You’ve may have heard that cybercriminals keep one step ahead of the “good guys” tasked to catch them or thwart their schemes. The picture gets even more bleak when you think about the implications of that statement. Crime fighters are always a step behind—and they are supposed to be the pros, the experts whose job it is to control cyber crime.
What does that say about the rest of us, the folks who depend on the internet and our digital devices to power our businesses? Let’s face it, we’re even further than merely one step behind, and lately, I’ve noticed some schemes are so well crafted, even if you consider yourself fairly savvy, you might fall for them.
Malicious emails
Friends recently received a spate of emails that seem to come from their own email addresses. The cyber “bad guy” said he had taken control of their email accounts and gained access to all sorts of account information, including their computers. In one email, the criminal threatened to expose embarrassing photos and demanded that a cryptocurrency payment be made to a certain account. When that was done, the criminal would abandon the email account and the victim could go on his or her merry way.
With all the publicity about ransomware, this scheme really pushes quite a few hot buttons, but fortunately, the ones I’ve seen so far have just been bluffs and just variations on the phishing technique. Most of us are familiar with phishing emails that attempt to look like they’re from a bank or other institution, but we’re less aware of phishing emails that appear to come from ourselves!
If you receive one of these emails, you need to dig into the email header. Check the domain name and IP address in the “Received” field—it won’t be from your email provider or web host. If you still have questions, check the IP address at Whois.DomainTools.com; if you don’t recognize it as being your provider—which you won’t—simply delete the email.
Other Articles From AllBusiness.com:
This scam has especially hit professionals who do business under their own name, such as [email protected]. The criminals look for these name-based domains and spoof the logical email address.
Related to this are the “info” email addresses that are so common, and if you have a WordPress site and use an “info” email address you may be targeted for a cPanel phishing scam. This scheme sends you a spoofed email from your account—allegedly from your cPanel—warning you that you’ve gone over some internal file size limit and you need to reset parameters or take some other action. The goal is to get you to log onto a counterfeit cPanel page and steal your username and password.
Both of these scams reveal the increased danger you’re exposed to when you use a generic and easily-guessable email address. Of course, there are also a lot of benefits to using such an email address. I’ll leave you with the advice to be super careful when you receive any type of red-flag warning email that looks like it has come from your own email account.
VPN security
Could you have imagined, say five years ago, that radio advertising for VPN (virtual private network) services would be common? With the rise of smart phones, tablet devices, and coffee shops acting as office space, VPNs have become big business.