Lowdown on Hijacked Email

Emailing information is fast and convenient. We do it often without a second thought – and that discarded second thought can come back as a painful reminder that you need to be careful to prevent your email address from being hijacked.

There really isn’t a lot you can do about hiding your email address or anything else, for that matter, even if you never go online. That really came home to us personally when we moved this summer. The purchase of our new house, the sale of our old house – everything – was public record. My email address is out there because it’s part of my business. I want people to contact me.

So, it’s there, and it can be planted like a seed. What happens? Well, you might be one of 25 people getting a message as an addressee or cc. If someone has hacked one of those person’s email accounts, it’s like the fox getting into the henhouse.

Here’s what can happen. All the hacker needs to do is substitute an email address for any one of the 25 addresses in the list. If I’m one of those people, for example, my name only, Norman Rosenthal, might appear in the list. But unless you hover your mouse over my name, you won’t see my email address: [email protected]. If hacked, the message to Norman Rosenthal could unknowingly go to [email protected]e.ru. (More hacking originates from Russian domains than anywhere else in the world.) So, when you hit Reply to All, the message – and all those names – go to a bad guy who can try to penetrate everyone’s computer.  If he’s successful, he can plant a virus or malware of some sort on every computer in an address book that doesn’t have good protection. He can send a scam message and get a bite, or – if you read the previous article, the bad guy can get into an Outlook file that has user names and passwords for bank accounts.

You can prevent your email address from being hijacked by using some common sense and taking a few precautions.

  • Most obvious, if something looks funny or out of character, don’t open the email or click on links. If a request from a friend doesn’t seem right, pick up the phone and call if you must do something. Otherwise, just delete it.
  • Use strong passwords for all online access to your email accounts.
  • If you’re sending usernames, passwords or account numbers, don’t send it to a big list. Send it to one person and send it in a series of emails. Put part of the info in each email. That way, if one gets intercepted by chance, the hacker likely will not be able to piece all the info together.
  • Use bcc if you must send a message to a long list of email addresses. It will prevent those massive Reply-to-All responses. Remember, if 25 people send Reply-to-All responses, those addresses are being exposed 225 times.
  • If you’re buying or selling something over the Internet, such as on Craig’s List, hover over names and email addresses and make sure it feels right to you.

We’re available by email or phone – 973-433-6676 – if you have any questions about ways to prevent your email address from being hijacked.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

Credit Cards: Small Businesses are Big Targets

Accepting credit cards is a way of life for many small businesses, and most owners don’t give a second thought to extra layers of data security. After all, what can a small mom-and-pop store have that would be attractive to hackers? Well, as it turns out, small businesses are big targets because they’re pretty easy to hack – and a valid credit card number is a treasure.

The Wall Street Journal a year ago chronicled the tale of a newsstand owner with two stores who was victimized. And even though he thought he was taking precautions to protect his customers’ data, cyber thieves planted a software program on the cash registers at his shops that sent customer credit-card numbers to Russia. At the time the story was written, he was out about $22,000 because the credit-card company said he didn’t do enough. They said his weak password for his cash-register software, pos, was easy for hackers to try.

But a weak password is only part of the problem for most small businesses. Too many small businesses store passwords to sensitive data in Outlook or other email clients, and the data can frequently be found easily hacked Excel spreadsheets. Even if you have antivirus and antimalware software, there are numerous ways that hackers can find their way into your system. For some, it’s like taking candy from a baby.

However, you can put up some protective fences around your data. The measures may cost a little more money than you’d like, but those costs are smaller than the liability you could face from a breach of your data.

  • Get “business-grade” antivirus and antimalware software. We offer it for $4.25/mo/computer, and we set it up and monitor your threat activity. In addition, we assist you on any software changes you make to ensure that your virus and malware protection remain at your expected level of performance. Why is this important? You need to protect yourself against somebody installing a Trojan horse that can turn up years later. The newsstand owner’s system was compromised two years before anything happened. You can have the same protection that big corporations buy.
  • Don’t keep user names and passwords in Outlook folders or Excel files. To be honest, they shouldn’t be on a computer. You should write them down on a piece of paper and store them under lock-and-key. Having your data compromised through an email backdoor is a growing problem. (See Lowdown on Hijacked Email, the next article in this newsletter issue.) If you get an email from your bank, credit-card processor or PayPal, don’t just click and reply. Hover over any link or email address and see where it’s really going. Better still, go to your provider’s website independently of the email or pick up the phone and call customer service.
  • Use strong passwords. If I had a nickel for every a-b-c or 1-2-3 password I’ve seen, I’d be managing a large investment portfolio instead of IT systems. Make your passwords long or complex or both. Use uppercase and lowercase letters, numbers and special characters.
  • Keep your Wi-Fi network secure. Networks are all over the place in commercial and residential areas. Just take out your smartphone and see how many networks are in your range. If your network is unprotected, anyone can sit in range unnoticed for as long as they need to find a pathway to your valuables

We would welcome the opportunity to provide a free risk-management assessment of your practices and systems. Call us at 973-433-6676 or send us an email and feel more secure.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.

The Device Trap

When I was a kid in New Jersey, we were careful about having long telephone conversations with people in California because it was very expensive. Last summer, my wife and I thought nothing about calling our kids in New Jersey from our vacation in Australia because an Internet phone call was free.  We associate the Internet with free, but that can be a costly trap when streaming content over the ‘Net onto tablets and smartphones.

What used to be a mobile telephone is now a “connect from anywhere for anything” device. Besides talking on one, we use it for email, calendars, web browsing and a growing number of apps that allow us to buy coffee or whatever at Starbucks or turn off the lights in our homes from hundreds of miles away. Apps also allow us to watch a TV show, sporting event or movie on our device from any place with enough available bandwidth.

It’s all so cool that many people don’t pay attention to how many gigabytes of information they download for music and movies – in addition to browsing the web or checking email.

I’ll have a few words about email later in this article because it deserves a special look. But for now, let’s focus on streaming content.

If you have your device connected to a Wi-Fi network, it’s the same usage as sitting at a desktop computer. You’re not using a cellular network. However, as soon as you tap into that 4G network, your provider can see, measure and charge you for all the bandwidth you’re sucking out of the network.

Yet, our providers have conditioned most of us to use our devices. Voice (telephone conversations) and texting are low-cost, high-margin products for them to give you. So, it’s easy for you to buy hundreds of phone minutes and dozens, if not unlimited, text messages. It’s a natural extension of this conditioning to check football scores or breaking news stories, for example, and then watch the video highlights on a phone or tablet that’s connected to the mobile network.

Before you know it, you’re hit with overcharges, unless you’re one of those rare souls who monitor the use of each device on your plan. But that’s not the only function that eats bandwidth.

Remember email? With built-in cameras, we can take pictures or video with our smartphones and send them directly to family and friends. Have you looked at the size of those files? The iPhone default, just to make the point, is 2 megabytes – enough to print a huge enlargement of a picture you’re going to delete. That’s bandwidth. The videos of kids and pets doing cute things? Even more bandwidth. Those YouTube videos or feature movies? Major bandwidth.

Eventually the prices providers charge will come down as market forces and economies of scale kick in. In the meantime, there are things you can do and urge your friends and family to do to reduce bandwidth and move the cool stuff and data faster. You might want to pass these along.

  • Choose a smaller file size when emailing pictures. Unless somebody is looking to blow up a picture to hang on a wall, a small, lower-resolution file will look just fine on a tablet, laptop or smartphone screen.
  • Connect to a Wi-Fi network whenever possible. Just about every smartphone or tablet on the market today gives you the ability to seek a network connection. Make that connection whether it’s at a coffee shop, restaurant, supermarket, office building, home, airport or Amtrak network.
  • Be aware of bandwidth. Just as we did when we called “long distance” to California, realize that there are limits and costs and make the choice to use your bandwidth on your terms.
  •  Maximize your network’s power. There are many ways to make sure you get a strong-enough Internet connection to any part of your office or home. We covered that in our May newsletter article about routers.

We can upgrade your home or business network to reduce cellular network use. We also would be happy to do a lunch-and-learn at your business or speak before a group to show you ways to enjoy all the cool content out there without breaking the piggy bank.  Give us a call at 973-433-6676 or drop us an email to take the next step.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.