Posts Tagged ‘Email’

Technology it is desired should improve to an extent that it can avert the related harm caused by its benefits. Emailing is a popular concept. It is a quick way to transfer or exchange data between two or more computing system. It is time saving, cost effective and a modest solution to distant employment.

 Many surveys have been conducted to prove how sending emails are a popular mode of communication between official and non-official people. Radicati group pronounced that in 2010 near about 294 billion emails were dispatched in a single day and about 90% of these emails were spam and contained virus. And therefore dawns the concern for email security.

 To be able to practically judge the distress first it is required that we understand the possibilities as to how a single email can corrupt an entire system.

  •  Emails can be forwarded in lot. At times this happens without the notice of a user. It needs to be noted that a few viruses have the capability to track stored addresses on the users profile and automatically operate a forward function. If the recipient opens the email, then the virus immediately attacks and disrupts the functionality of the PC.
  • As emails can carry loaded/ attached messages of all kind they invariably contain the risk of virus contamination. Also sometimes the user-friendly features of email might expose a system to undetected malwares or spywares.
  • Hacked email account can also be used to send messages to the entire “address list” containing friends, family and co-workers causing embarrassment, and great loss of trust.

 All these features of email can make it to be a cause of IT security breach. Now the next question is how to secure your emailing options?

 It is possible to secure your email in the following manner:

      Check upon the sender

  •      Install authentic firewall, anti-virus, anti-spam, antiphising and software patches.
  •      Store and examine an attached file before you open.
  •      Put off the option to automatically download files and attachment in emails.
  •       Consider email archiving with a robust VNP. Also it is a good option to install filtering softwares that will eliminate spam articles before they are stored to your inbox.
  •       do not use multiple-operator mode to prevent infringement

 Above all it is better to trust your innate sense while using /opening/ sharing an email. Many instances are recorded where personal data and information have been extracted with the help of an email. This has resulted in identity theft, monetary theft and message fiddling of the high priority business mails. National Institute of Standards and Technology provides guidance on technical leadership directed to meet welfare requirements of public. This institute works to formulate a fitting strategy that will secure the federal computing systems with sensitive and outright protection technology.

 

I received an email last week, asking for some money, from the Sr. Executive of prestigious 24 hour radio show in bay area. This is how the e-mail was worded:

Hope you get this on time, I made a trip earlier this week to London, UK. and had my bag stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately for me, I can’t have access to funds without my credit card, I’ve made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in. I really need to be on the next available flight.

I can forward you details on how you can get the funds to me. You can reach me via email

I await your response…. “

This email was also carbon copied to 50 other business owners. Being an IT guy, I immediately recognized this email as spam and concluded that the email account of Radio Show leader was compromised.

Within couple of hours, many people who got this email started to respond by asking some mysterious person to remove their email address from the list.

This is even more worrisome because people who hadn’t been hacked were responding to an account that  was already hacked. As you may have already noticed, purpose of this spam email message was to get people in address book to respond back. Sure enough, hacker was successful in his mission. At least six or seven people responded back to this spam message. Who knows how many people responded directly without copying to rest of the people in address book?

This makes me wonder:

  • How many people got bothered with one spam message?
  • What happen to the creditability of company and person whose email was hacked?
  • Can this company safe guard its customer information?
  • What safeguards were placed after the email account was hacked?
  • What happens if someone actually sent money to hacker thinking he was sending it to the CEO?

Truth of the matter is that this could have happen to anyone of us. We are living in a world where technology is an essential part of our life and we must use it and do whatever we can to protect it.

How do you know if your Email has been hacked?

Hint # 1: People listed in your e-mail address book start getting random spam messages sent from your e-mail account. e.g “I lost my wallet in England and need to catch next flight to US. Can you please lend me $50?”

Hint # 2: You start getting tons of “bounced” e-mails from random email address you don’t even know.

Hint # 3: You cannot log into your account or your e-mail settings have been changed.

Hint # 4: You cannot send out an e-mail because your internet service provider has blocked your email account.

How come someone was able to hack into my Email?

Do you really care? You were hacked, deal with it!

There are many ways someone can hack into your email account. But easiest way to hack your email address is if you can be tricked into clicking on a link that contains malicious code which can breaks your computer security. Hackers have come long way in finding new and creative ways to get you to just do that. I am going to list the most obvious and most common ones here:

Spam Email: Let’s say your friend email got hacked and you received a message from him asking you to check his latest picture. There is a good chance that you will click on that link only to find there is no picture. In the background, that link will download certain files which will compromise the security of your computer and possibly hack your email account.

Similar concept applies where hackers take advantage of latest events and send email from hacked email account breaking a latest story. For example, there was huge spike in hacks right after the death of Osma Bin Laden. Many people received email claiming to show the “live raid” of historic event. In realty, purpose was to get people to click on link and download the malicious code. Hackers take advantage of time sensitive events to pressure victims to click on links. Fake email from Banks, IRS, UPS, FedEx are so common that I get them two to three times a week.

Here is an example:

Email-fraud

Social Profiles: Many of us spend good amount of time on social networking sites. Just like email, social profiles can be hacked and you may receive a link or two from your friends asking for your opinion or favor. But once again, hacker simply wants you to click on that link.

Social profiles also make it very easy for others to post links on your page. This is really good news for hacker because now there is good chance that many of your friends will also click on the link on your profile and download the malicious code.

You may also get these links from Instant Messengers, Skype or other similar applications.

Public Wifi : Un-encrypted data sent and received from public wifi can be read by anyone with little knowledge of computer hacking. Hacker can easily capture your email address and sometimes even the password if they are sent in clear text.

Week Passwords: You can find hundred and thousands of email address in online forums, comments on blogs and other online media. Many of these publicly listed email addresses can be easily compromised due to weak passwords. There are tools available for free on internet which can guess any combination of password.

Lost or Stolen Computer: Many of us save our passwords in our computer. This can be a huge security problem if our computer is lost or stolen. Someone can easily access the email account and send spam email to everyone in your address book.

Malware and Spyware: Malwares are another key reason how your e-mail account can be compromised. Do not access your email if your computer is infected. Simply turn of your computer and get it cleaned.

Out of every ten computer I repair, nine are usually not protected by some sort of malware and spyware protection software. More ironic is that seven out of nine unprotected computer owners choose not protect their self even after I recommend a good solution and educate them on importance of protecting their computer.

What consequences can I face if my email is hacked?

Reputation: Hacked email address can significantly harm your reputation. Your customers and business partners may not trust you and may be not share information in future. You may stop receiving email from your customers as they may be afraid about your email security.

Lost Sales: You may lose sale or two due to security concerns of your customer. After all, if their email address is not safe with you than how can they trust you with other information? I wouldn’t want to give my customer data to a company who can’t keep my email address safe.

Fine for Data Breach: You could also face monetary fine for not protecting your customer data. In April 2009, malicious program was installed on Briar’s computer systems. Briar’s owns and operates a number of bars and restaurants in the Boston area. That malicious code allowed unknown hackers to access customers’ credit and debit card information. According to attorney general, malicious code was not removed till December of 2009. In this case, Briar was fined $110,000. As you can tell, not protecting customer information can result in severe penalties.

What can I do if my email is hacked?

Step # 1.) Change your email password. Make sure to set up a strong password that can’t be easily guessed. I recommend you do it from another computer and check your regular computer to make sure it is clean from any kind of virus or malware.

Step # 2.) Update your operating system and patch all software including your anit-virus/malware software.

Step # 3.) You should contact everyone spammed by your hacked e-mail account. You should inform your friends that your email account was hacked and they should delete any email they may have received from your email address. If you have some spare time, call everyone and inform them via phone

How can I protect from future email hacks?

Using Encryption: Always use encryption whenever you are using public wifi or public computer. Virtual Private Network (VPN) is the easiest way to provide this kind of security. There are also third party security solutions that can provide encryption for all wireless and wired networks.

Get a Digital ID: You should request a Digital ID form your local IT shop. You can digitally sign and encrypt your email and attachment using a Class 1 Digital ID, bound to your validated email address. This will ensure your recipients that the content came from your email address and has remained private during transmission.

Anti-Virus/Malware Protection: Make sure your system is properly protected from both virus and malwares. I see many users who do have sufficient protection form virus but not enough from malware. Check with your security vendor to ensure you are also protected from malwares and spywares.

Computer/Network Firewalls: Both your computer and network should be protected with strong firewall. You need to make sure all un-necessary services and ports are blocked. Firewall which allows all traffic is as good as having no firewall.

Do Not List Your Main Email Address: Going forward, never list your main e-mail address publicly anywhere online — in forums, in online ads, on blogs or any place where they can be harvested by spammers. Use only your “registration” address, and keep it separate from your main address book.