Showing posts with label scams. Show all posts
Showing posts with label scams. Show all posts

Monday 23 August 2021

Why You Need Encrypted Email

Encrypted email
Everyone knows there are scammers on and offline bending over backward to screw you out of your hard- earned money. But, despite the frequent warnings, publicity from various sources and personal experiences victims tell us about, scammers are still winning.

The following article confirms this:

"According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the past 12 months through business email compromise, also known as BEC scams or payment redirection scams.

In such scams, cybercriminals trick victims by getting them to redirect their legitimate fund transfers, which victims think they are making to a business, into the criminals' own accounts.

The cyberthieves usually do this by intercepting legitimate emails sent from a business to a client. They then send a new email to the client, with a notice to send money, but changing the business's bank account details to their own.

The unsuspecting victim transfers funds to the fraudster and is unaware they've been tricked until the business contacts them, asking what happened to the payment.

Police say that business email compromise scams occurred at least 3,300 times last year. Unfortunately, the police managed to retrieve only $8.45 million, a fraction of the total lost. "

- Tony Mitchell, Aviso EIA, Insurance Brokers

There are two things that concern me about this situation.

First, in Australia anyone opening a bank account has to provide 100 points of proof from official documents like passports, birth certificates, driver's licences, and Medicare Cards. Additionally, any transaction over 10 thousand dollars, especially those out of the country, is vetted by AUSTRAC.

Given the above, one would think that when someone is duped out of money, it would be easy for police to identify the accounts involved and the people who own the accounts. Apparently not which raises some serious questions.

Second, the people handling an organisation's payments, or individuals transferring money, aren't making sufficient effort to ensure their transfers are secure.

Encrypted Email

There are numerous email clients available that provide end-to-end encryption. This means that when an email leaves your device, the content is encrypted so that if it is intercepted, it cannot be read. It can only be read on the device of the recipient.

Find out if the email client you use is encrypted. If it isn't, perhaps think about getting a different one or using a different approach to transfer at-risk data eg, software that encrypts specific data (see below).

Encryption is a great safeguard, but with highly confidential or high-risk email transmissions, the message should not be left either on the senders or the recipient's hard disk drive/device because it could be hacked and is not encrypted. It's highly unlikely someone would benefit from this information given the types of scams we are speaking about, but it should be a precaution you take with all confidential data.

Encryption Software

If you used this approach, you would put confidential data in an encrypted, password-protected file and attach it to your email. Adobe Portable Document Format (PDF) files have this capability if you have Adobe software or some others that are available that convert files to PDF. You can assign a password for the document to be opened and much more. Data inside the document are encrypted.

There are other alternatives. I use a software program called Folder Lock that provides several useful functions including the ability to create a ZIP file with date encrypted and password locked.






Obviously, encryption of files won't stop someone intercepting your email if you use an unencrypted email client. However, it's good to think about documents that need to be protected during and after transmission and have a routine for doing so.

Talking of Routines

When I was a manager, I ensured my staff had access to Standard Operating Procedures that instructed them how to do tasks.

In an accounting department there should be an instruction to check all BSB and Bank Account numbers before sending money over a certain amount. This could be done by looking at clients' previous bank details if they are regularly paid eg, accounts payable, or telephoning them to confirm their details before making a large money transfer.

It's up to people responsible for money transfers to design a procedure that works for them. That will reduce considerably the risk involved in paying scammers instead of those for whom the payment was intended.

Good luck.

Robin


Tuesday 30 June 2020

How to Lose a Customer by Dell

Dell Receipt
Throughout the years, I have had three or four Dell desktop computers and have never had a problem with their technology. Last year I bought my daughter a laptop from Dell. 

A couple of days ago I ordered a new laptop worth $1258 dollars. I placed the order online and used my credit card to pay for the purchase. As part of the credit card processing activity, my bank sent me an SMS message with a code that I had to enter online before the payment would be authorised.

The payment was authorised which meant that Dell had my money. I received an official Dell email telling me that they had received my order and a confirmation would follow soon.

The next day I received an email from Dell that had all the hallmarks of attempted fraud. Although it quoted my correct name, order number etc, it was poorly formatted and looked amateurish. My first thought was that fraudsters had intercepted my order or otherwise obtained details of my purchase.

The email asked me to provide an alternative email address and verify my residential address. This seemed strange since I had already provided those details. 

I replied to the email stating that I had already provided the details and had no intention of providing them again as I deemed it unnecessary when Dell had already been paid.

I received another email asking for the same details and advising me that I could cancel my credit card order and send money via a bank transfer. This made me even more suspicious.

The author of the email advised me that they required verification because I was using a "free email address".

To my knowledge half the world uses free email addresses. They had my money, my phone number, my residential address and my email address. What more could they want?

Because I expected this was an attempt to defraud me or Dell, I cancelled my order and ensured the $1258 was refunded.

If it was an attempt at fraud by a third party, then obviously it's no fault of Dell's, however, if it wasn't a fraud attempt, it demonstrates what would be best called a piss poor business practice.

The concept of a customer for life doesn't enter my thoughts now that I think of Dell. They've lost me forever.

Robin

Tuesday 23 June 2020

What I love about Gmail

Photo by Kon Karampelas
There are hundreds of email clients and a few big names ones like Outlook, Mail, Yahoo, Gmail, and the 32 described here, probably the tip of a large iceberg.

There are also numerous subscription email clients like ProtonMail that also have free (limited) versions. 

Many of them are no doubt excellent but if you've been using the same client for years, perhaps it's time to review whether it is doing exactly what you want. Or perhaps you want an alternative email account for a business, sports club or another specific purpose.

For example, you may want a "conservative" account for business purposes and a less conservative account for general communication. When I was involved in recruitment for an Australian Government agency, you'd be surprised at the number of email addresses that applicants submitted that were really inappropriate eg, "hotrodjamie@something.com" or "pleasurepuss@something.com".

It's not a good look when you're applying for a job!

Why I love Gmail

I've tried numerous email clients throughout the years and I love Gmail because it's:
  1. easy to load and use
  2. available on all my devices
  3. available to use offline
  4. capable of using encryption for all messages
  5. capable of providing rules for filtering
  6. able to send "out of office" messages
  7. has a confidential mode
  8. allows multiple addresses to be used receiving and sending email
  9. is free with plenty of storage
  10. able to download and distribute large attachments
There are several features you may not know about, so I'll briefly explain those.

Encryption

Some email clients provide it, some don't.

Encryption means that between you and your recipient, your message is encrypted and if intercepted by a third party, cannot be read. These days, this should be a necessity.

Confidential Mode

This is another great capability designed to improve security and privacy.

With confidential mode you can:

Prevent your messages being forwarded, copied, printed or downloaded, set an expiry date and require a passcode to access. The code can even be sent to a recipient via SMS.

These features are recommended when sending information that is sensitive. For example, if I sent my bank account details to someone, I can use confidential mode.

The expiry feature means that a day or two after I send it, nobody else will be able to access it.

With ordinary email, although it's encrypted during transit, while it sits in your email sent box and your recipient's inbox, it's vulnerable to being viewed by someone else using your device or who may have hacked into your device.

It's an excellent feature and one you shouldn't live without.

Multiple Addresses

There are two parts to this topic. One is about your email address that can use a suffix and the other about the different incoming and outgoing addresses you can use.

First - Gmail provides a capacity to add a suffix to your existing address eg, say your address is charlie@gmail.com. You decide to sign up to a subscription with G-Man Magazine. Instead of using your charlie@gmail.com address as is, you could use charlie+gman@gmail.com.

Adding the suffix provides several benefits. You can use as many as you want for different people and organisations and when you receive them use a Rule to Filter them into a specific Folder. 

If you find a specific address you have allocated is spamming you, you can set up a Rule to Delete the messages when they arrive. You can also contact the organisation to which you provided your address and inform them about the spam.

There are several other alternative characters and options you can use. If you want to explore it further, look in the Gmail Help section.

The second option relates to alternative email addresses you might have. You can do this:

  1. Set up another Gmail account and redirect it to your charlie@gmail.com inbox. My wife and I use this setup. We have a formal address we use for business matters such as dealing with banks, insurance companies etc. I explain how it works below
  2. Receive email from alternative email client accounts in your Gmail inbox and send replies using that account's email address and not your Gmail address
Case Study A

Belinda and Charlie DOE are a couple. They share a common email account for their combined business and family affairs and have separate accounts for themselves to use with friends.

Their common "formal" email address is: bandcdoe@gmail.com

Belinda's personal email address is: belinda@gmail.com
Charlie's personal email address is: charlie@gmail.com

They have set up their respective personal accounts ie, belinda and charlie to receive everything sent to bandcdoe@gmail.com. Every formal email that involves their family goes to each of the inboxes so both Belinda and Charlie know what is happening. They never have to check the bandcdoe account because it has been set up to forward every incoming message to both of them.

When either party replies from their personal accounts, the recipient will see that it came from the joint formal address. However, if one partner sends an email from the formal address and wants the other partner to know, they need to CC or BCC them at their personal account.

Case Study B

Belinda has a cosmetics company called BC Cosmetics. She uses a Microsoft Outlook account for all company correspondence. Her address is info-bcc@outlook.com.

Belinda decides she doesn't want to open her Outlook account every day to check her email, so she has set up Gmail to receive email sent from her Outlook account in her personal belinda@gmail.com account. 

She's also set up Gmail so that when she replies or sends a message from BC Cosmetics via her Gmail account it appears to have been sent from her Outlook account.

Conclusion

Using the features provided by Gmail can make your communications efficient and uncomplicated. I've been using Gmail since it first appeared and have not come close to filling the free 15 GB storage capacity it offers.

Another serious consideration is the encrypted email. According to Australia's Scamwatch businesses are being scammed when, "Scammers intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they have been scammed.”

You cannot afford to use email that doesn't encrypt before sending.

Wednesday 29 April 2020

The Miracle of Late Life Popularity

I've never been so popular as I have since I turned 70.

As you can see by the image at left, just a few of the apparently attractive and needy young women who want relationships with me, I'm very popular.

It doesn't matter that I'm almost past my use-by date, or that I'm married, these young ladies are looking for a serious relationship with me. So they say.

I'm flattered.

However, at the back of my mind, I envisage a group of people sitting in a poorly lit room, littered with take-away food packages, beavering away snatching photos from the internet and pretending to be the lovely ladies you see here.

When I decided to respond to a couple of these "photos", it's a similar story:

  1. They live alone
  2. Are unemployed or between jobs
  3. Have trouble writing a complete sentence using sound grammar
  4. Are largely monosyllabic - "Ok"
  5. Are looking for a serious relationship - age or marital status doesn't matter
  6. Use the term "Babe" frequently (Maybe this is an Americanism, who knows)
After serving 12 years in police work and a lifetime of living, I can smell a scam a mile away.

Some of these photos say they are looking for a sugar daddy. At least that is honest and could have potential if they are actually the attractive young women they claim to be. 

One lady I chat with at least seems genuine, but in reality, you never know what is at the end of your text message. One way to decide, I guess, is when they tell you their mother has cancer and needs an operation, could you help with some finance.

Or perhaps, it might be a suggestion to fly from the US to Australia to meet you provided you buy a ticket or send them cash to buy one.

In life, everybody needs something. You can bet your bottom dollar these people need something too, whoever they really are.

Every year, millions of dollars are scammed off gullible, unsuspecting Australians, many from relationship scams. If you need a relationship, think about hiring a local escort, at least you'll get something for your money.