Tag email

Scams and Scammers – Email

by Billy J Long Guidance, PSA Articles

Article (PSA‑0026)

Why Email Scams Matter

Scammers use email to trick you into handing over personal data (passwords, Social‑Security numbers, account numbers) or to install malicious software that can turn your device into ransomware. Even if you pay the ransom, the attackers almost never unlock your files.

Common Ways Email Scams Look

  • Urgent pleas for help (e.g., “My account is locked – send money now”).
  • Fake password‑reset or security‑alert messages.
  • Impersonations of familiar institutions – government agencies, the IRS, banks, or popular services like Netflix.

Why Businesses Are Prime Targets

Scammers can harvest a company’s public data (website, LinkedIn, press releases) and craft highly specific, believable messages that appear to come from a trusted partner or vendor.

Key Statistics (to put the risk in perspective)

According to Symantec research, **≈ 85 % of all email traffic is spam or malicious**. Roughly **9 out of 10** messages are not legitimate, and most contain malicious links or attachments.

Three Pillars of Protection

1. Adopt a Healthy Distrust of Email

  • Assume every unsolicited email could be a trap.
  • Never click links or open attachments unless you’re 100 % sure they’re legit.

2. Keep Your Basics Up‑to‑Date

  • Install operating‑system and application security updates promptly.
  • Run reputable antivirus/anti‑malware software and keep its definitions current.
  • Enable a firewall (built‑in Windows Defender Firewall or a third‑party solution).
  • Configure your email provider’s spam‑filter and junk‑mail settings.

3. Examine Suspicious Emails Carefully

  1. Don’t rush. If you’re busy, set the message aside and review it later.
  2. Ask yourself:
    • Do I actually have this service or account?
    • Does the request make sense for me?
  3. Check the sender address. Look at everything after the “@”.

    Real Netflix example:
    admin@netflix.com

    Fake Netflix examples (watch the domain part carefully):
    admin@netflix.ru
    admin@netflex.com

    The legitimate address always ends with .com and the domain name is spelled exactly “netflix”. Anything else (e.g., .ru, “netflex”) is a red flag.

  4. If anything feels off, mark the message as Spam/Junk and delete it.

Quick Email‑Scam Checklist

  • ✔️ Treat every unexpected email as suspicious until verified.
  • ✔️ Hover over links – the URL displayed must match the claimed site.
  • ✔️ Verify the sender domain (e.g., @bankofamerica.com, not @bankofamerica.co).
  • ✔️ Keep your OS, apps, antivirus, and firewall up to date.
  • ✔️ Use strong, unique passwords and enable multi‑factor authentication where possible.
  • ✔️ Report phishing attempts to your email provider and to the FTC (reportfraud.ftc.gov).

What to Do If You Think You’ve Been Compromised

  • Disconnect the device from the internet.
  • Run a full scan with your antivirus/anti‑malware solution.
  • Change passwords for any accounts that may have been exposed – start with email, banking, and any services that store personal data.
  • Consider enabling credit‑monitoring or a fraud‑alert with the major credit bureaus.

Need Help?

If you have questions about a specific email, need assistance tightening your security, or want a quick safety review, call PSA Computer Services at (707) 506‑6802.

Email – POP, IMAP, SMTP … What Does It All Mean?

by Billy J Long Guidance, PSA Articles

Article (PSA‑0017)

Why Knowing What Happens “Under the Hood” Helps

We all send and receive email every day, but only notice a problem when a message won’t go out or an inbox stays empty. Understanding the basic flow and the protocols involved can save you time, frustration, and even money.

Email Flow – From You to the Recipient

  1. You compose the message in an email client (Outlook, Thunderbird, Apple Mail, etc.) and click **Send**.
  2. The client talks to your outgoing mail server using the **SMTP** protocol (usually on port 587 or 465 with TLS). The server accepts the message and places it in a queue.
  3. The SMTP server looks up the recipient’s domain (e.g., example.com) via DNS MX records, then hands the message off to the recipient’s inbound server.
  4. The inbound server stores the message until the recipient’s client retrieves it.
  5. The recipient’s client uses either **IMAP** or **POP3** (both over TLS) to download the message, then displays it in the inbox.

Key Email Protocols

Outgoing – SMTP (Simple Mail Transfer Protocol)

  • Used **only** for sending mail.
  • Modern servers require encryption (STARTTLS on port 587 or SMTPS on port 465).
  • Often works with OAuth 2.0 authentication (e.g., Google, Microsoft 365) rather than plain passwords.

Incoming – IMAP vs. POP3

  • IMAP (Internet Message Access Protocol) – Port 993 (TLS)
    • Keeps mail on the server.
    • Syncs folders across all devices (phone, laptop, desktop).
    • Supports server‑side searching and multiple mailboxes.
  • POP3 (Post Office Protocol) – Port 995 (TLS)
    • Downloads mail to the local device and (by default) removes it from the server.
    • Good for a single device with limited storage, but makes multi‑device access painful.
  • Even when POP3 is used, most providers now keep a copy on the server for a short grace period.

Choosing the Right Receive Protocol

  • If you need to read mail on multiple devices (phone, tablet, work PC) – choose **IMAP**.
  • If you only ever use one device and want to store mail locally – POP3 will work, but IMAP is still the safer default.

Quick Troubleshooting Checklist

  1. Can you connect to the internet? Verify Wi‑Fi/Ethernet works.
  2. Sending problems?
    • Check SMTP server name, port, and encryption.
    • Confirm username/password (or OAuth token) is correct.
    • Look for any firewall or antivirus that might block outbound port 587/465.
  3. Receiving problems?
    • Verify IMAP (or POP3) server address, port, and TLS setting.
    • Make sure the account isn’t set to “offline” or “work offline”.
    • Check that your mailbox isn’t full (many providers impose a quota).
  4. Authentication errors? Many providers now require **app‑specific passwords** or **OAuth 2.0**; generate a new credential in your account portal.
  5. Still stuck? Capture the exact error message and give it to your IT support team – it often points directly to the mis‑configured setting.

Bottom Line

Understanding the three core protocols—SMTP for sending, IMAP/POP3 for receiving—lets you diagnose most common email issues quickly. Use IMAP whenever you want seamless access from multiple devices; stick with POP3 only if you have a strong need to keep mail solely on one machine.

Need a Hand?

If you have questions about configuring your email client, fixing sending/receiving problems, or setting up a more secure authentication method, call PSA Computer Services at (707) 506‑6802. We’ll get your inbox back on track.

You’ve Got Spam!

by Rebekah Long Guidance, PSA Articles

Article (PSA‑0015)

Receiving spam is annoying. Seeing that same spam is being sent **with your own address** is even worse. When that happens one of two things is going on:

  1. Spoofing – the attacker forges the From: field so the message looks like it came from you, even though they have no access to your account.
  2. Hijacking – the attacker has actually taken control of your email account, can read your messages, see your contacts, and send mail as you.

What Spoofing Looks Like (and What You Can’t Do About It)

  • Messages appear in recipients’ inboxes with your address as the sender.
  • The source IP is usually a compromised computer far away – not yours.
  • There is currently no reliable way to **prevent** spoofing, nor to know who is doing it.
  • Spoofers typically move on quickly; most providers will temporarily block the offending address if the volume spikes.

Hijacking Is Treatable – How to Recover Your Account

  1. Try to log in from a clean device (or use a browser’s private/incognito mode). If you can’t sign in, click the provider’s “Forgot password?” or “Need help?” link.
  2. Reset the password immediately.** The password‑reset email must be claimed before the attacker does.
  3. If the reset link has already been used or you can’t receive it, contact the email provider’s support team (e.g., Gmail, Outlook, Yahoo) and explain that your account has been compromised.
  4. After you regain access, review security settings:
    • Enable **multi‑factor authentication (MFA)** if it’s available.
    • Check for any forwarding rules, auto‑responders, or linked applications you didn’t create and delete them.
  5. Change passwords on any other services where you reused the same credentials.** Attackers often try those next.
  6. Send a brief apology to anyone who received spam from your address, letting them know you’ve secured the account.

Prevent Future Compromise – Four Simple Steps

  • Strong passwords: at least 9 characters, mixing upper‑ and lower‑case letters, numbers, and symbols.
  • Unique passwords per account: use a password manager to keep track.
  • Enable multi‑factor authentication (MFA): adds a second verification step (code text, authenticator app, hardware key).
  • Never send passwords by email: never include login credentials in any message.

Need a Hand?

If you suspect your email has been spoofed or hijacked and you need help getting it back under control, call PSA Computer Services at (707) 506‑6802. We’ll guide you through recovery and bolster your security.