Spoofs and Email Management

Spoofing email addresses is so common that you might as well accept the fact that you have to scrutinize every message you get. With our switch to a new Office 365 management portal, many clients have been getting emails allegedly from Microsoft, and some are more obvious spoofs than others. It might be time to look at your email management processes.

Hackers use spoofing as a way to get into your computer or network. They are relying on your carelessness to click a link that allows them to introduce some sort of malware that will give them access to your critical personal or corporate data and your address book or contact list. Once they get in there, they can replicate the same message that snared you and hope they get lucky with a few more careless people.

To clean out the malware, we need to isolate the message to see what the hacker is spreading through your system. We’ve received a number of calls from clients in the past few weeks about problems with spoofing, and our issue has been the size of clients’ email folders. Simply put, when there are 100,000 messages stored in the inbox, finding the spoofed message that caused the problem can be extremely time-consuming.

In all likelihood, you’ve run into a similar problem when trying to find a specific message. Outlook gives you some search parameters for finding any message you may have saved, but because of the way most people search, you get a lot more possibilities, and that still slows down your search. And, of course, the more messages you have stored in one place, the longer it takes your program and you to find the message you want.

Setting up an email management system can make your searches more efficient, and it can also help you or any IT support team isolate a message that might be causing a problem with your system. Again, Outlook has a few tools, but you might want to start by creating a system of subfolders within your inbox. For example, I file all emails by client, and within each client, I file them by the year. That makes it easy to get to a place to find a message I want to retrieve. It’s similar to the way most of you would set up folders for documents, photos and videos, and business records.

Of course, that system is only as good as the effort you put into moving messages to folders. If you suffer from a severe case of email overload, you may want to consider an archiving program that works on the back end of your email program. It can be especially helpful for a business, particularly where employees deal with multiple people from the same organization. For as little as $3 per month, it can set up and execute a system that even isolates people within a company, making it easier for you or anyone in your organization to get to a specific message to resolve any kind of problem – customer service or malware.

While home users may not be concerned with customer service issues, there are times when you need to find a message to resolve a problem, and good organization can make a busy life a little less hectic. We can help you set up set up Outlook folders or find and set up an archiving system that works best for your needs. Give us a call – 973-433-6676 – or email us to discuss your email management issues and explore the most appropriate solutions.

Safe Travels, Safe Wi-Fi

It’s getting near spring-break time, and summer vacations will soon follow. You may have seen the reports about wi-fi issues and data security. One of the biggest problems you face is how easy it is to log onto a “fake” wi-fi network – a network that is neither part or your hotel’s system nor secure. But if you pay attention and follow a few simple tips, you can safely stream your favorite content and handle some routine email tasks.

The first and most obvious thing to do is make sure you understand your hotel’s or resort’s log-in information when you check in. Get the proper names of any network that the hotel makes available for you. Then, when you try to log in when you get to your room or sit down at the pool, you can pick out that network from the many that will display when your computers or devices search for the network. Don’t be surprised to see several networks that have spellings or character-and-number sequences that are similar to the networks you were given at check-in.

When you go to log in to the network you’ve selected, you’ll likely be asked for your name and room number. Tip No. 1, don’t enter a correct room number or even a correct name. Misspell your name, if you want. If the network lets you in, then you are not on a legitimate network. If you are denied access with your incorrect info, you should feel confident the network is OK.

Depending on the property’s size and network setup, you may be required to log onto multiple networks. Follow the log-in test for each network. And, most important, make sure everyone in your family or travel group follows that procedure because the breach of one computer or device could compromise everyone in the group.

Also, be aware of network names and connections as you float around. You or one of your family members could inadvertently wind up on an open, unsecured network that can be used to breach your computers or devices to steal information. Tip No. 2, you might want to consider disconnecting from the network when you finish your online session.

Tip No. 3, don’t use a wi-fi network conduct online business, such as credit-card purchases or accessing your bank accounts. You should also avoid wi-fi for logging onto sites related to your health or finances. Instead, use your cellular network. It’s much safer. That may require you to make some additional arrangements with your cellular carrier or to buy and install a SIM card with a data plan for service. However, it’s well worth the time and expense.

Personally, when I travel, I “hotspot” my computer in connection with my cell phone number. It can be expensive (though that’s a relative term), but it removes me from the wi-fi network. So far, hackers have not breached the cellular networks.

Just as a related point, if you are going to depend more on cellular data, make sure you have a plan that will cover your use, and make sure everyone who uses your plan knows its limits. If you’re streaming a lot of video content or gaming, data gets sucked up faster than you can imagine, and charges for exceeding your plan’s limits can be steep.

We can help you prepare for an internet-safe trip or make sure your systems are secure whenever you go remote near your home or office. Call us – 973-433-6676 – or email us to set up an appointment to look at your systems (we can do a lot remotely) and answer your questions.

Managing Storage on Your Devices

It doesn’t get more disappointing than to get a message that you can’t shoot a photo or video because your storage is full. Don’t let a storage shortage limit your ability to capture those memorable vacation moments. You can get the storage you need, and the sooner you do it, the better off you’ll be.

You can sometimes get two storage messages at the same time. One message is that your cloud storage is full, and the other is that your device is full. It’s easier to tackle the first message.

In our opinion, you can maintain enough storage and optimize your storage options by spending money wisely on storage space – both in the cloud and on your computers or devices. We’re sometimes amazed that people won’t spend anywhere from $11.88 (that’s 99 cents a month) to $100 for cloud storage for photos and videos. Whatever mobile platform you use, iOS or Android, there’s a way to buy cloud-based storage to back up any number of gigabytes you need for photos and videos on the fly. Just make sure you do it over a cellular network, which is preferable to a network that’s supposed to be secure, such as a hotel’s network. (See Safe Travels, Safe Wi-Fi.)

The extra cloud storage is the most effective and efficient way to make sure you have storage capacity, and it’s also the best way to make sure you don’t lose any photos or videos because you damage or lose your device. With many people taking vacations at places with water, including cruises, it’s all too easy to drop a phone into the water. You may lose the phone, but it’s replaceable. Your photos and videos are not.

Along that same line, newer cameras have the capability to send your photos automatically to your device or to back them up in the cloud. Although the files sent to your device may be smaller, getting them out of your camera keeps them safe in the event you lose your camera or damage its storage medium.

Getting back to a device, if its storage capacity is full, you’ll need to manually delete data, which could be photos, emails or files that are automatically downloaded by an app. Deletion steps will vary, but it’s an issue you can resolve before your trip.

If you are buying a new device, you can get one with more storage capacity. If we’ve learned anything, it’s that we use our phones for more than we think we will, including more photos and videos. You can use up 16 GB of storage very quickly, and it might be a better investment to spend, say, $100 more to get 64 GB of storage. If you spend the money on more storage now, it could increase the service life of your phone, which brings us to another point.

That other point is that many people tend to hang on to technology longer than they should – and fail to install all the software updates. The result is a slow system that leads to frustration and one that is wide open to a security breach (and that’s all we’ll say about that for now).

Here’s an example of one instance with a photo library with 100 GB of data. The system was too old to work with the pictures and email them – and there wasn’t enough hard disk space to work with the pictures. In addition, the photos on the computer hadn’t been backed up for two years. To make a long story short, it took an entire weekend to back up the photos so that the client could restore them to a new, faster system. Any money that might have been saved by hanging on to the old technology probably got eaten up by the time spent for an overdue upgrade.

Today’s technology is a much better value than yesterday’s latest-and-greatest equipment. Systems are faster, which enable them to handle more tasks in less time, and they can handle the latest software, which enables you to do more things. And the prices are the same, if not less.

The daunting part is trying to figure what will work best for you. Whether it’s a phone, a tablet or a computer, we can help you cut through all the hype to identify a system or cloud-based storage plan that meets your needs – nothing more and certainly nothing less. Call us – 973-433-6676 – or email us to talk about your needs and budgets.

Fraud’s Warning Signs

Anyone who tries to defraud you online – or even on the telephone – is literally banking your carelessness. Take a good look at emails and links and listen carefully on the phone. You can spot the fraud, and if you’re not sure, disengage and call the person you think contacted you – on the telephone – or send a new email, totally separate from the thread.

It’s important to be on “high alert” because the hackers and scammers are at the top of their game, and their targets include trusted advisors, such as accountants and tax preparers. We should state that these people should have secure systems in place and should know not to send or request sensitive, confidential information through email.

But at the end of the day, you need to take ownership of your privacy, so here are some tipoffs that a communication might not secure or might be out-and-out fraudulent.

First, does your accountant normally contact you by email? If not, that ought to raise a red flag. Second, can you absolutely verify that the email is from your accountant? While some email systems are good at spotting something fishy (or phishy), a scammer is betting that you’re not going to pay attention. Check the properties of an email address. It could very well be that cybercriminals were able to recreate the look and feel of an email from your accountant, but unless they actually got into the accountant’s server, a phony email will have a phony email address.

Attachments can be another tipoff to fraud. You should be suspicious if you get an email with attachments that are supposed to be forms, such as a tax form you need to fill out or a return to verify, are you being asked to provide your Social Security number and maybe your birthday? Can you open it without having to go to a secure website and enter a password? That doesn’t pass our initial smell test.

If your accountant does contact you about sensitive information or forms, are you referred to a secure website? Do you have that link with your access credentials safely stored? In a safe world, you can log into your account by entering the website address from your browser and entering your credentials.

If something doesn’t look right, you should always be able to call your accountant on the telephone.

And just to go one step farther this spring, here are some other things to be wary of.

Are you getting emails supposedly from someone you haven’t heard from in ages? And does have a short subject line, such as “hi”, with no message but a link? That’s a sign of fraud and clicking the link could open a breach in your system that can expose your sensitive data.

Are you getting Facebook friend requests from people who are already your friends? That’s generally a fraudulent request by someone looking to get into your system.

Anyone using fraudulent methods to get into your computer system may also be planting some kind of virus or malware to help infect other computers. If you think you may have clicked a link by mistake that could lead to a breach of your system, shut down your computer and disconnect it from the internet. Then call us – 973-433-6676 – so that we can apply our tools and expertise to minimize the damage and clean up your system.

Security Not Top-of-Mind at CES

It’s fair to say I was disappointed when talking to IoT device manufacturers at CES in Las Vegas last month. Security was not the big thing on their minds. And except for a TV screen that you can roll up like paper (which I couldn’t see at the show), there wasn’t anything I wanted to bring home and install.

The lack of emphasis on security was baffling, especially when you consider that a lot of companies at CES were talking about AI (artificial intelligence) and 5G networks. The latter are the newer, faster wireless data networks that will play an important role, along with AI, in the next generation of the IoT, especially autonomous vehicles (AVs), which are expected to be an established mode of transportation in the next 10 years. We’re simply going to require more data at a faster speed to make AVs work.

However, it seems that AI – and maybe 5G – was more concerned with what we’ll be running to the store to buy instead of how we’ll get there. Samsung, which makes refrigerators, among other appliances, started to show off Bigsby, its version of Alexa. And when you combine it with a smart refrigerator, this new power team can create a shopping list for you. You can even use voice commands for your washing machine. OK…

There is still a big push to get more devices into the home, and we certainly have more than our share in ours. We find the ones we have to be either great conveniences or highly useful. We just wish that the manufacturers were paying more attention to security, especially with hacking and information theft so prevalent. However, nothing stood out like that TV that rolls up. I really would have liked to be able to see it, even if I couldn’t buy it.

On the other hand, one of the more ridiculous things I saw was either a blanket or mattress pad with dual temperature control and a discounted price of $2,000. Sony also had a Walkman that weighed 5 pounds and had a heftier price tag: $2,500. Sony said there’s a market for it: audiophiles who want high-quality sound.

Speaking of sound, I took note of Panasonic’s automotive offerings, though none was available for consumer purchase. Rather, it seems that the automotive manufacturers are going to rely more on electronics manufacturers and the mobile operating systems to provide the devices and infrastructure for in-car infotainment systems. As part of that trend, we note that Toyota is dropping its plan to introduce a proprietary infotainment system.

We applaud Toyota’s decision for three reasons:

  1. In-car systems from the automakers don’t work well.
  2. Each in-car system has its own way of displaying and using information, and that can be confusing for people who drive multiple cars, including rental cars, where roads and a car’s system are unfamiliar.
  3. Because they are built into the car, it’s difficult to update them in a timely manner.

Just about all manufacturers offer connectivity to either Apple or Android in-car systems – or both – throughout their product lines. Our devices are already customized for driving directions and play lists, and we know how to use them. We also can make our devices secure in the same way we update our OS and applications on our computers.

I think some exciting new products and changes in the way we use technology are a year or two away, but that doesn’t mean we should sit on our hands. If you need a new IoT product now, we can help you we can help you select and install one for today – and make sure it’s secure – and see how it could fit your future needs. Call us – 973-433-6676 – or email us to talk about it.

Spectre and Meltdown Raise Need to Update

We’ve seen lots of patches from chip manufacturers and operating-system publishers trying to resolve the Spectre and Meltdown issues. Their effectiveness is mixed, but there are a couple of things you can do to help protect your systems: backup your files and update your software.

The patches came out quickly last month, and they kept on coming as chip manufacturers and publishers of apps and operating systems tried to close the open doors that Spectre and Meltdown use to get into a computer. If you installed all the updates, even multiple updates from chip manufacturers and software publishers, you did the best you could to mitigate problems.

If you haven’t installed updates for operating systems, applications, firmware, browsers and antivirus protection, do it NOW. If you have not set up your systems to automatically install updates, we suggest you do that now, too. Every supplier with a stake in your success is working ‘round the clock to shore up any weaknesses in their products. The faster you install them, the faster you’ll protect your systems and data.

Here is what you and the computer industry are up against:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, you risk leaking sensitive information. This applies both to personal computers as well as the cloud’s infrastructure.

Spectre also breaks the isolation between applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets and may actually make applications more susceptible to attacks.

While Spectre and Meltdown affect chips, they resulted in computer failures that, in turn, resulted in the losses of apps and data files. In a number of cases in which our clients were affected, we found that Google Chrome was piece of every problem. We don’t say this to point a finger at Google; we note it to make sure you have the latest version of your browser installed.

In the more severe cases, we had to reinstall software systems – with all the cumulative patches – and data files because everything was wiped out. In the most extreme cases, we had to replace computers. This, of course, required that all data files were backed and that all software for operating systems and applications were licensed.

Using subscriptions for operating and application software can eliminate just about all problems associated with keeping your systems up-to-date and licensed. They also can provide access to backed-up data files to help restore your system. The bottom-line benefit is that if your system is struck by some disaster, which can include Spectre and Meltdown, a ransomware attack, or a virus or malware invasion, we can wipe your computers and servers of infections and initiate clean installations of your operating system, firmware, and application software and then restore settings and data.

Without the subscription, you may need to purchase software and then recreate all of your settings as best as possible. And if you don’t have data files in a separate, secure location, you’ll need to find the latest files you have and then restore them in your recreated system.

As we make these points, we are aware that everyone has budget restrictions. However, you need to look at the costs associated with an interruption due to an IT system failure. Any money you may have saved by hanging onto old equipment and software can be wiped by a single event.

By making smart investments to your system, you’ll be able to maximize your security and efficiency. That’s important for home use as well as a business. More and more, we have multiple users conducting some sort of transactions over the internet, and those activities can take place from remote locations. It’s a continuing trend in our use of technology. Subscriptions are a continuing trend, too, in the way we keep our systems ready to do all the things we do.

We can help you make the best decisions to balance your IT needs and available funds. Call us – 973-433-6676 – or email us to discuss your update needs and develop a plan to meet them.

Tax Season: The Next Scam Season

I don’t know whether more money changes hands during the holiday shopping season or during tax season, but a lot is at stake between now and April 17 as people prepare tax returns. It’s a busy time of year for scammers, most of whom want to use fraudulent information to get your tax return money.

Probably one of the most common scams is someone calling from the IRS to say you owe back taxes. This happens every year and all year long, too. But there’s just one thing we want to remind you about, even if you know it: The IRS does not contact you by phone. Nor does the IRS contact you by email, a form of communications a scammer will use in a phishing expedition. The IRS sends you a letter.

The other scams you are likely to encounter are calls or emails from people or companies offering to prepare your tax returns and even provide you with an advance on your refund. The email scams are more insidious because if you click on a link, it could automatically trigger a breach of your computer that reveals sensitive information. If you follow through on a phone call or link, the scammer is going to request your Social Security number and other info that goes on a tax return. If the scammer is offering to advance you money from an expected refund, they’ll want your banking info, too. Once a scammer has this and other personal information, it’s easy to get credit cards and loans and commit crimes in your name.

From a computing point of view, we again remind you not to open emails from people you don’t know who offer help during the tax season. Delete them immediately. Do the same with an email from someone you know that seems out of context because it’s so easy to spoof an email address. For example, would you really expect Norman Rosenthal or Sterling Rose to prepare your taxes?

You can protect business and home networks and computers by making sure you have new, strong passwords for all networks and accounts. Strong passwords are long and contain a combination of upper- and lower-case letters, numerals and special characters. With the breach at Equifax, the risk of fraud is higher, and one of the problems it can lead to is that someone will file your tax return before you do.

With protection in place, you can use the internet for all of your tax-related activity, starting with IRS’s official website https://www.irs.gov/. In addition to being able to get tax forms and answers to questions, you’ll find links to help you find and verify information about tax preparers, including 10 tips for choosing one.

If you are preparing your own taxes, we recommend you use one of the established software providers to reduce your risk of a security breach, especially when you file online.

While we don’t prepare taxes, we can help you keep your networks and computers secure. Call us – 973-433-6676 – if you think your system may have been compromised. Call us or email us if you have any questions about system security or security settings for any software you use for tax preparation and filing.

Unsecure Security Cameras

As more businesses and homes add security cameras to monitor their premises, hackers are enjoying the view, too. While camera manufacturers can and should secure the backdoors to their systems, there are also steps you can take to protect your property.

We’re seeing an uptick in security camera systems being hacked, and one recent incident involved one of our retail clients and a newly installed system. Surveillance makes a lot of sense for retailers, especially if a camera image can help identify thieves. However, surveillance can also tip off potential thieves about the location of targeted goods to steal and camera blind spots, and sometimes your security system manufacturer leaves a back door open for Peeping Toms.

We discovered this possibility while working with a retail client. Both of us were surprised when a new system was hacked, and we had to pull a lot of information from our client when we responded to a call that the cameras weren’t working. We checked the system and found that not only had they lost their network, they also had some weird, out-of-character names for firmware and software upgrades.

We restored the network and the camera system, but it went out again the next day. We asked about changing camera-system names, and decided to call the manufacturer. In our conversations, we learned that the manufacturer had left a back door open, so they could work on various systems. From them, we learned how to close the back door so that our client’s system would be secure.

As disturbing as our experience was, it just reinforced our message to everyone with an IoT system, such as security cameras, to take these important steps:

  1. Change the default usernames and passwords that manufacturers supply with the equipment.
  2. Make sure you install all software and firmware updates for your IoT systems and your firewall.
  3. After you install any new or updated software or firmware, go back and check that there are no changes to any unique information you may be added.
  4. Recheck that information periodically to make sure nothing had changed.

If you see something that doesn’t look right, report it to us right away. Hacking is only going to become more problematic in 2018, and it only takes one intrusion point to open your entire system to cyberthieves. It can be devastating for you if it’s your home system, but it can much more devastating if it affects any client or customer information you’ve collected. Reach us by phone – 973-433-6676 – or email to close your back doors, side doors and trap doors.

Protecting Your Email Accounts

My dad wasn’t getting his personal email for a few days and thought it was because his service was down. We found otherwise, and he wasn’t the only victim. The message here is: Pay attention to oddities.

One of my dad’s symptoms of an email problem was that he wasn’t getting any messages. Unfortunately, that symptom doesn’t raise too many eyebrows these days because he figured a server was down – again.

But when the problem continued, he called, and we logged in to discover that his email was being forwarded to a Gmail account. We were able to re-secure his account, and it was one of those “no harm, no foul” situations this time. Next time, he might not be lucky.

But my dad wasn’t the only victim of an email invasion. One of our clients with an international business discovered that for a couple of days, all of their email was going into the “deleted” folder. They were expecting to have money wired in, so the email problem put them on heightened alert.

When we investigated, we found that they had been hacked and that hackers had added a rule to their email system that sent messages to the “deleted” folder and also forwarded the messages to an email address they had set up.

Both instances point out the need to be vigilant – and to follow safety precautions we’ve mentioned many times before.

  1. Make sure you have a strong password.
  2. Use long passwords that include upper- and lower-case letters, numerals and special characters.
  3. Change your password periodically.
  4. Never put information such as Social Security and bank account numbers in emails. They’re so easy to get picked off by hackers.
  5. Avoid sending emails that have umpteen thousand addresses in the “To” and “Cc” lines. It’s very easy for hackers to insert their own email address into someone else’s name and start a phishing expedition that could reel in sensitive, private information.

If you notice something funky about your email, get in touch with us right away. Call us – 973-433-6676 – or email us to help secure your email.

Managing Assistants

Alexa, Google Home, Siri and Cortana are online assistants who can help you get information and even order products without you ever having to tap a screen or look at one. They are a convenience, but they also raise privacy and security issues.

Siri (Apple) and Cortana (Microsoft) are associated with devices, such as phones, tablets and computers. In that type of user environment, you need to activate them with the device in your hand or on your desk, and they’re typically used for getting information, such as the weather, restaurant info or the answer to which person played for both the New York Rangers and Brooklyn Dodgers.

Alexa and Google Home may present other issues. In addition to answering questions, Alexa is tied to Amazon and its online shopping capabilities. We hear that Google Home may tie in with Walmart. With shopping available, you have another layer of concern. Somewhere, they have access to your credit-card information, and it may be possible for any voice to make a purchase.

We’ll be going to CES, the huge annual trade show for consumer electronics, in Las Vegas this month, and we plan to talk to all the manufacturers about their security and privacy protection measures. Until we have more information, here are some things you should know and can do to minimize your risk of a privacy breach or unwanted purchase – especially with Alexa, whom I call Alex when I don’t want to wake her.

Alexa and her fellow assistants remain asleep until they hear their “wake” word, but their microphones are always on. Being on is how they stay ready for your commands, but they should not be active until you wake them. So, here are some ways to help you protect from someone turning them on without your knowledge:

  • Change your “wake” word. Like most things in the IoT world, these assistants come with a default “wake” word. Go into the setup menu on the app, which you can get for your cell phone, and change it.
  • Use the mute button. Yes, it’s a pain to physically walk over to Alexa and push a button (some of you will cringe at memories of getting up to change a television channel), but it is effective – and easier than trying to run through 80-something over-the-air TV channels.
  • Use a PIN to make purchases or disable the function to make purchases by voice commands. Again, it’s an inconvenience, but we’ve discussed the tradeoff between security and convenience many times before.
  • Keep them away from windows so that any activity outside doesn’t activate them.
  • Use your app to see what’s been recorded through your assistant and delete any or all of those recordings. You can also your app to configure and toggle sound notifications, even for multiple units in one home (or office).

You can also follow the IoT cybersecurity steps we’ve published over the past year or so:

  • Change default usernames and passwords immediately. Make your new passwords strong and unique.
  • Install upgrades and updates from your IoT manufacturers. They usually contain security patches and bug fixes.
  • Make sure your Wi-Fi systems and firewalls are secure. That’s your first line of defense. Install upgrades and updates for your gateways and anti-virus and anti-malware apps.
  • Only use secure Wi-Fi networks.

We can audit your Wi-Fi security and help you fine tune the settings for your virtual assistant. Just call us – 973-433-6676 – or email us for an appointment, and follow us on Twitter and Facebook for reports from CES.