Over the past year there has been a significant rise in calls to G First where folks believe their email has been ‘hacked’. While this is a bit lengthy to read, it encompasses most of what we hear from folks and how we mitigate/resolve and how you can help.
Bottom line is that most of us take email for granted much like and even more so than postal mail. However, in postal mail it is a piece of paper we can simply shred and recycle. Email is different because what’s inside can ruin your computer systems and, in some cases, ruin your identity, credit, etc.
The fear of being hacked is very real and warranted. This is usually because someone has received an email from you that you didn’t send or you receive one from someone you know that they didn’t send. Another alert is receiving an email from a company like a vendor or customer or even Microsoft and they are always compelling you to click on a link or reply with information. At G First with over 100 clients we have only seen 2 actual ‘hacks’ in the past 3 years for which a quick password reset solved the problem immediately.
Most everyone that thinks they are hacked, are usually just “spoofed” and that is explained below. I would encourage you to read this information and pass it on to you staff, friends, and relatives.
So the next question becomes, how do I detect/avoid a Hack and identify a Spoof?
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.
How do ‘they’ get our email addresses?
Crawling the web for the @ sign. Spammers and cybercriminals use sophisticated tools to scan the web and harvest email addresses. If you publicly post your email address online, a spammer will find it.
Making good guesses… and lots of them. Cybercriminals use tools to generate common user names and pair them with common domains. These tools are similar to the ones that are used to crack passwords. And they work.
Tricking your friends or vendors or customers. Even if you know better than to publicly post your email address on the web, it could still be stored in the email inbox of anyone who’s ever emailed you or whom you’ve ever emailed. Cybercriminals can steal contact lists or use social engineering to trick people into giving them access the same way they are trying to get you to click a link. When you click a link they get notified and immediately know they have a legitimate email address.
Identifying a true hack:
Your Password has been changed – One of the most obvious signs of your email being hacked is discovering you cannot sign in to your account. If your email password is rejected as incorrect and you did not change it, it could indicate that it was changed by someone else. If a hacker accesses your account, he is able to change your password to prevent you from logging in and retaking control. Some hackers won’t change your password so you won’t notice that anything’s wrong. One way to determine if this is the case is to look at your sent mail folder and see if there are messages there that you are confident that you didn’t send. Also check your Deleted Items folder the same information. If you find some, then you know a spammer probably has access to your account. Watch for password reset emails that you have not instigated. The hacker may have tried to change your password on other sites, using access to your email to perform password resets.
Please know that even the best defenses can be breached. It is imperative that you as a user of the systems remain diligent in your ability to prevent outbreaks as well. Remember these 3 tips when dealing with email:
Be skeptical! Don’t take any email at face value, even if it looks like it came from someone you know and from whom you expect to receive messages. Review the content. Is it written in the manner in which the person normally communicates? Does it use strange words or phrases they don’t normally use? Be suspicious of messages that ask you to open an attachment or otherwise respond immediately. Contact the person through another method such as calling them on the phone to confirm the urgent response. Do not open any attachments until you confirm the request. If the message asks that you click on a link, hover your pointer over the link to reveal the URL. Check to see that the URL looks legitimate. Also confirm any messages that ask you to release corporate or personal information. Make sure you are dealing with someone authorized to have that information prior to sending anything.
Be paranoid! Does anything in the message make you uncomfortable, or is there something odd or unusual about the communication? If so, confirm the message through another channel like phone or text.
Trust your instincts! You are the first and best line of defense when protecting your companyand your personal data. Things that seem unusual or out of place should be scrutinized. Ask yourself: Does this message seem normal? Is there anything out of place or unusual? Is it requesting an immediate response that includes private company or personal information? Is this message in the normal style and tone I expect to see from this sender? Does this message include links to websites that look suspicious or are out of character for the sender? Are there unexpected or unusual attachments?
AS ALWAYS – if you need any help or question a particular situation email us at email@example.com and we’ll let you know if it’s safe to go forward with an email.
Yours in Security and IT Support,
Ernie T. Pomeroy
G First Security
480.454.5578 ext 701 (direct)
Alert! – The FBI has issued a nationwide statement asking everyone to update and restart computer routers. This is literally being reported as a Russian based attack on the Ukraine, however it has now been spotted in 54 countries and well over half a million routers. “More than 500,000 hacked devices have been observed across 54 countries, but many infections have been spotted in Ukraine and their number continues to increase.”
This malware has the ability to affect your network’s ability to connect and potentially gather information from your computers. Don’t panic, acording to reports are this is targeted to goverment and infrastructure sites but is spreading. You can read more at this link: https://www.us-cert.gov/ncas/alerts/TA18-145A
What do I do? The immediate response for you is to unplug your modem and router and wait 10 seconds and plug them back in. The secondary response is to make sure they are updated with the latest firmware. All of the most popular router manufacturers have updates already available.
If you are a managed services client of G First, this will be taken care of free of charge as part of your monthly agreement. If you need help with making sure you have done the right thing(s), please email G First at firstname.lastname@example.org and we’ll get back to you shortly.
Yours in Safety,
The G First Team
Facebook Security – Post 2 – Privacy Settings and Tools
Thanks for dropping by again. In this session we’ll go through Privacy Settings and Tools. This will be our last post going out via Email so join us on Facebook and Twitter for notifications on future articles!
This section is pretty straight forward but as a default it is setup to wide open so it’s worth a look to see who can see you and contact you. As in the last post, you’ll want to login to Facebook, go to Settings from the dropdown by the question mark. This time you’ll select Privacy Settings and Tools.
First off, the settings on this page are completely up to you since your reach might be different than mine. Think about what purpose this page has for you. Some of you might want to be found on Facebook by anyone on Facebook or not even on Facebook. Some of you may want to post to the world or a more limited audience. Example: Your business account might be wide open but your personal circle of friends might be more limited.
For the purposes of this section, I’ll use my ‘family’ account to illustrate more limited reach. This account is for our family only. It is not searchable within Facebook and cannot be found on Google or Bing searches. That’s by design for our family only. To do that, here’s the following steps we’ve taken for more or less narrow the audience.
Section one: – Your Activity – Use this for the question: “Who can see what I do?”
- Who can see your future posts?
- In the following Image (1) you can see the options graphically, but let’s add some text to FB’s description to lend a hand.
- Public: This means just that. The entire realm of public can see your post. Facebook folks, Google, Bing, Yahoo, you name it. There’s your Facebook name and your post. Works for lots of people but not for me in this case.
- Friends: Your posts will ONLY be seen by people who are already Friends with you in Facebook. That’s it. Not searchable outside Facebook or within, unless it’s your friend.
- Friends except: Same as above, but you can individually select who can’t see it within your group of friends.
- Only me: If you post something for only yourself, select this one. Sometimes as is the case with this FB account, I want to post something simply for my wife to see it and no one else. Since she uses the same login, she’ll see it but no friends or anyone else for that matter.
- Specific friends: the opposite of ‘Friends except’ since this time instead of selecting who you don’t want to see it, now your selecting who you DO want to see it.
- Custom: this is a mix that lets you customize who sees an individual post and you can also add lists. I won’t get into that here, an advanced feature perhaps for another time.
- In the following Image (1) you can see the options graphically, but let’s add some text to FB’s description to lend a hand.
For the purposes of this FB account remembering it is for family and close friends only, I have everything set to Friends. Nothing I do here can be searched. It does not mean Facebook as a company can’t see it of course, just lessens the reach of others out there that may see your posts as a target and start responding to you when it may be unwanted.
- Review all your posts and things you are tagged in
- This section is all about looking at your past stuff. When you click on Use Activity Log, it will bring up another screen so you can review your activity for Posts, Photos, Videos and much more. Might be helpful for you. I encourage to at least go in there and browse around. You can also change the settings on past posts, delete them, unlike things you’ve liked and basically edit your own communication that you’ve done in the past.
- Limit the Audience for Old Posts
- If you’re changing your reach in Privacy Settings and Tools it might be helpful to change this. It will go through all your old posts and set it however you want. Let’s say my account was visible to the world and I posted something to a non-friend six months ago. Now I want to change my account to be friends only. By changing this setting, it will change that old post since it wasn’t to a friend to now be seen by friends only.
Section 2: How People Find and Contact You – Fairly self-explanatory and accurate.
Once again for your purposes you may want to be found, have everyone and anyone send you a friend request and you are fine with that. No problem at all. Over the years I found that to be exhausting in a personal sense so my Family account is restricted. Here’s how.
- Who can send you friend requests?
- You only have two choices when editing this – Everyone or Friends of friends. It doesn’t make sense to have a Friends Only choice since they well, are already friends. Again, your choice and for the purposes of this account for me, I have it set to Friends of friends, not Everyone. I do wish there was a No One option so that friend requests are outbound only, but that isn’t there.
- A note about friend requests. Just because someone sends you a request, it is not an obligation to accept. Remain true to yourself and if you are not sure who a person is, you can ignore a request. It’s OK. Really it is.
- Who can see your friends list?
- This is basically a way to limit what others see of your Friends list. Might be helpful in the case where you don’t want a visitor to see ALL of your Friend connections. If you are open to everyone viewing your profile, this button means everyone can see everyone you are friends with. By setting this to Only me, then you are the only one that can see your entire list. Others will only be able to see a list of your mutual friends. It’s a privacy thing, depending on how you are about that. Mine is set to Only me, my list is my business.
- Who can look you up using the email address you provided?
- These next two questions are very similar. They have to deal with how you are searchable. If I go to Facebook and search your name and find nothing, then I can use your email address. Example: Your name is John Smith. Your Facebook account has the name Jonathan Smith. I’m having a hard time finding you since there are so many. But I know your email is email@example.com. I search for that and bingo, I found you. Once more, with this being a family only site I have these both set to Friends only. Not everyone, not Friends of friends.
- Who can look you up using the phone number you provided?
- Same as above just using phone number. It has to be the phone number you used to sign up with if you used one. Once more, with this being a family only site I have these both set to Friends only. Not everyone, not Friends of friends.
- Do you want Search Engines outside of Facebook to link to your profile?
- I set this to No for my family site. It means that Google, Bing and other search engines can find your posts that others may have commented on your page, or likes. Basically, again it’s up to you if you want to be seen from outside Facebook.
I hope you enjoyed this second in a series. This is a very subjective article and you may or may not agree with my settings. These are only the opinions of G First and our goal was to provide real world and understandable ideas on FB security for your own use if you choose to do so. If you wish to discuss anything you see here, you can certainly contact us and we’ll be happy to talk about your particular situation.
The next post will be about your TimeLine and Tagging. You’ll want to tune in for that one, it dives into who can see your additional stuff that friends might do and what of that stuff one can see when they search. Similar to this post.
Thanks for dropping by! In this session we’ll go through Security and Login. A key component not everyone does completely after signing up for a personal or business Facebook account. My take on these settings may not reflect others’ opinions but what we promised from G First was a real world, easy to understand approach for the everyday Facebook user to get more secure than they might be right now. I’ll be using my own settings as examples and I am not sanctioned by Facebook in any way, this is simply our opinions on various settings for which we have not been hacked and my data was not harvested in the recent Cambridge Analytica outbreak that targeted Facebook users and their friends.
For this post we’ll go through this section and talk about each setting so grab a cup of Joe, hunker down with your favorite computer and let’s dive in.
Please log in to Facebook (FB).
Now that we’re logged in, to the right of the question mark in the upper right area of the screen, click on the down arrow to display the following menu and click on Settings:
You’ll find yourself here and you’ll click on Security and Login on the left menu. Take a look at this image to refer to for the rest of the navigation through this post.
The first section at the very top of the screen is to nominate 3-5 friends to contact if you get locked out. I don’t trust this and it is simply adding a level of data mining since I am purposefully identifying these people as trusted contacts. I recommend simply not forgetting your password instead. As we have seen recently, FB is now more important than just playing games or chatting/sharing with your friends. Treat it like you would your banking password. I am sure you don’t forget that one! Some may disagree, but it saves your friends from getting their data harvested when yours may.
The second section lists Where You’re Logged In. Not a bad place to check once in a while. I am currently logged in on my laptop and my phone. It shows both. If I was logged in on those devices and saw a third device in another state or country that I’m not located in or familiar with, I would know there was a problem. Then, I could click on the three vertical dots on the right hand side of that option and select Log Out. Doing this will Log Out the other person and then I would change my password immediately.
The third section is your first line of defense. Login. It clearly states to use a strong password that you’re not using elsewhere. With the latest news we’re hearing, I am changing mine to be more secure. I suggest you do too.
Example: your current password might be Passw0rd! It’s okay, but you might also be using that same password for Amazon and Netflix for example. FB is now at the level it needs to have its own password, separate from other passwords you may use. So I’d change it to P@5$w0rD!S@f3. Experiment with something that’s easy to type but certainly include random characters and by all means, don’t use my example! Here’s something that I would feel comfortable with using although, no, it’s not my real password. Make up your own, this is just an example of a complex password.
The next item is – Login with your profile picture:
I am skeptical of this one. It’s easy and helpful, but helpful is something that makes it easy. Easy means just that. What if someone gets a hold of your profile picture? I would not enable this.
The fourth section is Setting up Extra Security.
Use two-factor authentication is great but very inconvenient. Each time you log in, you will get a text or some other notification that you define and then you enter that code each time you log in. I am not enabling this. You certainly can.
Get alerts about unrecognized logins. Absolutely. If a login occurs from a device you have not already logged in with, it will send you an alert when it happens and that’s your queue to go into these settings and look at the previously mentioned section – Where You’re Logged In, research and log them out if needed, then change your password! I enabled my cell phone number so FB sends me a text so it happens immediately rather than waiting for an email.
I hope you enjoyed this first in a series. As I stated, these are only the opinions of G First and our goal was to provide real world and understandable ideas on FB security for your own use if you choose to do so. If you wish to discuss anything you see here, you can certainly contact us and we’ll be happy to talk about your particular situation.
The next post will be about the Privacy Section. You’ll want to tune in for that one, it dives into who can see your stuff and what stuff you can see when you search. This is one important key to the congressional hearings last week.
The G First Team
We are sure you’re all interested in data privacy with the recent advent of Facebook Congressional Hearings today. This affects not only Facebook but all apps on our computers, cell phones, watches, and any other devices that are connected via wired connections, WiFi and even Bluetooth.
In the coming days and weeks, G First will compile a series of articles that will help you understand the details and what actions you can take to enhance your privacy online. We’ll make sure it is understandable with action items and if you have any questions you can always ask us for advice.
Our goal will always be to help you run your business more efficiently, more safely, and with the confidence you need to use the network and Internet safely.
Stay tuned and thank you.
The G First Team