Following the Money Conversations

Money is the only reason somebody steals information. Some 70 percent of the emails that lead to information theft are related to either financial institutions, businesses or something that mentions money in the subject line. Another 20 percent are related to espionage, and 5 percent are related to employee grudges. In most cases, curiosity kills your security.

Phishing expeditions are still one of the most effective ways for hackers to get into a computer system, and that’s because people have insatiable curiosity, especially when it comes to money. We’ve told you time and time again to be very careful about the links you click on from within an email. It is so easy for a hacker to mimic the logo of any bank or financial institution and to create an email address that can be close enough to looking real that you won’t notice it’s a fake in your haste to check out a great offer or respond to a dire warning.

So, as we’ve mentioned ad nausea, your curiosity could open the door to a Trojan horse virus that will enable someone to get into your computer. And once they do that, they can insert themselves into your financial conversations. To whom are you talking about money? Is it your financial advisor? Is it an attorney or a CPA? Is it your bank, credit card company or several merchants? They can identify every single one of them just by looking at your email. After all, you keep thousands of them in your Outlook application or on a website – which they can easily find once they get into your computer.

How will they put your email conversations to work for them? Well, let’s see. There’s your financial advisor, who’s been talking to you about your 401(k). Hmm. That’s good. Bet you have the password for that account stored on your computer. That makes it easy.

But wait, what if you “forgot” your password. The hacker can go to the website with your 401(k) and use your email address to reset the password. If that security is lax – say, for example, there’s no two-factor authentication – the hacker can have your email address routed to his, and now he’s in your account and can clean it out.

Of course, that could be just part of his haul. He knows who your financial advisor is, and maybe their system isn’t 100 percent locked down. You can imagine the fallout.

What if you’re involved in a large business transaction, such as buying a business or even a house? Your attorney may be dealing with a financial institution or two – even through another attorney. Again, a hacker can insert himself in a conversation with any party connected to the money, spoofing your email address or that of anyone involved. And once the hacker is into that next system, it opens more doors.

Just to add to your “watch list” when checking your email, also be wary of somebody sending you updated files that you are not expecting. We have a client who clicked on a PDF and wound up with an infected computer. Fortunately, it caused a major inconvenience more than anything else. Because all of the client’s files were backed up offsite, we had to wipe the computer clean and then find the infected files to delete from the backup. We were able to fully restore everything after that, but it took 18 hours.

So, let’s recap the steps you need to take:

  • Look before you click. Do I get this kind of email message from this sender on a regular basis? Is this an offer that’s too good to be true? Is there anything that looks just the least bit out of the ordinary – even if it’s from a sender I know and trust? Remember, you can always access the sender’s website from your Internet browser instead of the email, or you can pick up the telephone and call a company or a person.
  • If something looks odd even before you open the email, just delete it. I am amazed at how many people just let something suspicious just sit there.
  • Don’t conduct financial business or visit passworded sites while on a public Wi-Fi network. Non-secured networks can be viewed by anyone from anywhere.
  • Be very careful with flash drives. Someone can use one to invade your computer. If you are running a good anti-virus or anti-malware program, it should intercept any external device and give you the option to scan it.
  • Keep your anti-virus and anti-malware software up to date. And make sure they’re both running.

Finally, if you suspect your computer has been infected with a virus, call us immediately at 973-433-6676. We can assess your system and begin the process of restoring its health. If you have any questions about online security, call us or email us. We all have too much at stake.


Two More Tips to Protect Your Money

  1. When you travel by air, don’t just throw your boarding pass in the first trash bin you find in the terminal. The barcode on the pass has a wealth of information, including your frequent flyer account information – and any other personal information in that database – and your itinerary, which can let somebody know how far away from home you are and how long you will be away. If you can’t shred it, tear it into pieces that also separate the barcode and throw them into different trash bins.
  2. Check all of your financial accounts frequently, especially with business bank accounts. When you have a lot of money coming in and going out electronically, that means a lot bank treasury departments are accessing your account. If you monitor the accounts regularly, you have a much better chance of catching fraudulent activity.

Connected Cars Have Blind Spots

As computers and connectivity become prevalent in the automotive industry, we’re finding more ways in which your “electronic tires” can be slashed. It goes beyond leaving your personal information footprints in a rental car – or even having a hacker stop you cold on an interstate highway – as we discussed earlier this year.

Technology is lapping the car companies’ capability to keep up with the latest developments. With Internet connectivity just about anywhere in the US, it’s easy for any automotive service provider to “talk” to your car. In fact, Tesla has made a point about that. Because their system is so software-driven, they can make repairs directly through an Internet connection while the car sits in a garage.

The manufacturers of more mainstream cars, though, are still increasing their use of the Internet to avoid you having to return to the dealer just for a software update. While your first thought is probably getting updated maps or upgrades for your factory-installed navigation system, it can go much farther than that.

According to an article in Auto Connected Car News by Brian Jonston, over-the-air (OTA) software updates can reduce warranty costs, potentially increase overall completion rates for software-related recalls, improve customer satisfaction by eliminating trips to the dealership for software upgrades or fixes, and provide the ability to upgrade functionality and add features to automotive infotainment systems over a vehicle’s lifetime. He cites a report from IHS Automotive that estimates auto manufacturers worldwide could save $35 billion in recall and update costs by 2022, mostly for telematics and infotainment system updates.

“Japanese OEMs have been pioneers in navigation map updates in Japan via their telematics systems. BMW, VW and Tesla have all recently announced OTA procedures for updating navigation maps,” Jonston writes. “Hyundai and Ford both have proof of concept systems for OTA map updates, and will also likely deploy such systems in the near term. Total vehicles in operations that are enabled with map OTA updates are projected to grow from approximately 1.2 million units in 2015 to nearly 32 million units by 2022, according to IHS forecasts.”

Jonston adds that Infotainment software OTA updates are much larger and more complex than software app updates and need to use Wi-Fi rather than LTE 4G service because of mobile network limitations. This category is emerging and will be a growth segment in the next five years, with players like Ford, Chrysler and GM expected to adopt these systems. Infotainment software updates, such as updates to the infotainment OS and user interface, will grow quickly over the next six years to more than 96.4 million enabled vehicles by 2022.

The OEMs that use software platforms most effectively will be able to save costs and improve sales and customer retention. But they need to get into the fast lane on the information superhighway. My car lease, for example, is up in the very near future, and the level of technology is stopping me from getting a new model. I’ve experienced numerous problems, especially with Bluetooth compatibility with my cell phones and infotainment systems.

It all makes me wonder if the auto manufacturers can catch up to companies such as Apple and Google, who seem to be able to do a much better job of integrating their systems. With the new model year for cars generating excitement (and generating deals for clearing out last year’s models), you might be thinking about a new car. We can help you look at the infotainment features of the cars you are considering and help you integrate your devices with the car – avoiding multiple trips to the dealer or an aftermarket systems provider. Knowing how you use technology, we can help you buy and install the technology you need to get full benefits and enjoyment from your system. Call us – 973-433-6676 – or email us to answer your questions and get you on the road.

Caution is Key to Online Safety

Take a deep breath and Look Before You Click during the holiday season. More scammers, hackers and schemes abound at this time of the year, looking for holes to breach and get critical personal data. Here’s a review of our tried-and-true safety measures.

Watch your email. It’s one of the easiest pathways into your computer and all of your valuable personal data. At this time of the year, scammers and hackers take advantage of harried shoppers, who are likely balancing work and shopping and not paying full attention to all of their email.

Here are some identities a cyber-invader may assume to get inside your computer:

  • Bank or Credit Card Company
    • Do you have an account with that bank or credit card company?
    • Is it really one of their actual email addresses or domains?
    • Does your bank or credit card company normally contact you about this?

Your Best Course of Action: Close the email and go the bank’s or credit card company’s website to see if there are any alerts that match the email. If you’re still not sure it’s a fake message, get the phone number from the website and call. You can also look at a bank statement or credit card to get a customer-service phone number. Don’t click on any link in a questionable email.

  • Retailer or Shipper
    • Did you actually do business with that retailer?
    • Did you agree to use that shipper when you bought something online?
    • Are you being asked to click on a link?

Your Best Course of Action: Close the email. If you printed a hard copy of your order confirmation, you should be able to see the name of the carrier and a projected shipping date and delivery date and verify the information in the email. For protection, go to the retailer’s website and log in if you have an account. That should provide you with updated information on your order’s status. If the retailer has provided you with a shipper and a tracking number, go to the shipper’s website and enter the tracking number there. If you’re still not sure, call customer service.

  • Charitable Solicitations

Your Best Course of Action: Close the email. If it’s a charity you want to support, find its official website and give a donation there.

  • Email from a Friend in Need

Your Best Course of Action: Close the email. If you really think it’s legit, call your friend or send a new email with a different subject line. If that person is a close enough friend to send money, you should have full contact info – or know a way to get it.

When conducting business online, make sure you give your information over a secure website page. There are a couple of ways to check:

  • The website address begins with https
  • You’ll see a padlock icon in the address bar

Some other precautions to take include:

  • Buy from a large, reputable online or brick-and-mortar merchant. Generally speaking, retailers who work through Amazon or EBay have been vetted and have contact info posted online. If you’re not sure, buy from someone else.
  • Don’t send sensitive personal information by email. It’s too easy for someone to intercept it.
  • If somebody calls you about an account or purchase or charitable donation, you can ask to call that person back – and then go to a website to get a phone number you believe is trustworthy.
  • Make sure your antivirus, spyware, malware and firewall programs are up to date and running.

Above all, Look Before You Click. Make sure you understand exactly where a click will take you and what will be put on your computer. As Michael Conrad’s Sgt. Phil Esterhaus warned TV’s Hill Street Precinct police officers: “Let’s be careful out there.” And if you run into trouble, make your emergency call to us – 973-433-6676 – or send us an email.

Lowdown on Hijacked Email

Emailing information is fast and convenient. We do it often without a second thought – and that discarded second thought can come back as a painful reminder that you need to be careful to prevent your email address from being hijacked.

There really isn’t a lot you can do about hiding your email address or anything else, for that matter, even if you never go online. That really came home to us personally when we moved this summer. The purchase of our new house, the sale of our old house – everything – was public record. My email address is out there because it’s part of my business. I want people to contact me.

So, it’s there, and it can be planted like a seed. What happens? Well, you might be one of 25 people getting a message as an addressee or cc. If someone has hacked one of those person’s email accounts, it’s like the fox getting into the henhouse.

Here’s what can happen. All the hacker needs to do is substitute an email address for any one of the 25 addresses in the list. If I’m one of those people, for example, my name only, Norman Rosenthal, might appear in the list. But unless you hover your mouse over my name, you won’t see my email address: [email protected]. If hacked, the message to Norman Rosenthal could unknowingly go to [email protected]. (More hacking originates from Russian domains than anywhere else in the world.) So, when you hit Reply to All, the message – and all those names – go to a bad guy who can try to penetrate everyone’s computer.  If he’s successful, he can plant a virus or malware of some sort on every computer in an address book that doesn’t have good protection. He can send a scam message and get a bite, or – if you read the previous article, the bad guy can get into an Outlook file that has user names and passwords for bank accounts.

You can prevent your email address from being hijacked by using some common sense and taking a few precautions.

  • Most obvious, if something looks funny or out of character, don’t open the email or click on links. If a request from a friend doesn’t seem right, pick up the phone and call if you must do something. Otherwise, just delete it.
  • Use strong passwords for all online access to your email accounts.
  • If you’re sending usernames, passwords or account numbers, don’t send it to a big list. Send it to one person and send it in a series of emails. Put part of the info in each email. That way, if one gets intercepted by chance, the hacker likely will not be able to piece all the info together.
  • Use bcc if you must send a message to a long list of email addresses. It will prevent those massive Reply-to-All responses. Remember, if 25 people send Reply-to-All responses, those addresses are being exposed 225 times.
  • If you’re buying or selling something over the Internet, such as on Craig’s List, hover over names and email addresses and make sure it feels right to you.

We’re available by email or phone – 973-433-6676 – if you have any questions about ways to prevent your email address from being hijacked.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.