Why You Need Encrypted Email

Everyone knows there are scammers on and offline bending over backward to screw you out of your hard- earned money. But, despite the frequent warnings, publicity from various sources and personal experiences victims tell us about, scammers are still winning.

The following article confirms this:

"According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the past 12 months through business email compromise, also known as BEC scams or payment redirection scams.

In such scams, cybercriminals trick victims by getting them to redirect their legitimate fund transfers, which victims think they are making to a business, into the criminals' own accounts.

The cyberthieves usually do this by intercepting legitimate emails sent from a business to a client. They then send a new email to the client, with a notice to send money, but changing the business's bank account details to their own.

The unsuspecting victim transfers funds to the fraudster and is unaware they've been tricked until the business contacts them, asking what happened to the payment.

Police say that business email compromise scams occurred at least 3,300 times last year. Unfortunately, the police managed to retrieve only $8.45 million, a fraction of the total lost. "

- Tony Mitchell, Aviso EIA, Insurance Brokers

There are two things that concern me about this situation.

First, in Australia anyone opening a bank account has to provide 100 points of proof from official documents like passports, birth certificates, driver's licences, and Medicare Cards. Additionally, any transaction over 10 thousand dollars, especially those out of the country, is vetted by AUSTRAC.

Given the above, one would think that when someone is duped out of money, it would be easy for police to identify the accounts involved and the people who own the accounts. Apparently not which raises some serious questions.

Second, the people handling an organisation's payments, or individuals transferring money, aren't making sufficient effort to ensure their transfers are secure.

Encrypted Email

There are numerous email clients available that provide end-to-end encryption. This means that when an email leaves your device, the content is encrypted so that if it is intercepted, it cannot be read. It can only be read on the device of the recipient.

Find out if the email client you use is encrypted. If it isn't, perhaps think about getting a different one or using a different approach to transfer at-risk data eg, software that encrypts specific data (see below).

Encryption is a great safeguard, but with highly confidential or high-risk email transmissions, the message should not be left either on the senders or the recipient's hard disk drive/device because it could be hacked and is not encrypted. It's highly unlikely someone would benefit from this information given the types of scams we are speaking about, but it should be a precaution you take with all confidential data.

Encryption Software

If you used this approach, you would put confidential data in an encrypted, password-protected file and attach it to your email. Adobe Portable Document Format (PDF) files have this capability if you have Adobe software or some others that are available that convert files to PDF. You can assign a password for the document to be opened and much more. Data inside the document are encrypted.

There are other alternatives. I use a software program called Folder Lock that provides several useful functions including the ability to create a ZIP file with date encrypted and password locked.

Obviously, encryption of files won't stop someone intercepting your email if you use an unencrypted email client. However, it's good to think about documents that need to be protected during and after transmission and have a routine for doing so.

Talking of Routines

When I was a manager, I ensured my staff had access to Standard Operating Procedures that instructed them how to do tasks.

In an accounting department there should be an instruction to check all BSB and Bank Account numbers before sending money over a certain amount. This could be done by looking at clients' previous bank details if they are regularly paid eg, accounts payable, or telephoning them to confirm their details before making a large money transfer.

It's up to people responsible for money transfers to design a procedure that works for them. That will reduce considerably the risk involved in paying scammers instead of those for whom the payment was intended.

Good luck.

Robin

Are the Scammers Stupid?

 

By now, I have at least a billion dollars of Bitcoin. By all accounts, I'm wealthier than most.

Well, I would be, if the daily email messages I receive telling me of the huge amounts of money that have been added to a Bitcoin account I don't have, were true. Damn! It would be nice to be a billionaire, even just for a day or two.

Obviously, someone thinks I'm silly enough to click on a link to check out a Bitcoin deposit in an account I don't have. 

Then of course there are the legions of messages from women (perhaps) inviting me to view their beautiful naked bodies if I just click here. Why would I do that? I see all the beautiful women I want on Tumblr and Instagram. Like Bianca at left from Instagram. Bianca doesn't only have a body many a woman would die for and most real men 

would like to "play" with, I've seen her face - it's very pretty too.

Bianca is simply perfect. Except that I have to water the plants, make dinner and watch the news, I could look at her all day.

When I go shopping or walking in my neighbourhood, I see equally beautiful women and although they are mostly - always - dressed, they still look gorgeous and remind me of how fortunate I am to be able to see all the beautiful things nature has provided for us.

Last, but not least are the morons who send us email or SMS messages (I block the latter) advising us we have a parcel to collect when we know we haven't ordered anything.

Could it be a present from a long lost relative? Or perhaps Microsoft has decided to give everyone a free watch? Or perhaps it's simply bullshit and it's not very hard to find the truth.

An email I received from Australia's national postal service, Australia Post had an email address as shown above: "mooeasy.com."

Now, I'm not a rocket scientist, but in the 73 years I've lived in Australia, I've learned that Australia Post doesn't use mooeasy.com. If I know, you can bet your life most of the other 25 million Australians know too.

How stupid are these scammers?

Robin

PS: You can find the beautiful Bianca here.