Scams and Scammers – Email

Article (PSA-0026)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Scams and Scammers – Part 3 (Email)

There are many types of scams and scammers you may encounter throughout your life. In the last article we talked a little bit about “Phone Scams” and what you can do when it happens to you. In this article we will address “Email Scams”.

Like the other scams, the purpose of an email scam is to trick you into giving the scammer your personal information or allowing them to install malicious software on your device. The personal information they want will be important things, such as login passwords, user names, account numbers or your social security number. The malware they install will be used to gather information from your device and/or hijack your device in what is called a ransomware attack. Ransomware attacks render your device unuseable until you pay the fee required by the attackers. Even then it is highly unlikely they will actually remove the ransomware after you pay. Knowledge and a healthy dose of common sense will prevent them from accomplishing their goal.

Scammers attempt to get information from you by crafting clever emails that may make emotional plees for help, or emails which look like password reset notifications, or emails that appear to be from institutions you may be familiar with, such as the Government, IRS or banks.

For businesses it can get even more complicated as the scammers can get a lot of information about your business from publically accessible resources which enables them to craft very specific emails which can add to the “believability” of these messages. So what can you do to protect yourself and your business?

First, you must develop a distrust of all email. According to research conducted by Symantec, nearly 85% of all emails are spam or malicious. Their research indicates that almost 9 out of 10 emails were not considered legitimate messages and most of these emails contained malicious links or attachments designed to infect your computer.

Next, make sure you have all the basics covered. Keep your devices updated with security updates, make sure you have working antivirus and firewall software and ensure spam prevention settings have been configured for your email address.

Finally, be prepared to examine any email requesting information. If you’re to busy at the moment, do nothing with the email until you have time to examine it. What are you looking for in the email? Ask yourself, does this email make sense, do I have this service, this account, or this software? If not mark it as spam (or junk). Take a look at the From email address, does it make sense? Let’s say this is an email claiming to be from Netflix, and you have a Netflix account. As you examine the From address you notice its admin@netflix.ru. What would you do with this email? You should mark it as spam and delete it immediately. Look at the address closely: notice the address after the @ symbol … netflix.ru, that’s not right. We would expect something like admin@netflix.com. How about this From address – admin@netflex.com, how’s that look to you? Look closely at the domain portion of the email (everything after the @ symbol). It says netflex.com which is not netflix.com. Again mark as spam and delete.

It can take some time and practice, but be patient and thorough and you will be better protected from email scams.

If you have questions about email give PSA Computer Services a call at (707) 506-6802 or check us out on the web at https://psa-2.com/

Email – POP, IMAP, SMTP … What Does It All Mean?

Article (PSA-0017)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Email – POP, IMAP, SMTP … What Does It All Mean?
Original release date: December 1, 2021

Almost all of us use Email on a daily basis, but most of us have little idea as to what is happening “under the hood” when we send or receive an Email. Like an automobile, not knowing how it works is not a really big deal … until something stops working! A little bit of knowledge about how the automobile works can save you time and money. The same is true about Email.

This article intends to give you basic information about how Email flows from a sender to a recipient and the most common protocols used to perform these functions.

Email works a lot like regular mail works. With regular mail you write a letter and put it in your mailbox with the flag up. This flag lets your post-delivery person know you have an outgoing letter. The postal delivery person will take your mail to the post office, where it will be sorted and routed to the next destination. Each time it is sorted and routed it should, theoretically, be getting closer to the intended recipient address. Once delivered and when the recipient next checks their mailbox – voila! – they get the letter you mailed to them!

With Email you write your message in your Email program and click the send button. If all works as expected, it is sent from your Email program to your Email providers mail server. Your Email providers server then routes the Email to the next appropriate destination, until it finally ends up at the intended mailbox. Once delivered the recipient can use their Email program to download the message from their providers server or they can view their Email on the server directly without removing it from the server.

Email uses different protocols to transport your Email from and to your Email account. They can be grouped into two types: “Incoming” & “Outgoing”. Before looking at the common protocols used today, let’s get a working definition of protocol. An Email protocol is a standard method of information exchange between email clients (programs such as Outlook or Thunderbird) and Email servers (usually hosted by your Email service provider). One type of protocol is used to send Email (SMTP protocol) and the other type of protocol is used to receive Email (POP3 or IMAP).

Knowing this allows you to determine some basic facts about any Email issues you are experiencing. For example, if I am having trouble sending Email, and my Internet service has been verified as working, then my problem may very well be related to my send protocol (SMTP protocol) settings. If I am having trouble receiving Email, and my Internet service is working, then my problem may be related to my receive protocol (POP3 or IMAP) settings. This is a gross oversimplification of the Email troubleshooting process and is intended for basic discussion purposes only.

One last point on email protocols. The receive protocol you use makes a big difference in the way you view and work with your Email. If you need to check your Email from more than one device (computer, laptop and phone) then you should use the IMAP protocol. If you only intend to check your Email on one device then you can use the POP3 protocol, although IMAP is still recommended – if available.

When you use IMAP, your Email program functions as a “Viewer” through which you can view your Email and directories located on your service providers server. Your Email remains on their server(s) and is available for viewing by many devices at the same time. With POP3, your Email program downloads your Email to your computer and removes the Email from your service providers server(s). If you were to attempt to check your Email from a different device now, you would not see any Email other than those that came in since the last time you checked. This can lead to a very complex and confusing Email environment.

If you have questions concerning your email services give us a call.

You’ve Got Spam!

Article (PSA-0015)
Submitted by: Rebekah Long, Technician
Company: PSA Computer Services
Titled: You’ve Got Spam
Original release date: June 10, 2021

Getting spam is a hassle. No argument there, but what’s even worse than that?

Unknowingly sending it.

When fake, unverified, and potentially virus ridden emails go out with your email address, it can look bad. And not only do you look bad, but you also have to deal with the emails that bounce back due to dead addresses.

There’s one reassurance in all of this, your computer is not actually sending out spam, and your computer and IP address are still safe. Unfortunately, there is still some bad news.

If spam is being sent from your email address, your address has either been “spoofed” or “hijacked.” Either way the spam isn’t coming from your computer, and probably not from the bad actors computer either. It’s most likely being sent from someone’s “Malware-Infected” computer – and they probably don’t even know they’ve been hacked!

Spoofing an address is when someone sends email with your email address as the sender, even though they don’t actually have access to your email account.

Unfortunately, as of now, there is no way to prevent spoofing. Additionally, there is no way to know for sure who sent the spoofed emails and no way to stop it from happening.

Fortunately, these bad actors tend to change the email address’s they spoof often, and they will move on from your email address eventually. Your email service provider may administratively block your email address for a period of time when they notice the large amount of email being sent from your email account. If this happens, you will need to contact them to “unblock” your email address.

Hijacking can be much more devastating. In the case of a hijacking the criminal takes control of your email account. This includes them having the ability to read your email, and contacts list. They can then use this information to specifically target people in your contacts. A hijacker can also lock you out of your own email account by changing your password.

Thankfully, unlike spoofing, something can be done about hijacking.

If you can still receive email, try logging into your email account on another computer or by using your internet browser’s private mode. When the login fails, try the services “Forgot your password?” or “Need help?” link. The service will email you a password reset link. You will need to act fast and get the password reset email before the bad actor.

If that fails you’ll have to contact your email service provider and explain the problem. If you have access to the internet, then perform an internet search similar to “I can’t sign into my Gmail account” or “I can’t sign into my Outlook account” or the name of whatever email service you use. This should get you to a support page for your email service provider.

If you’ve been using the same password for other services – you should change those passwords immediately to stop the hacker from moving onto other services you use.

Once you have your email account back under control, don’t forget to email apologies to everyone who received spam from your email address.

Here are four things you can do to help prevent your accounts from being hacked in the future:

  • Use passwords that are 9 characters or more. Utilize upper and lowercase letters, numbers and a special character or two (if allowed).
  • Use different passwords for each different account (don’t be lazy, you’ll regret it later!)
  • If the account offers multi-factor authentication, use it.
  • Do not send passwords in emails …. ever!

If you’ve been hacked and need help give us a call.