Secure Your Email

Email security continues to be the most vulnerable security link in your email chain. Ninety-six percent of all phishing attacks use email, and some three billion emails are launched daily. Phishing can cost businesses $26 billion annually. The more email accounts you have, the more vulnerable you are.

One of our clients had six email accounts, all of them created for a variety of legitimate reasons. The problem is that it meant they had to guard six doors against intruders. That’s worrisome enough, but if you use multiple email clients, such as Outlook and Gmail, you need to deploy your security measures in line with each client.

Google’s Gmail has a particular vulnerability. According to a report from Malwarebytes, Russian hackers were able to bypass Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks. They did it by posing as US Department of State officials in advanced social engineering attacks, building a rapport with their target, and then persuading them to create app-specific passwords (app passwords). App passwords are special 16-digit codes that Google generates to allow certain apps or devices to access your Google Account securely, especially when you have MFA enabled.

Outlook faces several significant security challenges, including vulnerabilities that allow for remote code execution, phishing attacks, and the potential for credential theft. These vulnerabilities can lead to data breaches, unauthorized access, and the spread of malware.

Here’s how to strengthen your defenses.

  • Only use app passwords when absolutely necessary. Change to apps and devices that support more secure sign-in methods whenever you can.
  • Authenticator apps, such as Microsoft Authenticator, or hardware security keys (FIDO2/WebAuthn), are more resistant to attacks than SMS-based codes.
  • Stay up to date on phishing attempts. Attackers often bypass MFA by tricking users into revealing credentials or app passwords.
  • Keep an eye on unusual login attempts or suspicious behavior, such as logins from unfamiliar locations or devices. Limit those logins where possible.
  • Regularly update your operating system and the apps you use to patch security vulnerabilities.
  • Enable automatic updates whenever possible so you don’t have to remember them yourself.
  • Use security software that can block malicious domains and recognize scams.

When it comes to SMS-based codes, we want to emphasize one particular vulnerability: SIM swapping. It’s one of the internet security industry’s biggest worries.

It’s undetectable and it works like this:

  • A hacker puts your mobile phone number on a SIM card installed in their own phone.
  • Using their phone, they get your authentication code, which gives them access to a website or email account.

Despite this vulnerability, SMS-based codes are better than nothing. At a recent training seminar, we learned that many people don’t use any kind of 2FA or MFA methods at all. That is totally unacceptable.

We can help you – and your employees and family members – set up better security measures on all apps devices. Call us – 973-433-6676 – or email us to discuss your needs and develop an action plan.

Read Your Email Before You Open It

Phishers, shmishers and other bad actors on the internet are getting really good at disguising themselves. They’re learning English better, designing their graphics better and even spelling better.

All of this means is that you need to start reading your emails more closely before you ever open them. Whether you’re using Microsoft Outlook or Gmail, the attack strategy is the same. We’ve warned for years and years that scammers rely on you being distracted or trying to do too much in too little time.

But now, the hackers are getting better at combining better language and graphics with holes or workarounds they find in website security systems. It’s not a new problem, but it’s becoming more widespread. ZDNet has an extensive article on how it affects Google and Gmail, but the principles are similar for Microsoft and Outlook. You need to take a close look at every email address for incoming email and every address or website link before you click on anything.

In the article, there was an example of how an email looked like a normal Gmail message, and it had links to what realistically looked like a legitimate Google support site. But a closer look revealed that it went to a Google Sites website. Google Sites is a free, web-based platform from Google for creating websites. It’s particularly useful for internal team sites, project hubs, or public-facing websites, and hackers have uses for it, too. A link to a Google Sites website came from no-reply@google.com, which is a legitimate but spoofable email address. The hackers or creators of that site were able get through some authentication workarounds to bypass safety measures used to stop this sort of attack.

You can see where this is going. One tech industry solution would be to require stronger forms of authentication or more authenticators. But as we’ve said over and over again, you need to take matters into your own hands.

In your email client, you can hover over the address that the email comes from and see who it’s really from. Even if you have opened a particular email, you can slowly and carefully read any email address or website link to see if it raises any suspicions. One thing that should raise a yellow or red flag is an urgent call to action, such as uploading a file or clicking a link to investigate a problem. A Google Sites website will have Google in its URL, and that could be a trap. Not to pick on Google, but any fake site can use a legitimate domain variation to snag you.

Here’s one checklist to help you spot a fraudulent email or website:

  1. Beware of any email that urges immediate action and tells you might face negative consequences.
  2. Check the “from” and ” to” email addresses. If the ” from” domain isn’t the actual company or the “to” recipient is not you, it’s likely a scam.
  3. Avoid clicking on links in the email and look at the context. Would Google send you a legal complaint and direct you to the Google Sites domain? We don’t think so!
  4. Run an online search for the content of the email to see if others have reported it as a scam or received a similar email.

If you think you may have clicked on a malicious website or may have downloaded some malicious software, call us immediately at 973-433-6676. We have tools to see what is on your computer and to remove the malware from your system.

Time to Reassess Your Email Provider

If you have your email with your internet service provider (ISP), it might be a good time to take a look at what you’re getting, what you could get, and what you might lose.

First, ISPs provide email as a loss-leader service to keep your internet (and maybe cable TV) business. That internet business is critical to their success because more small businesses, home offices and consumers are using more data to run their businesses or live their lives. They’ve built the infrastructure to connect to your home or office. Now, it’s mostly a matter of adding capacity at a central location and using a few keystrokes to provide you with more internet capacity for whatever you need. As a result, they pay only enough attention to your email to prevent a catastrophic failure.

We saw the ISP-email problem firsthand during the past holiday season. Our client had email from Microsoft Hot Mail, but it was through their ISP. We thought it would be an easy fix, but when the problem escalated, the ISP erroneously blamed our client’s computer. We knew it wasn’t the case because we got right down into the system’s basic commands and identified a back-end issue at the ISP. That’s one place we can’t go.

The ISP didn’t do anything, but somehow, the problem disappeared. We think it was fixed either by a reboot to fix a server problem or by someone who actually saw a problem and fixed it. We’ll never know, but regardless, our client is ready to switch ISPs and their email service.

The switch is a two-step process. The first step is to find a new provider. They abound and offer features and capabilities not found in many of the current ISP-based email programs. Here are some of the more popular and more capable choices:

  • Gmail from Google has a friendly conversation-focused interface, powerful search and top-notch spam and malware filtering, which is critical. It integrates with other Google services, including Google Drive, which lets you send attachments over Gmail’s 25-megabyte limit. You get 15 gigabytes of storage, and it’s free, unless you want to create your own email domain. A downside is Google’s proclivity for collecting personal data, but you get some control through its privacy settings.
  • Outlook.com is a web-based email service that’s separate from Outlook in Office. It’s the successor to Hotmail, with a better interface. It also provides 15 gigabytes of storage and integrates with Microsoft’s online Office tools. Microsoft makes a big deal about not scanning emails to serve you ads, but it does scan them to filter spam and malware.
  • iCloud, Apple’s free email service, integrates with Macs and iPhones and doesn’t contain any ads, though it isn’t as feature rich as other options. It comes with only 5 gigabytes of storage, which is shared with other Apple products. You can buy more storage.
  • Fastmail is a paid service that touts privacy and control. For $3 to $9 per month per user, there are no ads, and you can create an email account at any domain you want, which is great for a small business. It’s a great option if you don’t want to tie yourself to one of the big tech giants.
  • ProtonMail emphasizes privacy with end-to-end encryption. However, it requires a bit more work to setup and requires your recipient to jump through the same hoops. Just remember, though, your security is only as good as the security of the weakest link among all the people you communicate with.

No matter which provider you choose, you’ll need to do a lot of preparation. The most important step is to make sure you bring all the messages you want to save to your new email provider’s service. Some ISPs will delete your address and account as soon as you end your service. Others claim they’ll provide unlimited or generous storage and long-term to lifelong access, but there are no guarantees the messages will be kept or open to your access. If someone accidentally removes your messages from a server or removes your login credentials, you’ll have little or no recourse if you’re no longer a paying customer.

Copying all your old email from your old provider to your new one can be complicated. While we don’t want to say it’s something you can’t do at home, we strongly urge you to let us do it or walk you through the process. We want to make sure you get all the messages you want to keep – AND we can help you set up a forwarding mechanism so that people can still reach you after you make the change. (See Tech DIY: Our Equivalent of Calling the Plumber or Electrician.)

One thing you will need to do on your own is make sure you notify everyone of your email change – and do it with your new email address. That will make it easier for people to change their contact list, and it will add your new email to most autofill functions.

Call us – 973-433-6676 – or email us to discuss the best email options for you and to make an appointment to get you set up with your new email system.

Verizon Forcing Email Decision; We Recommend You Exit

Verizon is dripping out the announcement that it will migrate its email business to AOL, which the communications giant acquired in 2015. It’s a rolling process that will take place over the next several months, and everyone will get specific instructions based on your account. Your clock will start ticking when you get an email notification from Verizon, and you’ll have the choice of: 1.) migrating to AOL and keeping your Verizon email address or 2.) exiting to an email provider such as Outlook or Gmail. When you get your email, you’ll have a short time to make your decision. If you don’t choose one option, you’ll lose access to your “verizon.net” account. Here’s why you should take the second option.

Keep in mind that you can make the switch from Verizon now and retain access to your Verizon contacts and messages for six months. If you don’t decide, Verizon will close out your email accounts. If you have copiers, scanners, servers and other equipment that rely on email addresses to function, those devices will stop working after you choose your options or your time runs out.

We think Verizon is leading a move by utility companies – phone and cable carriers – to get out of the email business because it’s too complicated and time-consuming to provide as a free service. Just to get this out of the way, Verizon’s first option, switching to AOL, is less complicated right now. You’ll be able to keep your existing addresses, with “verizon.net,” but you can keep your addresses and log in through AOL’s system from now on. That might be a temporary solution because you can keep all your contacts.

But we don’t like it for the long term. While you may think that you’re getting a lot of spam now through your Verizon filters, we think that will increase with AOL. Spam is more than a nuisance; it’s a way for hackers to get into your system. Although you can catch most hacking attempts with common sense, hackers know that if they throw enough spam at you, one of them will get past even the most vigilant user. We don’t think security is a major concern. AOL tightened up its security after it was hacked in 2014, before Verizon bought it.

However, we think the “utility company” extensions will disappear as those companies get out of the email business. That means you’ll need to make a switch at some point, and it makes sense to do it now, before you add more contacts. Switching now may make particularly good sense for copier and scanning companies and other similar service providers that use email addresses. We’ve had some Verizon email addresses for some services, and we’re moving away because those addresses will disappear at some point.

We recommend switching to an email provider that will be in the business for the long term, such as Outlook or Gmail. You should be able to keep that address for as long as you like. Besides not having to worry about losing the email address, you’ll gain much more flexibility in shopping for a new ISP. We know it’s a hassle to move all your contacts and messages and tell people your new address. It’s also a pain when people don’t update their own contact lists or when autofill puts in an old address. For all those reasons, you might as well start to move away from Verizon/AOL, as well as from any other utility.

The two email services that come to mind are Outlook and Gmail. In listing the option to move away, Verizon tells you to follow the instructions from your new provider. You could also get your own domain and have that hosted through Outlook or another email service provider. You can keep your domain for as long as you like, and because you’ll be hosting it and calling the shots, you can do away with the advertising that seems to be more prevalent and more annoying.

Regardless of which new provider you choose, you’ll need to establish your new email address and set up your mailbox – or mailboxes – before you close out your old one. Then, you can follow the steps to transfer addresses and messages and set up your rules for how you manage messages.

We can help you in two ways:

  1. Choose an email provider: Outlook and Gmail are two that come to mind, but there are many others, and each one has its own strengths and weaknesses, depending on what you need. We can review the ways you access email, such as a computer, phone or tablet, and whether you need integration and/or collaboration tools.
  2. Set up your new account and transfer all the data: This is extremely critical. Although your new service will have instructions and although you’ll be able to find help through online forums, it’s not always easy to get right settings for your new account and then transfer your contacts and messages. It’s also not easy to back up all of contacts and messages. If you don’t have an accessible back-up and you make a mistake in the transfer process, you could need to jump through hoops to get it all done – at the least – or lose everything – your worst-case scenario.

If you have a “verizon.net” email address, call us – 973-433-6676 – or email us as soon as you get a notice to discuss your options (keep your address, keep your address temporarily or switch immediately to a new email service). If you have an April 13 deadline approaching, and you need to have a plan in order now. If you didn’t get an email, you will, and you’ll need to be prepared to make important decisions quickly. It wouldn’t hurt to start planning now. You can spend hours and hours of frustration solving this issue, or you call us to handle your transition without stress.

Mail Services Make a Difference

Some people stay with their email out of loyalty or inertia. For some home-based users, we can find a few good reasons why you should switch. For businesses, we can’t find one why you should stay.

First, here’s a little history. Back in the early days, we accessed the Internet through dial-up modems, and some of you may remember CompuServe, which preceded AOL. They tried to have enough local phone numbers to handle traffic and differences in users’ modem speeds. A number of local ISPs (Internet Service Providers) sprang up to meet the demand. Some, such as Mindspring, became regional or national providers.

All of them offered email services under their own domains. You’re still likely to see addresses with AOL and Mindspring. You’re also like to see some small providers still servicing email accounts. Together, there are some problems, especially when you look at the capabilities of telephone carriers, cable companies, Internet-based providers such as Gmail and services such as Microsoft Exchange.

Let’s look at the smaller providers. Email is a 24/7/365 necessity today. Along with texting, it’s a huge communications tool that we use to conduct business and even find meeting places on a weekend day. This raises a critical question: What happens when email service goes down from, say, 7 p.m. Friday until 9 a.m. Monday?

A small provider may not have the capability to respond to outages in a timely fashion, either by having someone to fix a problem or the network to route traffic around a trouble spot. If you are a business, you simply cannot afford to stay with an email service that can’t recover quickly. If you are a home user who does not have a smartphone with email capability, you should still switch, but it may not be critical for you.

Everyone, especially business users, should be looking at their providers and their platforms. AOL and Mindspring, from what we’ve seen, are not upgrading their email-handling systems as fast as others, such as Gmail. We’ve seen AOL users couldn’t open files because their systems could support their needs. They had to save files and then open them outside of AOL.

We realize change is hard for many people, especially those attached to their AOL systems. However, email services from your ISP, Gmail or Microsoft Exchange are much more robust and give you better access from Internet and cellular connections. Keeping an AOL browser can be expensive as well as slow. You still pay monthly access fees for connections that others provide as part of their service. You can still access AOL email from Internet Explorer or Firefox, for example.

We can help you find the email service that’s right for you. Just send us an email or give us a call – 973-433-6676 to start the conversation and develop an action plan.