Blog

Archive for E-mail

6 New Gmail Features Worth Trying — and how to get them now

On the surface, you could easily mistake the new Gmail for the same web-based email you’ve been using for years.

But looks can be deceiving. This week’s major revamp packs in powerful, helpful and overdue new features. It’s the right balance of new and familiar.

If you haven’t gotten a notification to test out the new Gmail, you can be proactive.

Click the gear icon in the top right corner of the web-version of the platform. Select “Try the new Gmail” and poof, you have a refreshed inbox. (If you don’t see the option, check again soon).

 

1. Make your emails self-destruct in 5…4…3…

The star feature of the redesign is Confidential Mode. If you’re sending sensitive information or are worried about sappy love letters haunting you a few years from now, you can pick a day when you want those emails to disappear. The recipient won’t have access to those emails anymore either — unless they took some screenshots.

Click the lock icon in the bottom right corner of any email you’re composing. A pop-up window will give you the option to pick when it expires, from one day to five years. If you know the recipient’s phone number, you can add an extra layer of security by requiring them to enter an SMS passcode to read your message.

2. Unsend a message

You can take back access to emails sent in confidential mode anytime before they are set to expire. Go into your sent folder, find the message, and click “remove access.” If you change your mind or if it expired too soon, click “renew access.”

Note: The recipient will still see that you sent them an email, including the subject line, but if they try to click it, they’ll be told “You don’t have access to this email.”

3. Make more room for your inbox

This tiny tweak is hiding in plain sight. Google has added the ability to collapse the left navigation bar to make more room for your list of unread emails. Tap the menu icon in the top left corner (a stack of three lines), next to the Google logo and it will disappear.

4. Don’t open your emails

It’s the ultimate productivity tip: instead of opening your emails, don’t open them. If you hover over a message in your inbox, four icons will appear. You can archive an email, trash it, mark it as read or unread, or snooze it, all without opening it. If you select snooze, you can choose a certain day or time to be reminded of its existence — or select the mysterious “someday” option.

Bonus: You don’t need to open an email to see its attachments. They now appear as small icons in the main inbox view under each email, so you can quickly open them without digging through a chain of emails.

5. Let Google answer for you

When you can’t find the words, let Google answer for you. Gmail’s new Smart Reply feature scans incoming email and suggests three possible replies for simple enough conversations. For example, if a friend emails to ask if you have any pepper jack cheese for a picnic, Gmail might suggest “I do!” “I do indeed” or “No, I do not.” You can edit or add to the text before hitting send.

Google has been working on its Smart Reply feature for years, starting with the Inbox app in 2015. The feature is also available in Gmail’s Android and iOS apps.

6. Stay on task with a brand new app

There’s a new sidebar on the right side of Gmail that shows a mini version of your Google Calendar, Tasks and other apps. If you use the Tasks list for keeping track of what you need to do, check out Google’s new standalone Tasks mobile app. You can create simple lists with radio buttons to tap when you complete something. These items will automatically sync between the app and Gmail.

Kelly, Heather. “ 6 new Gmail features worth trying — and how to get them now”

 

Posted in: E-mail, Tech Tips for Business Owners

Leave a Comment (0) →

4 Ways to Control Outgoing Email in Outlook

Outlook doesn’t have to control when your messages go out. Take charge and send emails when you want.
Out of the box, Outlook sends emails immediately, which probably isn’t a great idea for most of us. There are many reasons not to send email immediately, but here are a few:

  • Allowing an email to sit for a few hours, or even a few minutes, gives you a chance to review the content with (sort of) fresh eyes. You’ll catch errors you didn’t catch before.
  • Some conversations go back and forth too quickly, so you might respond before you have all the information or ask questions that the next message answers. Slow down and avoid playing email tag.
  • It’s easy to fire off an angry response in the middle of a heated discussion. Give yourself some time to cool off. Most likely, you won’t send an angry message at all.

That last one has saved me more than once—I have a hot temper (but I’d like that to remain a secret). I’ve never had a knee-jerk reaction serve me well. Never.

If you’d like to take control and decide when messages go out, you can. In this article, I’ll show you how to manually send messages or schedule messages to delay the sending.

I’m using Outlook 2016 (desktop) on a Windows 10 64-bit system. Most of these tips will work in earlier versions, but the route to the options might be significantly different. There’s no demonstration file for these techniques, and they don’t apply to 365 Mail.

1: Disable the default

As I mentioned, Outlook sends email immediately. The easiest way to determine when email goes out is to send it yourself, but you must disable this feature first:

  1. Click the File tab, choose Options, and then choose Advanced in the left pane. In the Send And Receive section, click Send/Receive or press Ctrl+Alt+S.
  2. In the resulting dialog, uncheck the three options under Setting for Group “All Accounts” (Figure A). You could also select individual groups, if they exist.
  3. Click Close and the click OK.

Outlook won’t automatically send email once you uncheck these options.

The options might need a bit of explanation. The first and third options allow you to customize your send tasks a bit.If you want to continue to use F9 to send messages, don’t uncheck the first option. Uncheck the third option if you do not want to send messages when exiting Outlook. Definitely uncheck the second option to disable automated send tasks—that’s what you’re trying to do!

By default, Outlook includes all accounts in the All Accounts group; you won’t see individual accounts listed. So, it’s an all-or-nothing option as is. If you want to remove accounts from the group, click the Edit button. Doing so allows you to leave the automated default setting in tact for only those accounts that remain in the group. Any account you remove will need your manual attention. Then you can create new groups and change those options as needed—or not.

You might notice that you still receive mail. For better or worse, you might not be able to control your server. Most likely, nothing is wrong. If you can’t control where your email sits until you download it, you might have to live with this inconsistency.

With this feature disabled, use the options in the Send & Receive group on the Send/Receive tab to control when messages go out. If you want a bit of control, check out the dropdown options for the Send/Receive Groups. Using these options, you can send mail for one account or all accounts.

2: Delay all outgoing mail

Outlook routes outgoing messages through the Outbox. Once there, by default, it immediately sends the message. Disabling the automated send feature might be too much control; after all, you must remember to send the mail. Whether you’re forgetful or interrupted by meetings, phone calls, and so on, this option might not work best for you.

If you don’t want to disable the automated send feature but you’d like a little bit of a delay, you can set a rule on outgoing messages in the Outbox. While messages are waiting in the Outbox, you can edit or even delete them. To set up a rule that delays all outgoing mail, follow these steps:

  1. Click the File tab and double-click Manage Rules & Alerts. Or choose Manage Rules & Alerts from the rules dropdown in the Move group on the Home tab (in Mail).
  2. In the resulting dialog, click New Rule.
  3. In the Start From A Blank Rule section, select Apply Rule On Messages I Send (Figure B) and click Next.
  4. In the following wizard pane, don’t check any options; the lower pane will display Apply This Rule After I Send The Message. Click OK without changing anything. When Outlook asks you to confirm that the rule will be applied to every message, click Yes.
  5. In the next pane, check the Defer Delivery By A Number Of Minutes option.
  6. In the lower pane, click the Number Of Minutes link, enter the number of minutes (Figure C), and click OK. The link will now display the number of minutes you entered. Click Next.
  7. At this point, you can check exceptions, or not. For instance, you might want to bypass the delay if you’ve marked a message as Important. For this example, don’t check any exceptions. Click Next without changing anything.
  8. In the final window, give the rule a name, such as 10-minute delay. If necessary, check the Turn On This Rule option. You can also select Create This Rule On All Accounts, if that’s your intention. Click Finish and then click OK when you’re ready to create the rule.

Launch the Rules wizard.


Enter the number of minutes you want to delay each message.

If you edit a message while it’s in the Outbox, Outlook doesn’t reset the timer. It’s possible that you might decide to rescind the delay, and fortunately, Outlook has an option to do so:

  1. Open the delayed message (you’ll find it in the Outbox).
  2. Click the Options tab.
  3. Click the Delay Delivery option.
  4. In the resulting dialog, uncheck the Do Not Deliver Before option (Figure D).
  5. Click OK.

You can change your mind and send a delayed message at any time.

It’s counterproductive to disable the automated send feature (#1) and set a delay rule. Outlook ignores scheduled delays if you’ve disabled the automated send feature.

3: Delay a single message

If disabling the automated feature or delaying all messages is overkill, you can always delay individual messages, as needed. Fortunately, the process if easy and flexible. To delay an individual message, do the following:

  1. Click the Options tab in the new message window.
  2. In the More Options group, click Delay Delivery.
  3. In the Delivery Options section, set the date and time Outlook should send the message. The default settings (shown earlier in Figure D) are for 5:00pm on the current day, and I don’t know of anyway to change this default setting.

If you decide to send the message before the scheduled time, simply uncheck the Do Not Deliver Before option.

4: Send after connecting

If you leave messages in the Inbox when you exit Outbox, Outlook can send them when you next launch, if you like:

  1. Click the File tab, choose Options, and click Advanced.
  2. In the Send And Receive section, check the Send Immediately When Connected option (Figure E).
  3. Click OK.
Send when launching Outlook.

This option isn’t a catch-all for forgotten messages. If you’ve disabled the automated send feature, it won’t work even if you select it. If the scheduled time for a delayed message hasn’t arrived, this option won’t send that message. This option doesn’t add much to the mix.

Additional insight

You can do everything right and not get the desired results; your expectations probably don’t fall in line with Outlook’s reality. If you disable Outlook’s ability to send messages waiting in the Outbox, you may or may not receive a prompt to remind you when you exit. It depends on cache settings and even an add-in can usurp this option. In addition, Outlook doesn’t send messages when closed, regardless of what you might have scheduled. Anything sitting in your Outbox when you exit will still be there the next time you launch Outlook. If a scheduled send time has lapsed, Outlook will attempt to send the messages upon launching. Don’t schedule send tasks if you’ve disabled the automated send feature; these two features don’t work together.

If you schedule messages and you’re sure that the automated feature is enabled, but Outlook never sends the scheduled messages, talk with your administrator. If you don’t have one, it’s possible that an add-in is interfering. Disable all add-ins and see if the scheduling feature starts working for you. If it does, enable the add-ins one at a time until you find the culprit.

Harkins, Susan. “Four ways to control outgoing email in Outlook” TechRepublic, MS Office, January 28, 2018

Posted in: E-mail, MS Office Tips and Tricks

Leave a Comment (0) →

Unsubscribing from Spam Only Makes It Worse

The last time I checked my spam folder, I noticed a few messages included an unsubscribe link. Well that’s nice, I thought. Maybe spammers realize that some people will never respond, so they want to trim their lists for efficiency. I clicked “unsubscribe.” That was a mistake.

While “legit companies” honor unsubscribe requests, says the McAfee Labs blog, “shady” ones just use the unsubscribe buttons to confirm your address and send you more spam. Sophos blogger Alan Zeichick says that clicking unsubscribe tells the spammer you opened their email, possibly because you were interested or suspected it was real. By visiting the spammer’s fake unsubscribe page, you’re giving them your browser info and IP address, and even opening yourself up to malware attacks.

If an email looks like truly shady spam (and not just a newsletter you’re sick of reading), don’t click any links. Just mark it as spam and move on.

Douglas, Nick. “Unsubscribing from Spam Only Makes It Worse” Lifehacker June 2017

Posted in: E-mail, Security

Leave a Comment (0) →

7 Dangerous Subject Lines

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. But you can avoid such attacks by being patient, checking email addresses, and being cautious of sketchy-sounding subject lines.

2 out of 5 people open emails from unknown senders!

7 dangerous subject lines to watch for

Cybercriminals initiate their attacks through hyperlinks or attachments within emails. Most of these attacks use urgency or take advantage of user trust and curiosity to entice victims to click. Here are examples of subject lines to be cautious of.

Remember me? It’s Tim Timmerson from Sunnytown High! Criminals use social engineering tactics to find out the names of the people close to you. They may also hack a friend or relative’s email account and use their contact lists as ammo. Next, they research and impersonate someone you know, or used to know, through chats and emails. Not quite sure about a message you received? Hover your mouse over the sender address (without clicking) to see who the real sender is.

Online Banking Alert: Your Account will be Deactivated. Imagine the sense of urgency this type of subject line might create. In your panicked rush to find out what’s going on with your account, you might not look too closely at the sender and the URL they want you to visit. At the end of March, a Bank of America email scam just like this was successfully making the rounds. Initially, the email looked completely legitimate and explained politely that a routine server upgrade had locked the recipient out of their account. At this point, when clicking the link to update their account details, an unsuspecting victim would be handing their login credentials and banking information over to cybercriminals.

USPS: Failed Package Delivery. Be wary of emails saying you missed a package, especially if they have Microsoft Word documents attached. These attacks use the attachments to execute ransomware payloads through macros. Senior Threat Research Analyst Tyler Moffitt walks us through what it’s like to get hit with a ransomware payload from a USPS phishing email.

United States District Court: Subpoena in a civil case. Another common phishing attack imitates government entities and may try to tell you that you’re being subpoenaed. The details and court date are, of course, in the attachment, which will deliver malware.

CAMPUS SECURITY NOTIFICATION: Phishing attacks have been targeting college students and imitating official university emails. Last month, officials at The University of North Carolina learned of an attack on their students that included a notification email stating there was a security situation. The emails were coming from a non-uncg.edu address and instructed users to “follow protocols outlined in the hyperlink”. Afterward, the attacker would ask victims to reset their password and collect their sensitive information.

Ready for your beach vacay? Vacation scams offer great deals or even free airfare if you book RIGHT NOW. These scams are usually accompanied by overpriced hotel fees, hidden costs, timeshare pitches that usually don’t pan out, and even the theft of your credit card information. Check the legitimacy of offers by hovering over links to see the full domain, copy and pasting links into a notepad to take a closer look, and by researching the organization.

Update your direct deposit to receive your tax refund. The IRS warns of last minute email phishing scams that take advantage of everyone’s desire for hard-earned refunds and no doubt, their banking credentials.

Read between the lines

  1. Enable an email spam filter
  2. Hover over links before you click
  3. Keep your cybersecurity software up to date
  4. Disable macros to avoid ransomware payloads
  5. Ignore unsolicited emails and attachments
  6. Be on the lookout for the top 5 tax season scams
  7. Educate yourself on social engineering attacks
  8. Check the Federal Trade Commission’s scam alerts

Help us create awareness around scams and phishing attacks with dangerous subject lines. Education to adopt safer online habits should be top priority. So, share this blog with your colleagues.

Rush, Mike. “7 Dangerous Subject Line” Webroot, April 2017

Posted in: E-mail, Security

Leave a Comment (0) →

Make Important Email Standout in Outlook

 

To make sure emails from important contacts stand out and do not go unnoticed, you can set up a rule that makes the email appear in a specific color or a specific size and type of font. For example, you can make emails from your boss appear in a larger font or have emails from family members all appear in red. To set up the way emails are displayed for Outlook 2016, Outlook 2010 and Outlook 2007:

For Outlook 2016:

  • Go to the View tab

  •  Select View Settings

 

  • Choose Conditional Formatting

 

  •  Click add
  • Name your rule
  • Click on Font and pick a color, style and size and click OK

 

  • Click on Condition

 

  • Type in the email address of the sender or senders you want to highlight. For multiple people, separate the email address with a semicolon.

 

For Outlook 2010:

  • Go to View tab

 

 

  • Select View Settings

 

  • Choose Conditional Formatting

 

  • Click Add
  • Name your rule
  • Click on Font and pick a color, style and size and click OK

 

  • Click on Condition

 

  • Type in the email address of the sender or senders you want to highlight. For multiple people, separate the email addresses with a semicolon.

 

For Outlook 2007:

  • Go to the tools menu

 

  • Select Organize, using colors

 

  • Then choose specific colors for emails from specific people

 

  • More advanced automatic settings for applying font type and size to emails can be added by selecting Automatic Formatting in the top right corner of the Using Colors screen.

 

  • Click “Add” to create more rules
  • When you’re finished creating your rule, important email will stand out.

 

 

Kantra, Suzanne. “Make Important Email Standout in Outlook with Color Coding” Techlicious February 2017

Posted in: E-mail, MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

What is Spearphishing? How to Stay Safe Online From this Effective Cybercrime Technique

Spearphishing? All it takes is a single click, but it doesn’t have to be this way.spear-phising

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting ‘phishing’, also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it’s rarely a mistake. Using your personal information – either hacked from another source or lifted from public social media profile – spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus – often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work – stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalized email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?

Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you – your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected

Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer’s security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information – think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

Murock, Jason. “What is Spearphishing? How to stay safe online from this effective cypbercrime technique”. IBT. December 2016

Posted in: E-mail, Mobile Computing, Security

Leave a Comment (0) →

There’s now one less excuse not to use a password manager

password-manager

LastPass becomes a great free option.

LastPass is making its password manager a much better option for people who don’t want to pay. As of today, it’s opening up to everyone the ability to sync passwords between an unlimited number of devices — something that used to be available only to subscribers.

Free users were previously limited to syncing LastPass to a single app, which is pretty limiting in a world where you very possibly need to access those passwords across multiple PCs, a phone, and a tablet. Now, there are no longer any big restrictions on the free version of LastPass (though it’s still offering a $1 per month subscription with some additional features).

Like other password managers, LastPass can be used to generate strong and unique passwords, keep track of which sites and services they belong to, and then enter them when needed. LastPass stores all passwords in the cloud, making them accessible from anywhere. That makes syncing simple, though it also opens the service up to some security concerns (ones that its competitors face as well).

Still, using LastPass or any other password manager is going to be a significant step forward for most people when it comes to security. We’ve seen a steady stream of hacks this year that have compromised usernames and passwords from major sites. Using a password manager lets you use a different password in every location, minimizing the potential fallout of a password leaking out. Password managers can be a bit of a hassle to use (compared to typing in a single memorized password), but it’s worth the effort.

Kastrenakes, Jacob. “There’s now one less excuse not to use a password manager.” The Verge. N.p., 2 Nov. 2016. Web.

Posted in: E-mail, IT Support, Security, Tech Tips for Business Owners

Leave a Comment (0) →

3 Simple Rules That’ll Make Your Emails 10X Better

email

3 Simple Rules That’ll Make Your Emails 10X Better

I’ve been a member of the five-sentence club for about a year now. Anyone can become a member, but staying in? Well, that’s much harder. To remain eligible, you can’t send an email longer than five sentences.

As you can imagine, being in the club requires a lot of work. But it’s worth it: The first month I joined, my response rate tripled. Plus, my recipients’ average response time plunged by an entire day.

I like how straightforward the five-sentence rule is, but you can reap the same benefits simply by writing less. These three strategies will turn you into a master of short emails.

1) Slim Down Your Sentences

Most sentences are far more fluff than substance. Take this excerpt from an email I got yesterday:

I got your contact information because I’m looking to connect with remote workers as I am one myself. I’ve built a great app that allows you to keep headphones on while working with colleagues and I just want to get it into the hands of people that want to use it.

Reading this made my head spin. What if he’d instead written:

I’m a fellow remote worker, and I’ve built an app that lets you keep your headphones on while working with coworkers.

Much better, right?

If you need some practice cutting out superfluous words, great news — Write On Par is a fun, quick game that helps you turn rambling sentences into short, tight ones. Play for five minutes every day to hone your writing skills.

2) Make Every Line Count

Once you’ve shortened the length of your sentences, it’s time to cut altogether the unnecessary ones. When I’m trying to whittle down an email to five lines, I go through each one and ask, “Does this add value to my recipient’s life?” If not, I cut it.

To give you an idea, here’s the first draft of a follow-up email:

Hi David,

I hope your week is going well. It was great meeting you at the conference last night — I especially enjoyed hearing your thoughts on beacon applications in health care.

Since you mentioned you enjoy hiking, I thought I’d pass along this article on the 10 best hikes in the Bay Area. I’ve been on almost all of them and would be happy to share my recommendations. In any case, thanks again for the insights!

Best,

Aja

This email isn’t horrible, but there are a couple generic phrases that don’t add value to David’s life: Specifically, “I hope your week is going well,” “It was great meeting you,” and “In any case, thanks again for the insights!”

Here’s the email without these phrases:

Hi David,

Thanks for telling me your insights on beacon health care applications at the conference last night. Also, you might like this article on the 10 best hikes in the Bay Area — I’ve been on almost all of them and would be happy to share my recommendations.

Best,

Aja

As you can see, focusing on value naturally leads to shorter emails.

 3) Focus on the Goal

Are your emails still too long? You’re probably trying to accomplish too many things in one message.

For example, I got a four-paragraph email last week that included four questions, three “quick clarifications,” and a lot of unnecessary context. I’ll be honest: I still haven’t responded.

To avoid this mistake, first identify the primary reason you’re sending the email.

That could be requesting or confirming a meeting, asking or answering a question, sharing an article or report — you get the drift.

Once you’ve figured out your goal, return to your message and delete everything that doesn’t forward that goal.

If you’re confirming a meeting with your boss, for instance, cut the question about next week’s presentation. (You could always send a separate email, or ask her in person.) Or if you’re sending the prospect some price and feature information, delete the links to several blog posts they “might be interested in.”

Short messages show respect — after all, you’re telling the other person that you know their time is valuable. So, if you want better relationships and better response rates, join the (five-sentence) club.

Frost, Aja. HubSpot “3 Simple Rules That’ll Make Your Emails 10X Better” June 2016

Posted in: E-mail, Tech Tips for Business Owners

Leave a Comment (0) →

Unsubscribing From Unwanted Email Carries Risks

Unsubscribe-email-risks

We all receive loads of unwanted email solicitations, warnings, and advertisements. The number can be overwhelming to the point of obnoxiousness. Some days it feels like an unending barrage of distracting deliveries that require a constant scrubbing of my inbox.

Beyond being frustrating, there are risks. In addition to the desired and legitimate uses of email, there are several shady and downright malicious uses. Email is a very popular method for unscrupulous marketers, cybercriminals, and online threats to conduct social engineering attacks. Spam, phishing, and fraud are common. Additionally, many attackers seeking to install malware will use email as a delivery channel. Electronic mail can be an invasive communication mechanism, so we must take care.

Unfortunately, like most people, I tend to make my own situation even worse. In my professional role, I devour a tremendous amount of industry data, news, and reports to keep my finger on the pulse of change for technology and security. This attention usually requires me to register or provide my email address before I get a “free” copy of some analysis I desire. I could just give a false email, but that would not be ethical in a business environment. It is a reasonable and expected trade that benefits both parties. I get the information I seek and some company gets a shot at trying to sell me something. Fair enough, so I suffer and give my real work email. In this tacit game, there is an escape clause. I can request to no longer be contacted with solicitations after the first email lands in my inbox. Sounds simple, but it is not always that easy.

The reality is I receive email from many more organizations than I register with. Which means someone is distributing my electronic address to many others. They in turn repeat and the tsunami surging into my inbox gains strength. I become a target of less-than-ethical marketers, cyberattackers, and a whole lot of mundane legitimate businesses just trying to reach new customers.

Some include an unsubscribe link at the bottom of the message. This link holds an appealing lure of curbing the flood of email destined for the trash folder. But be careful. Things are not always as they seem. While attempting to reduce the load in your inbox, you might actually increase the amount of spam you receive, and in the worst case you could be infecting your system with malware by clicking that link. Choose wisely!

Recommendations for unsubscribing from email

Rule #1: If it is a legitimate company, use the unsubscribe option. Make sure the link points to a domain associated with the purported sender. Legit companies or their marketing vendor proxy will usually honor the request.

Rule #2: If it is a shady company, do not unsubscribe, just delete. If your mail service supports it, set up a block or spam rule to automatically delete future messages from these organizations.

If the message is seriously malicious, the “unsubscribe” link may take you to a site configured to infect or compromise your system. This is just another way bad guys get people to click on embedded email links. Don’t fall for this ruse! It may result in a malware infection or system compromise.

If the message is semimalicious, like a spam monster that will send mail to any address it can find, then clicking the “unsubscribe” link tells them this is a valid email address and that someone is reading the mail. This knowledge is valuable for them; they will sell that email address as “validated” to others and use it for future campaigns. Result: more spam.

Rule #3: Some spam and solicitations don’t offer any unsubscribe option. Just delete. Probably not a company you want to patronize anyways.

If you are in a work environment, be sure to know and follow your corporate policies regarding undesired email. Many companies have security tools that can inspect, validate, or block bad messages. They may also have solutions that leverage employees reporting of bad email to better tune such protections. Open attachments only from trusted sources.

Just remember, if you are not sure the email is legit, do not open or click anything, and NEVER open any attachments, including PDFs, Office documents, HTML files, or any executables because they can be used by attackers to deliver Trojans to infect your system with malware, ransomware, or other remote manipulation tools. Cybercriminals often pose as real companies with real products. Make your email life easier by unsubscribing with care and forethought.

Rosenquist, Matthew. “Unsubscribing From Unwanted Email Carries Risks”, McAfee Labs April 2016

Posted in: E-mail, Security

Leave a Comment (0) →

How to Deal With the Rising Threat of Ransomware

ransomwareOf all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or websites featuring ads. Ransomware encrypts files on a user’s computer and renders them unusable until the victim ransoms the key for a specific amount of money.

Cybercriminals are making millions of dollars from ransomware. According to forecasts and assessments made by experts, the threat of ransomware will continue to rise in the months and years to come. Recently, several organizations were badly hit by ransomware, including a police department in Massachusetts, a church in Oregon, schools in South Carolina schools and several medical centers in California and Kentucky, one of which ended up paying the attackers 40 bitcoins (approximately $17,000).

Attacks on individuals seldom make the headlines, but in 2015 alone, the FBI received some 2,500 complaints related to ransomware attacks, which amounted to approximately $24 million in losses to the victims.

Technologies such as modern encryption, the TOR network and digital currencies like bitcoin are contributing to the rising success of ransomware, enabling hackers to stage attacks with more efficiency while hiding their trace.

In many cases, victims are left with no other choice than to pay the attackers, and even the FBI often advises victims to pay the ransom as the only recourse. Traditional methods and tools no longer suffice to deal with the fast-evolving landscape of ransomware viruses, and new approaches are needed to detect and counter its devastating effects.

The problem with traditional security solutions

Most security practices rely largely on regularly updating your operating system, software and antivirus tools, which are effective to protect yourself against known ransomware viruses — but are of no use against its unknown variants.

The other safeguard against ransomware is to keep offline backups of your files, which will enable you to restore your hostage files without paying the crooks. This is a very effective method, but for many organizations, the downtime of a ransomware attack is more damaging than the ransom itself, which warrants the need for methods that can help avoid ransomware altogether.

Prevention through behavior analysis

The high success rates of ransomware attacks are directly attributed to the shortcomings of antivirus software that rely on static, signature-based methods to detect ransomware. With several variants of ransomware being developed on a daily basis, there’s simply no way signature-based defenses can keep up. Udi Shamir, Chief Security Officer at cybersecurity firm Sentinel One, explains, “With minor modifications a cybercriminal can take a well-known form of ransomware like CryptoLocker, and make it completely unknown and undetectable to antivirus software.”

Experts agree that fighting ransomware needs a new approach, one that should be based on behavior analysis rather than signature comparison. “Behavior-based detection mechanisms are now playing a key role in detecting and preventing ransomware-based attacks,” Shamir says. “While there may be many ransomware variants in the wild, they all share a common set of traits that can be detected during execution.”

Most ransomware can be detected through a set of shared behavioral characteristics. Attempts at deleting Windows Shadow Copies, disabling Startup Repair or stopping services such as WinDefend and BITS are telltale signs of ransomware work. “Each of these actions are behaviors that, if detected, translate into a ransomware attack,” Shamir explains.

This is the general idea behind some of the newer security tools — instead of making signature-based comparisons, processes are scrutinized based on their behavior and blocked if found to be carrying out malicious activity. “Once detected, any malicious processes are killed instantly, malicious files are quarantined, and endpoints are removed from the network to prevent any further spread,” Shamir says.

Aside from Sentinel One, other big players such as TrendMicro, Cisco and Kaspersky Labs are also offering behavior-based security tools.

“These new ‘next-generation’ endpoint protection solutions have proven to be effective against all variants of ransomware,” Shamir says.

Prevention without detection

One of the methods ransomware developers use to evade detection is to force their tool to remain in a dormant state while it is under examination by security tools. This enables new variants of the virus to get past antiviruses and even some behavioral-based security solutions without being discovered. Once out of the sandbox, the ransomware is in the ideal environment to unpack its malicious payload and deal its full damage.

The workaround to this technique, as discovered by an Israeli cybersecurity startup, is to trick the ransomware that it is always in the sandbox environment, which will convince it to remain in the “sleeping” state and never wake up to deploy itself.

Minerva Labs, which came out of stealth this January, presented a solution that uses the ransomware’s own evasion techniques against it. “We figured that in order to fight malware, we have to think like the hackers that develop it,” says Eddy Bobritsky, CEO of Minerva Labs.

Traditional methods and tools no longer suffice to deal with the fast-evolving landscape of ransomware viruses.

Minerva has introduced the concept ofa low footprint endpoint protection platform that “prevents targeted attacks as well as ransomware before any damage has been done, without the need to detect them first or to have prior knowledge,” Bobritsky explains.

By simulating the constant presence of different sophisticated cybersecurity tools, such as Intrusion Prevention Systems (IPS), the ransomware becomes trapped in a loop that prevents it from knowing where it is. The malware cannot differentiate between the simulated environment and real security environment that it tries to evade, and thus it stays inactive, “waiting for conditions that will never materialize,” Bobritsky says.

Prevention through a multi-pronged approach

“Per se, new products, tools or technology and processes may not solve the challenges individuals or organizations face when infected with ransomware,” says Jens Monrad, consulting system engineer at security firm FireEye. “Above all we need a fundamentally new way of thinking about cyberattacks.”

Monrad suggests the Adaptive Defense model, which instead of focusing on total prevention recognizes that some ransomware attacks will get through and aims at reducing the time to detect and resolve threats.

“In the adaptive model, security teams have the tools, intelligence, and expertise to detect, prevent, analyze, and resolve ever-evolving tactics used by advanced attackers,” Monrad explains.

Adaptive defense should encompass three core interconnected areas of technology, intelligence and expertise, which, according to Monrad, are fundamental for enterprises, governments and organizations that want to develop their capabilities to minimize the time it takes to discover a threat and recover from it.

At the technology level, Monrad proposes the use of sophisticated security tools. “Simple sandbox solutions aren’t enough though,” he explains, “because in many cases a piece of malicious code and an attack can happen over multiple stages, which makes detection and prevention more challenging, if your sandbox is just relying on a single object.”

This includes viruses that download and execute their malicious payload after getting past the sandbox. That’s why sandboxing should occur at the network level, Monrad argues, where you can “focus on the entire stream of packets, in order to analyze what is happening, in a similar way, as normal users are exposed to the code when they browse the Internet, click on a link in an email or open an attached file.”

At the intelligence level, “data should be gathered and shared across many endpoints and should be managed by a dedicated research team that knows attackers and how they operate,” Monrad says. The right solution should “provide intelligence before a ransomware attack happens, while it is happening and also explain why it did happen,” he says.

The expertise discipline includes experience in responding to data breaches, unique insight into how attacks are happening and knowledge on what sort of operational methods attackers employ in order to carry out successful attacks.

Dickson,Ben. “How to Deal with the Rising Threat of Ransomware” TechCrunch April 2016

Posted in: Business, E-mail, Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 2 12