Why You Need Encrypted Email

Everyone knows there are scammers on and offline bending over backward to screw you out of your hard- earned money. But, despite the frequent warnings, publicity from various sources and personal experiences victims tell us about, scammers are still winning.

The following article confirms this:

"According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the past 12 months through business email compromise, also known as BEC scams or payment redirection scams.

In such scams, cybercriminals trick victims by getting them to redirect their legitimate fund transfers, which victims think they are making to a business, into the criminals' own accounts.

The cyberthieves usually do this by intercepting legitimate emails sent from a business to a client. They then send a new email to the client, with a notice to send money, but changing the business's bank account details to their own.

The unsuspecting victim transfers funds to the fraudster and is unaware they've been tricked until the business contacts them, asking what happened to the payment.

Police say that business email compromise scams occurred at least 3,300 times last year. Unfortunately, the police managed to retrieve only $8.45 million, a fraction of the total lost. "

- Tony Mitchell, Aviso EIA, Insurance Brokers

There are two things that concern me about this situation.

First, in Australia anyone opening a bank account has to provide 100 points of proof from official documents like passports, birth certificates, driver's licences, and Medicare Cards. Additionally, any transaction over 10 thousand dollars, especially those out of the country, is vetted by AUSTRAC.

Given the above, one would think that when someone is duped out of money, it would be easy for police to identify the accounts involved and the people who own the accounts. Apparently not which raises some serious questions.

Second, the people handling an organisation's payments, or individuals transferring money, aren't making sufficient effort to ensure their transfers are secure.

Encrypted Email

There are numerous email clients available that provide end-to-end encryption. This means that when an email leaves your device, the content is encrypted so that if it is intercepted, it cannot be read. It can only be read on the device of the recipient.

Find out if the email client you use is encrypted. If it isn't, perhaps think about getting a different one or using a different approach to transfer at-risk data eg, software that encrypts specific data (see below).

Encryption is a great safeguard, but with highly confidential or high-risk email transmissions, the message should not be left either on the senders or the recipient's hard disk drive/device because it could be hacked and is not encrypted. It's highly unlikely someone would benefit from this information given the types of scams we are speaking about, but it should be a precaution you take with all confidential data.

Encryption Software

If you used this approach, you would put confidential data in an encrypted, password-protected file and attach it to your email. Adobe Portable Document Format (PDF) files have this capability if you have Adobe software or some others that are available that convert files to PDF. You can assign a password for the document to be opened and much more. Data inside the document are encrypted.

There are other alternatives. I use a software program called Folder Lock that provides several useful functions including the ability to create a ZIP file with date encrypted and password locked.

Obviously, encryption of files won't stop someone intercepting your email if you use an unencrypted email client. However, it's good to think about documents that need to be protected during and after transmission and have a routine for doing so.

Talking of Routines

When I was a manager, I ensured my staff had access to Standard Operating Procedures that instructed them how to do tasks.

In an accounting department there should be an instruction to check all BSB and Bank Account numbers before sending money over a certain amount. This could be done by looking at clients' previous bank details if they are regularly paid eg, accounts payable, or telephoning them to confirm their details before making a large money transfer.

It's up to people responsible for money transfers to design a procedure that works for them. That will reduce considerably the risk involved in paying scammers instead of those for whom the payment was intended.

Good luck.

Robin

What I love about Gmail

Photo by Kon Karampelas

There are hundreds of email clients and a few big names ones like Outlook, Mail, Yahoo, Gmail, and the 32 described here, probably the tip of a large iceberg.

There are also numerous subscription email clients like ProtonMail that also have free (limited) versions. 

Many of them are no doubt excellent but if you've been using the same client for years, perhaps it's time to review whether it is doing exactly what you want. Or perhaps you want an alternative email account for a business, sports club or another specific purpose.

For example, you may want a "conservative" account for business purposes and a less conservative account for general communication. When I was involved in recruitment for an Australian Government agency, you'd be surprised at the number of email addresses that applicants submitted that were really inappropriate eg, "hotrodjamie@something.com" or "pleasurepuss@something.com".

It's not a good look when you're applying for a job!

Why I love Gmail

I've tried numerous email clients throughout the years and I love Gmail because it's:

1. easy to load and use
2. available on all my devices
3. available to use offline
4. capable of using encryption for all messages
5. capable of providing rules for filtering
6. able to send "out of office" messages
7. has a confidential mode
8. allows multiple addresses to be used receiving and sending email
9. is free with plenty of storage
10. able to download and distribute large attachments

There are several features you may not know about, so I'll briefly explain those.

Encryption

Some email clients provide it, some don't.

Encryption means that between you and your recipient, your message is encrypted and if intercepted by a third party, cannot be read. These days, this should be a necessity.

Confidential Mode

This is another great capability designed to improve security and privacy.

With confidential mode you can:

Prevent your messages being forwarded, copied, printed or downloaded, set an expiry date and require a passcode to access. The code can even be sent to a recipient via SMS.

These features are recommended when sending information that is sensitive. For example, if I sent my bank account details to someone, I can use confidential mode.

The expiry feature means that a day or two after I send it, nobody else will be able to access it.

With ordinary email, although it's encrypted during transit, while it sits in your email sent box and your recipient's inbox, it's vulnerable to being viewed by someone else using your device or who may have hacked into your device.

It's an excellent feature and one you shouldn't live without.

Multiple Addresses

There are two parts to this topic. One is about your email address that can use a suffix and the other about the different incoming and outgoing addresses you can use.

First - Gmail provides a capacity to add a suffix to your existing address eg, say your address is charlie@gmail.com. You decide to sign up to a subscription with G-Man Magazine. Instead of using your charlie@gmail.com address as is, you could use charlie+gman@gmail.com.

Adding the suffix provides several benefits. You can use as many as you want for different people and organisations and when you receive them use a Rule to Filter them into a specific Folder. 

If you find a specific address you have allocated is spamming you, you can set up a Rule to Delete the messages when they arrive. You can also contact the organisation to which you provided your address and inform them about the spam.

There are several other alternative characters and options you can use. If you want to explore it further, look in the Gmail Help section.

The second option relates to alternative email addresses you might have. You can do this:

1. Set up another Gmail account and redirect it to your charlie@gmail.com inbox. My wife and I use this setup. We have a formal address we use for business matters such as dealing with banks, insurance companies etc. I explain how it works below
2. Receive email from alternative email client accounts in your Gmail inbox and send replies using that account's email address and not your Gmail address

Case Study A

Belinda and Charlie DOE are a couple. They share a common email account for their combined business and family affairs and have separate accounts for themselves to use with friends.

Their common "formal" email address is: bandcdoe@gmail.com

Belinda's personal email address is: belinda@gmail.com

Charlie's personal email address is: charlie@gmail.com

They have set up their respective personal accounts ie, belinda and charlie to receive everything sent to bandcdoe@gmail.com. Every formal email that involves their family goes to each of the inboxes so both Belinda and Charlie know what is happening. They never have to check the bandcdoe account because it has been set up to forward every incoming message to both of them.

When either party replies from their personal accounts, the recipient will see that it came from the joint formal address. However, if one partner sends an email from the formal address and wants the other partner to know, they need to CC or BCC them at their personal account.

Case Study B

Belinda has a cosmetics company called BC Cosmetics. She uses a Microsoft Outlook account for all company correspondence. Her address is info-bcc@outlook.com.

Belinda decides she doesn't want to open her Outlook account every day to check her email, so she has set up Gmail to receive email sent from her Outlook account in her personal belinda@gmail.com account. 

She's also set up Gmail so that when she replies or sends a message from BC Cosmetics via her Gmail account it appears to have been sent from her Outlook account.

Conclusion

Using the features provided by Gmail can make your communications efficient and uncomplicated. I've been using Gmail since it first appeared and have not come close to filling the free 15 GB storage capacity it offers.

Another serious consideration is the encrypted email. According to Australia's Scamwatch businesses are being scammed when, "Scammers intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they have been scammed.”

You cannot afford to use email that doesn't encrypt before sending.