The Power of an Email Address: Our Digital Identity

April 10, 2018

10:00-11:00AM PST

Bill’s first sign of trouble came with a few unexpected “authentication” requests — you know those follow-up texts or emails that banks, Amazon, or Google send when your account is accessed from an unknown computer? A few of his online accounts were being logged in from such faraway places as Armenia, San Paolo, and even Muncie, Indiana.

(For the record, Bill lives in San Diego and has never been to those places)

Bill wasn’t sure what was going on but was soon locked out from a number of his social accounts, and now needed to validate his identity, change a few credentials, keep track of the new creds, etc. While it was an imposition on Bill’s already busy day, resetting access to his Twitter feed wasn’t really a huge deal.

That said, it was a little unnerving to Bill to think that someone actually got into his accounts, but from what he could tell, no real harm was done. No one posted anything crazy in his name, Bill’s status wasn’t changed to “separated” on Facebook, his LinkedIn profile still reflected his current job — all looked pretty ok. Bill figured all this must have just been a glitch in the matrix…

It was not a glitch in the matrix.

After a bit of research, Bill discovered that his emails were somehow being intercepted and that this had been going on for an undetermined period. He didn’t know if the hacker had been reading or stealing all of his emails for the past year or if it was sporadic theft for an even longer period, but no matter. This breach opened a Pandora’s box of trouble that gave Bill a headache in the short term but could evolve (devolve?) into privacy and financial troubles that he couldn’t yet define or foresee.

Bill Could Be Anyone
This is Bill’s story, a warning shout to the world to get us all to deeply consider how email is used in our lives and perhaps how we need to better defend a daily used but invisible “pipe” into our homes — one just as important as electricity or water.

Way beyond just a casual correspondence method, our email today transmits and stores all manner of information — some obviously confidential as well as other oft-shared information that can be leveraged for a longer term con.

Those multi-factor authentication requests mentioned at the top? Stop for a moment and try to remember how many accounts you set up where the secondary verification goes to your email. You’re probably like Bill; when two-factor verification caught on a few years back, he sometimes gave “the system” his cell phone number so it could text back a passphrase or code. And (now) regrettably, he also at times provided his email address, believing that his inbox was secure from prying eyes.

In the unknown period between the first email breach and Bill finally catching on to it, a few intercepted email authentications allowed the hacker to access the social accounts mentioned earlier. Who opened Bill’s emails? It was a frantic time of reflection and reaction, trying to reset everything — passwords online and new verification codes. And of course, Bill finally replaced all email two-factor authentications with his mobile number.

And Your Contacts? More Vulnerable by Association
With all that behind him, Bill hoped that that was it, and wouldn’t have to deal with any further hassles resulting from his email breach. It turns out he was mistaken, and down the road, this hack could end up costing Bill “real money.”

By now everyone’s heard of “phishing” — those bogus emails that look like a legitimate Google or Amazon login reset page, or an email claiming to be from your company’s CEO. These scams try to trick you into clicking on a malicious link in the email or sends you to a fake web page that instructs you to enter in your user ID and password. In the latter case, the hacker attempts to gather privileged login info, whereas the former sends your browser and computer to malware hell, downloading ransomware that can lock up your system or destroy data.

Phishing’s the shotgun or wide net hack, whereas “Spear-phishing” (as the name implies) is a much more targeted approach that aims for big fish rewards.

Until this email breach, Bill never realized casual interaction with his family and friends could be leveraged for spear-phishing. Within these emails contained information that he now realizes he probably shouldn’t have also used as personal identifiers for his various online accounts. Who cares that Bill recently moved to X address from his old Y address, that his dog’s name was Chewie, and that his high school had its 10th-year reunion?

Evidently, all that data (and scads more) are hard currency in the dark recesses of the Internet, as they can be used as vectors of information that can enable hackers to build a profile of us they can eventually exploit.

Bill’s hacker (or hackers) are the worst kind — patient and methodical to collect and triangulate data. It wasn’t enough to just invade his privacy or to mess up Bill’s access to social media and a few other accounts. There was a deeper con at work to extract relevant PII (Personally Identifiable Information) from Bill’s email to ultimately impersonate him and obtain a unique combination of information that could actually be monetizable.

On its own, all the PII in Bill’s email could be viewed as just disparate islands of random information. But in aggregate, this data can be combined and ultimately exploited to lure in big money fish:
– Online financial or government accounts that require layers of personal info to either login or to use as backup passcodes/phrases.
– Distinct information combinations that compel action from authorized agents of your funds (a CEO’s assistant, Bill’s financial advisor or his parents).

Protect Than Email Like it’s Your Wallet
Thankfully, we’re far from powerless. There are numerous security “backstops” and hygiene that we all should be aware of and actively practice to counter these threats:
– Don’t use email as a secondary authenticator!
– Don’t accept calls from anyone posing as agents, always verify before action (wiring funds)
– Stop oversharing PII

But along with taking a hard look at our own security and privacy behavior online, this incident forced Bill to question his long-standing assumptions on the safety of our collective internet “infrastructure”. How does his email get from point A to point B? And is any kind of password ever good enough?

This incident proved to be a jolting wake up call for Bill, as he never really thought about the data flowing to and from his accounts, let alone if it could be exploited. Are our emails protected or encrypted in any way? Who can he trust? Should he rely on Gmail, or just depend on his internet provider? We know that companies have to protect their communications to each other, but is there an affordable solution for consumers like Bill as well? Are there email security options “as good” as the protection/encryption that companies use?

If this information is unnerving, downloading a free trial of Trustifi’s email encryption software may give you peace of mind.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How Hackers Can Use Email to Unlock Other Accounts

Nov. 22, 2017

10:00-11:00AM PST

Experts estimate that more than 4 billion data records were stolen in 2016. This means that all over the world, people are experiencing the jarring realization that their most personal information has been compromised.

Websites might not keep your information safe.
In 2017, Clutch, a ratings and reviews firm based in Washington DC, conducted a survey of over 300 website managers. They found that once websites collect user information, nearly half (48%) store information directly on their websites.

As a visitor to these websites, it can be difficult or impossible to know what protective measures are being taken on the backend. Outdated plugins, unsecured input fields, and other flaws can leave your information unprotected.

If you can’t count on the websites you use to keep your information secure, you’ll need an email encryption provider to ensure that hackers won’t break through.

Online accounts can provide clues to your passwords.
It’s rare to sign up for a website account that doesn’t require several pieces of personal information. If hackers are able break into a website and obtain your email address, chances are they also have access to other commonly collected information such as your location, birthday, and name.

Taken together, these pieces of information can allow hackers to track down even more information about you, such as where you went to school, whether you’re married, where you work, or even how many pets you have.

Most people base their passwords around personal information such as a loved one’s birthday or pet’s name, so the information hackers find makes it easy for them to begin guessing the passwords to your account.

“With an email address, [a hacker] won’t have to work a lot in order to retrieve privacy information,” patented email security provider, Trustifi CEO Idan Udi Edry pointed out in an interview. “The combination of an email address and a name is enough to start the reconnaissance on someone as a user.”

The safest approach is to use long, randomized passwords alongside encryption. A password manager can help ensure that you always have access to the accounts you need, without having to worry about memorizing complex passwords.

Synced accounts use your email to unlock other information.
Many websites now offer the option of syncing your email account rather than entering new account information. From a security perspective, there are pros and cons to this approach.

Part of the reason that users put their trust in large companies such as Google is because these companies have the resources to invest in advanced security measures.

However, connecting too many accounts to your email also presents a high degree of risk. If a hacker manages to steal or guess your email login, they could be seconds away from accessing most of your online presence, from a retail account with your credit card information to the bank account that holds your child’s college fund.

Still, syncing new accounts to your existing email account can feel like a convenient solution remembering numerous complex passwords. If you are unwilling to give up this habit, it’s even more important to make sure that your email has the most rigorous protection possible.

Don’t go it alone. Your data is too important. Trustifi can help you understand how hackers view email as a gateway into your other private accounts so that you can anticipate and block attacks before they happen.

If this information is unnerving, downloading a free trial of Trustifi’s email encryption software may give you peace of mind.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Why cybersecurity hygiene is so vital to HR

By Trustifi on Oct 13 2017

By Bruce Shutan

Of several high-profile cyberattacks that have recently taken place around the world, 2017 began with a so-called ransomware assault aimed at HR departments. Its disguise: an Excel document purportedly containing a job applicant’s curriculum vitae or CV and aptitude tests for consideration.

The harrowing incident came two years after the U.S. Office of Personnel Management was hacked, which compromised the personal data of millions of present and former federal employees.

Idan Udi Edry, an expert source on cybersecurity, says the industry is a popular target for hackers given the breadth of sensitive employee records that are stored and can be exploited, as well as the propensity for staffers to open unsolicited emails. Concern is mounting that stolen names, addresses and social security numbers could be used for identity theft and blackmail.

His recommendation is that HR and benefit practitioners, including brokerages and advisory firms, secure their Wi-Fi networks, get educated about “phishing” expeditions that poach personal information and practice good cyber hygiene.

The logical starting point of this multi-pronged strategy is a “basic minimum protection of our emails,” since he says it’s the most common form of business communication and everything is online in the digital age. That means having two different lines of communication and ensuring that “not every guest can log into the same network with the employee running the infrastructure between them,” he explains.

A second layer involves information security protection, according to Edry. It entails understanding what type of applications are running and how to secure them. This safety net, which helps flag suspicious emails or unexpected files, extends beyond the organization to include interaction with clients and suppliers.

Another critical step is to protect, and completely separate, core data from other infrastructure of communication with the outside world. An example of what it’s so important is the recent security breach at Equifax, the consumer credit reporting agency, which he describes as “the Hurricane Irma of the cyber world” – an event affecting as many as 143 million people.

Edry and his team at Trustifi, a SaaS company specializing in email encryption and security, have developed software featuring three patents to raise the level of security and efficiency in HR or other departments. Users can access a free trial of the software to experience the power of the tool first hand.

The idea is to secure and encrypt files within a given organization “before they even go out to the world,” he says. As part of this approach, Trustifi uses a “two-factor authentication” for opening emails that are sent and with the encrypted file. In addition, a cyber postmark, much like snail mail, tracks the time and place when the person for whom an email is intended opens that correspondence.

Cyber security has become a critically important task in business, according to Edry, who used to helm a cyber security company named Nation-E and served as head of data and security for Pelephone, Israel’s leading cellular operator.

“This can take down the entire economy of the United States if we don’t wake up and implement the necessary tools to protect our organizations and most core value information,” he suggests.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Connect the Dots and Deter Cyber Criminals

By Trustifi on Mar 28 2017

by Sarah Newman, IT Privacy & Security Guru

I started my career in the data world. The company I worked for had information — data — on every single adult in the United States (we scrubbed out any data on children), in such a wide scope, that we were able to do things like finding your physical address from your email address. When we first started out, our hit rate (the ability to find accurate data based on the input criteria) on a “reverse email lookup” was pretty low — in the neighborhood of 25%. As the world has become more and more connected, and people have become more and more lax about personal information protection, the hit rate steadily increased to almost 75%.

In the data industry, we learned quickly that connecting seemingly random pieces of information, like an email address to a home address, was a simple matter of using the right logic to write a simple algorithm and applying the right algorithm on its course to connect the dots for us.

This knowledge gave us a great deal of insight into how individual pieces of data can be connected to form what’s referred to as Personal Identifiable Information or PII — and why cybercriminals are more than happy to pony up cash to get your email address. With their technical expertise and relatively easy access to your data, they get a high return on their investment with very little difficulty.

So what exactly is a good return on a cyber criminal’s investment? Well, it depends on the data. Let’s take a look at the seedy underbelly of the Internet to help us understand the value of our information.

Where 99% of the connected world lives is called “Surface Web” and it accounts for a startlingly small proportion of the entirety of the Internet. The Internet is very much like an iceberg — most of it below the surface in what is referred to as the “Dark Web”. And much like an iceberg, it’s the part that we can’t see that’ll sink us.

The Dark Web is where your information is bought and sold by relatively anonymous people across the globe, accessing these veritable dark data warehouses on various forums that require a top secret level security clearance to get into. In many cases, these forums are more difficult to access than it was to get the data they’re trading in. Once inside your data is sold as part of a set and paid for in Bitcoin.

The value of your data is based almost wholly on what it contains. Here’s a quick breakdown (in US dollars)

Login Credentials to
Sites like Netflix – as low as $.55
Loyalty or Rewards Sites, and Auction sites: $20 – $1400
Online payment sites, like Paypal:
If your balance is between $400-$1000: $20-$50
If your balance is $5000-$8000: $200-$300
Bank login credentials for a $2,200 balance bank account: $190
Stolen credit or debit card: $5 – $30 per card number

And then there’s the holy grail of data information — “Fullz” — your full information. This ranges in price from $15 to $65 for an average US citizen’s complete record.

The effects of this kind of connecting — getting your fullz — may not be realized by you for years. That’s why it is incredibly important for you to choose an easy cost-effective way to ensure that you and your team protect your information. You are the first line of defense in protecting your identity.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Every Second 51 Emails Are Compromised by Cybercrime. IS YOURS NEXT?

By Trustifi on Mar 22 2017

By: Nancy Richardson, Guest Blogger – VOC Company, LLC (Voice of IT Customer Wizard)

Numb to email hacking stories?  Trust me, I know the feeling. But just because a story is common doesn’t mean we should let ourselves get lax about privacy. Doing so risks far more than the use of your email address….more than you could even imagine a “simple” email hack could expose. A hacked email address could cost you your financial and personal safety.

Most of us have seen ominous emails in our inboxes. Often we click before realizing we’ve just been duped by an unknown someone or source. In our post “oh my goodness! I just clicked on a link and now I’m exposed!” panic, we might think that avoiding email altogether is the best fix. But it’s not. So what can we do to help protect our email, other than just not using it?

The Yahoo! Breach Won the Hacker’s Gold Medal – Who’s Next?

An odd question, given one would think all of us who email have now taken measures. Truthfully, most have not — even affected Yahoo users — because most folks don’t equate email and privacy invasion. We cannot afford to blindly move forward without learning from others. And the damage was big, with hacked Yahoo users at great risk of identify theft for decades to come.

What did Yahoo (or any) users have to do to remediate their hacked account, and protect their identity from then on?  I have included links throughout this blog from identity protection vendors that offer helpful guidance. No simple actions to take – all affect your near and long term buying power:

Inform Your Banks

  • If their email was used for bank account processing or ANY online purchases – large or small.
  • Banks may put your accounts on a Fraud Alert, requiring at least a 2 stage process in purchases using credit cards. So big deal, right?  Think of having to process 2 steps, with bank verification, for EVERY purchase you make, every day. And this goes on for months.
  • Obtaining loans are much more difficult, as your bank filters for risk (it’s their money ‘til you pay off the loan).
  • Many users have to replace their credit and debit cards, affecting whatever auto-pay processes may be in place.
  • Some users have gone as far as closing their bank accounts and opening new ones – or even changing banks.

Adopt Communications & Technology Disciplines

  • Research online expert guidanceto prevent as well as react to identify theft
  • Strong password use is a given expectation, but there is a steadfast management discipline that needs to be adopted — and most of us don’t use it. Choosing a passphraseversus a password — one that uses a combination of special characters and numbers — will help thwart hackers.
  • Keep your anti-virus software up-to-date… no matter how tempting it may be to click “remind me later”.
  • Phishing — Don’t be baited. Read Subject lines and review links at least twice before opening
  • Be selective and protective of what confidential private information and documents you email — and how you email them. There are easy inexpensive ways to adopt that simply layer protection and tracking over your own email service.

Take the word “proactive” seriously relative to your electronic communications. Whether personally or professionally, your livelihood is at stake.

So do share! What experiences and advice do you have?

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

The Human Firewall - Strengthening Email Security 1

Sept. 4, 2018

10:00-11:00AM PST

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly. Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly. Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Heading 1

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Heading 1

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

Fill Out Form To Sign-Up for Webinar

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization