “the system” his cell phone number so it could text back a passphrase or code. And (now) regrettably, he also at times provided his email address, believing that his inbox was secure from prying eyes.

In the unknown period between the first email breach and Bill finally catching on to it, a few intercepted email authentications allowed the hacker to access the social accounts mentioned earlier. Who opened Bill’s emails? It was a frantic time of reflection and reaction, trying to reset everything — passwords online and new verification codes. And of course, Bill finally replaced all email two-factor authentications with his mobile number.

And Your Contacts? More Vulnerable by Association
With all that behind him, Bill hoped that that was it, and wouldn’t have to deal with any further hassles resulting from his email breach. It turns out he was mistaken, and down the road, this hack could end up costing Bill “real money.”

By now everyone’s heard of “phishing” — those bogus emails that look like a legitimate Google or Amazon login reset page, or an email claiming to be from your company’s CEO. These scams try to trick you into clicking on a malicious link in the email or sends you to a fake web page that instructs you to enter in your user ID and password. In the latter case, the hacker attempts to gather privileged login info, whereas the former sends your browser and computer to malware hell, downloading ransomware that can lock up your system or destroy data.

Phishing’s the shotgun or wide net hack, whereas “Spear-phishing” (as the name implies) is a much more targeted approach that aims for big fish rewards.

Until this email breach, Bill never realized casual interaction with his family and friends could be leveraged for spear-phishing. Within these emails contained information that he now realizes he probably shouldn’t have also used as personal identifiers for his various online accounts. Who cares that Bill recently moved to X address from his old Y address, that his dog’s name was Chewie, and that his high school had its 10th-year reunion?

Evidently, all that data (and scads more) are hard currency in the dark recesses of the Internet, as they can be used as vectors of information that can enable hackers to build a profile of us they can eventually exploit.

Bill’s hacker (or hackers) are the worst kind — patient and methodical to collect and triangulate data. It wasn’t enough to just invade his privacy or to mess up Bill’s access to social media and a few other accounts. There was a deeper con at work to extract relevant PII (Personally Identifiable Information) from Bill’s email to ultimately impersonate him and obtain a unique combination of information that could actually be monetizable.

On its own, all the PII in Bill’s email could be viewed as just disparate islands of random information. But in aggregate, this data can be combined and ultimately exploited to lure in big money fish:
– Online financial or government accounts that require layers of personal info to either login or to use as backup passcodes/phrases.
– Distinct information combinations that compel action from authorized agents of your funds (a CEO’s assistant, Bill’s financial advisor or his parents).

Protect Than Email Like it’s Your Wallet
Thankfully, we’re far from powerless. There are numerous security “backstops” and hygiene that we all should be aware of and actively practice to counter these threats:
– Don’t use email as a secondary authenticator!
– Don’t accept calls from anyone posing as agents, always verify before action (wiring funds)
– Stop oversharing PII

But along with taking a hard look at our own security and privacy behavior online, this incident forced Bill to question his long-standing assumptions on the safety of our collective internet “infrastructure”. How does his email get from point A to point B? And is any kind of password ever good enough?

This incident proved to be a jolting wake up call for Bill, as he never really thought about the data flowing to and from his accounts, let alone if it could be exploited. Are our emails protected or encrypted in any way? Who can he trust? Should he rely on Gmail, or just depend on his internet provider? We know that companies have to protect their communications to each other, but is there an affordable solution for consumers like Bill as well? Are there email security options “as good” as the protection/encryption that companies use?

If this information is unnerving, downloading a free trial of Trustifi’s email encryption software may give you peace of mind.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How Hackers Can Use Email to Unlock Other Accounts

Nov. 22, 2017

10:00-11:00AM PST

Experts estimate that more than 4 billion data records were stolen in 2016. This means that all over the world, people are experiencing the jarring realization that their most personal information has been compromised.

Websites might not keep your information safe.
In 2017, Clutch, a ratings and reviews firm based in Washington DC, conducted a survey of over 300 website managers. They found that once websites collect user information, nearly half (48%) store information directly on their websites.

As a visitor to these websites, it can be difficult or impossible to know what protective measures are being taken on the backend. Outdated plugins, unsecured input fields, and other flaws can leave your information unprotected.

If you can’t count on the websites you use to keep your information secure, you’ll need an email encryption provider to ensure that hackers won’t break through.

Online accounts can provide clues to your passwords.
It’s rare to sign up for a website account that doesn’t require several pieces of personal information. If hackers are able break into a website and obtain your email address, chances are they also have access to other commonly collected information such as your location, birthday, and name.

Taken together, these pieces of information can allow hackers to track down even more information about you, such as where you went to school, whether you’re married, where you work, or even how many pets you have.

Most people base their passwords around personal information such as a loved one’s birthday or pet’s name, so the information hackers find makes it easy for them to begin guessing the passwords to your account.

“With an email address, [a hacker] won’t have to work a lot in order to retrieve privacy information,” patented email security provider, Trustifi CEO Idan Udi Edry pointed out in an interview. “The combination of an email address and a name is enough to start the reconnaissance on someone as a user.”

The safest approach is to use long, randomized passwords alongside encryption. A password manager can help ensure that you always have access to the accounts you need, without having to worry about memorizing complex passwords.

Synced accounts use your email to unlock other information.
Many websites now offer the option of syncing your email account rather than entering new account information. From a security perspective, there are pros and cons to this approach.

Part of the reason that users put their trust in large companies such as Google is because these companies have the resources to invest in advanced security measures.

However, connecting too many accounts to your email also presents a high degree of risk. If a hacker manages to steal or guess your email login, they could be seconds away from accessing most of your online presence, from a retail account with your credit card information to the bank account that holds your child’s college fund.

Still, syncing new accounts to your existing email account can feel like a convenient solution remembering numerous complex passwords. If you are unwilling to give up this habit, it’s even more important to make sure that your email has the most rigorous protection possible.

Don’t go it alone. Your data is too important. Trustifi can help you understand how hackers view email as a gateway into your other private accounts so that you can anticipate and block attacks before they happen.

If this information is unnerving, downloading a free trial of Trustifi’s email encryption software may give you peace of mind.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Why cybersecurity hygiene is so vital to HR

By Trustifi on Oct 13 2017

By Bruce Shutan

Of several high-profile cyberattacks that have recently taken place around the world, 2017 began with a so-called ransomware assault aimed at HR departments. Its disguise: an Excel document purportedly containing a job applicant’s curriculum vitae or CV and aptitude tests for consideration.

The harrowing incident came two years after the U.S. Office of Personnel Management was hacked, which compromised the personal data of millions of present and former federal employees.

Idan Udi Edry, an expert source on cybersecurity, says the industry is a popular target for hackers given the breadth of sensitive employee records that are stored and can be exploited, as well as the propensity for staffers to open unsolicited emails. Concern is mounting that stolen names, addresses and social security numbers could be used for identity theft and blackmail.

His recommendation is that HR and benefit practitioners, including brokerages and advisory firms, secure their Wi-Fi networks, get educated about “phishing” expeditions that poach personal information and practice good cyber hygiene.

The logical starting point of this multi-pronged strategy is a “basic minimum protection of our emails,” since he says it’s the most common form of business communication and everything is online in the digital age. That means having two different lines of communication and ensuring that “not every guest can log into the same network with the employee running the infrastructure between them,” he explains.

A second layer involves information security protection, according to Edry. It entails understanding what type of applications are running and how to secure them. This safety net, which helps flag suspicious emails or unexpected files, extends beyond the organization to include interaction with clients and suppliers.

Another critical step is to protect, and completely separate, core data from other infrastructure of communication with the outside world. An example of what it’s so important is the recent security breach at Equifax, the consumer credit reporting agency, which he describes as “the Hurricane Irma of the cyber world” – an event affecting as many as 143 million people.

Edry and his team at Trustifi, a SaaS company specializing in email encryption and security, have developed software featuring three patents to raise the level of security and efficiency in HR or other departments. Users can access a free trial of the software to experience the power of the tool first hand.

The idea is to secure and encrypt files within a given organization “before they even go out to the world,” he says. As part of this approach, Trustifi uses a “two-factor authentication” for opening emails that are sent and with the encrypted file. In addition, a cyber postmark, much like snail mail, tracks the time and place when the person for whom an email is intended opens that correspondence.

Cyber security has become a critically important task in business, according to Edry, who used to helm a cyber security company named Nation-E and served as head of data and security for Pelephone, Israel’s leading cellular operator.

“This can take down the entire economy of the United States if we don’t wake up and implement the necessary tools to protect our organizations and most core value information,” he suggests.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Connect the Dots and Deter Cyber Criminals

By Trustifi on Mar 28 2017

by Sarah Newman, IT Privacy & Security Guru

I started my career in the data world. The company I worked for had information — data — on every single adult in the United States (we scrubbed out any data on children), in such a wide scope, that we were able to do things like finding your physical address from your email address. When we first started out, our hit rate (the ability to find accurate data based on the input criteria) on a “reverse email lookup” was pretty low — in the neighborhood of 25%. As the world has become more and more connected, and people have become more and more lax about personal information protection, the hit rate steadily increased to almost 75%.

In the data industry, we learned quickly that connecting seemingly random pieces of information, like an email address to a home address, was a simple matter of using the right logic to write a simple algorithm and applying the right algorithm on its course to connect the dots for us.

This knowledge gave us a great deal of insight into how individual pieces of data can be connected to form what’s referred to as Personal Identifiable Information or PII — and why cybercriminals are more than happy to pony up cash to get your email address. With their technical expertise and relatively easy access to your data, they get a high return on their investment with very little difficulty.

So what exactly is a good return on a cyber criminal’s investment? Well, it depends on the data. Let’s take a look at the seedy underbelly of the Internet to help us understand the value of our information.

Where 99% of the connected world lives is called “Surface Web” and it accounts for a startlingly small proportion of the entirety of the Internet. The Internet is very much like an iceberg — most of it below the surface in what is referred to as the “Dark Web”. And much like an iceberg, it’s the part that we can’t see that’ll sink us.

The Dark Web is where your information is bought and sold by relatively anonymous people across the globe, accessing these veritable dark data warehouses on various forums that require a top secret level security clearance to get into. In many cases, these forums are more difficult to access than it was to get the data they’re trading in. Once inside your data is sold as part of a set and paid for in Bitcoin.

The value of your data is based almost wholly on what it contains. Here’s a quick breakdown (in US dollars)

Login Credentials to
Sites like Netflix – as low as $.55
Loyalty or Rewards Sites, and Auction sites: $20 – $1400
Online payment sites, like Paypal:
If your balance is between $400-$1000: $20-$50
If your balance is $5000-$8000: $200-$300
Bank login credentials for a $2,200 balance bank account: $190
Stolen credit or debit card: $5 – $30 per card number

And then there’s the holy grail of data information — “Fullz” — your full information. This ranges in price from $15 to $65 for an average US citizen’s complete record.

The effects of this kind of connecting — getting your fullz — may not be realized by you for years. That’s why it is incredibly important for you to choose an easy cost-effective way to ensure that you and your team protect your information. You are the first line of defense in protecting your identity.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Every Second 51 Emails Are Compromised by Cybercrime. IS YOURS NEXT?

By Trustifi on Mar 22 2017

By: Nancy Richardson, Guest Blogger – VOC Company, LLC (Voice of IT Customer Wizard)

Numb to email hacking stories?  Trust me, I know the feeling. But just because a story is common doesn’t mean we should let ourselves get lax about privacy. Doing so risks far more than the use of your email address….more than you could even imagine a “simple” email hack could expose. A hacked email address could cost you your financial and personal safety.

Most of us have seen ominous emails in our inboxes. Often we click before realizing we’ve just been duped by an unknown someone or source. In our post “oh my goodness! I just clicked on a link and now I’m exposed!” panic, we might think that avoiding email altogether is the best fix. But it’s not. So what can we do to help protect our email, other than just not using it?

The Yahoo! Breach Won the Hacker’s Gold Medal – Who’s Next?

An odd question, given one would think all of us who email have now taken measures. Truthfully, most have not — even affected Yahoo users — because most folks don’t equate email and privacy invasion. We cannot afford to blindly move forward without learning from others. And the damage was big, with hacked Yahoo users at great risk of identify theft for decades to come.

What did Yahoo (or any) users have to do to remediate their hacked account, and protect their identity from then on?  I have included links throughout this blog from identity protection vendors that offer helpful guidance. No simple actions to take – all affect your near and long term buying power:

Inform Your Banks

  • If their email was used for bank account processing or ANY online purchases – large or small.
  • Banks may put your accounts on a Fraud Alert, requiring at least a 2 stage process in purchases using credit cards. So big deal, right?  Think of having to process 2 steps, with bank verification, for EVERY purchase you make, every day. And this goes on for months.
  • Obtaining loans are much more difficult, as your bank filters for risk (it’s their money ‘til you pay off the loan).
  • Many users have to replace their credit and debit cards, affecting whatever auto-pay processes may be in place.
  • Some users have gone as far as closing their bank accounts and opening new ones – or even changing banks.

Adopt Communications & Technology Disciplines

  • Research online expert guidance to prevent as well as react to identify theft
  • Strong password use is a given expectation, but there is a steadfast management discipline that needs to be adopted — and most of us don’t use it. Choosing a passphraseversus a password — one that uses a combination of special characters and numbers — will help thwart hackers.
  • Keep your anti-virus software up-to-date… no matter how tempting it may be to click “remind me later”.
  • Phishing — Don’t be baited. Read Subject lines and review links at least twice before opening
  • Be selective and protective of what confidential private information and documents you email — and how you email them. There are easy inexpensive ways to adopt that simply layer protection and tracking over your own email service.

Take the word “proactive” seriously relative to your electronic communications. Whether personally or professionally, your livelihood is at stake.

So do share! What experiences and advice do you have?

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

The Human Firewall - Strengthening Email Security 1

Sept. 4, 2018

10:00-11:00AM PST

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly. Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly. Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Heading 1

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Heading 1

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Fill Out Form To Sign-Up for Webinar

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization