Picture this: you receive messages from people asking you to stop sending them invitations to buy anatomy enhancing medications, or send them money as they have been stranded overseas, or maybe just a link to a website that discharges a virus when visited.
The problem is that a bad person has got hold of your email address and has spoofed it by placing it in the From: field of an email message. By using your address rather than their own they make themselves less identifiable and their poison pen messages less likely to be trapped by spam filters.
What's worse, these messages often get sent to people you know. The real sender tries to rely on your good name to convince the recipients to follow their evil plan based on your trusted character.
How did this happen ?
What can you do about it ?
If you use the same password in more than one place change them for unique complex (more than 10 characters including upper case, lower case and numbers) passwords. You don't have to remember them as long as you use a (possibly free) password manager as explained in my earlier blog post.
Change your email account password - this is just precautionary but it can't hurt. Remember to update any mail clients you use with the same password.
Forward this blog entry to anyone who contacts you. That way they will understand that this problem is most likely not of your making and there is absolutely nothing you can do about it once your credentials are in the hands of a criminal. Quite soon the bad people will not have any value in your email address as it has been used so this problem will naturally end.
Yes it is a pain but it is such a common part of life today that most people are aware of the issue and are in a position to empathise.
To avoid having your internet access restricted by protective mail servers and service providers, and also avoid the thieves and cyber scoundrels that are ever present but all the more difficult to handle when travelling, follow these suggestions.
Enable two factor authentication and test it on all web facing applications on all devices at least a week before you set out. See my earlier post on this.
Don't do anything on public Wi-Fi that you wouldn't want posted on a roadside billboard. Sometimes that's not an option though so install a virtual private network that will create an encrypted tunnel to your home provider. My favourite is http://www.cyberghostvpn.com but others such as https://www.privateinternetaccess.com are sound.
Assume your device (phone, tablet, laptop...) will be stolen. Encrypt the entire disk with BitLocker or https://diskcryptor.net if running Windows or FileVault for OS X or LUKS for Linux distros. Android and IOS have similar apps.
General good practices such as logging out of each service before closing the window and using unique strong passwords should be part of SOPs but are especially necessary when on the move.
Similarly, shelter your screen and keyboard from overlookers both in person and via CCTV. And it should go without saying that a paid for updated firewall and virus protection suite are essential.
Finally, social networks are fun but if you post a picture from overseas you may as well broadcast to local villians that you are not at home. Be circumspect with the information you publish.
I'm sometimes asked why a client's messages are rejected or bounced by one or two recipients.
We all have an address on the internet – that is how an email message knows where to go. The problem is that when a suspected spammer or other person with nefarious intent has been traced back to his address, that address gets blacklisted on several lists to prevent more spam being sent. A selection of these blacklists are checked my most email providers to ensure they are not responsible for propagating rubbish.
Because there are more potentially internet connectable devices in the world than available addresses stale connections are dropped and when a new connection is requested a new address gets allocated. You have been unfortunate to have picked up the address that the bad person used.
There are ways of having it removed from the various blacklists but the time and effort involved is far more than the alternative method of resolution. Visit http://www.whatsmyip.org/ and make a note of the IP address on the top line. Now power off your computer and any other internet connected devices including the router. Count to 10 then power up the router. After a minute power up your computer and any other devices you want. Now visit http://www.whatsmyip.org/ and see if your IP address has changed. If so, send you email again and expect it to arrive. If the address is the same, go through the above process again but wait much longer before powering up the router - overnight perhaps.
The above works for the 95% of people who have dynamic IP addresses allocated by their ISP. If you have a static IP address (usually bought if you are a business hosting a server) then the above won't work; in that case you need to either get a new IP address issued by contacting your provider, or go through the process of proving to all the blacklist owners that you are not a bad person.
Contrary to all the advice that I and others have given to keep passwords secret, there is one occasion where it can help to have a trusted friend with knowledge. I recently received an email purporting to come from a client as follows:
I'm writing this with tears in my eyes, I and my family presently on a short trip to Rome, Italy. Unfortunately, I was robbed in the hotel I booked, all my valuables which includes cash, mobile phones were stolen during the attack but luckily I still have my passport with me.
I've been to the Embassy and the Police here but they are not taking the matter seriously. Please, I really need your financial assistance now because things are really getting tough on me here. Our flight leaves in few hours from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. Please, let me know if you can help us out?
Well I've received scores of identical messages in the past so I was in no doubt that the client's email password had been aquired by a bad person. I played along for a time by offering to help - until such time as I was instructed to make a (non-traceable) payment of £870 to a Western Union (spurious) address.
I wanted to protect my client from further misuse of their account but I could not reach him by phone. Clearly there was no point sending an email as they were being forwarded elsewhere. In this case, had I known the password I could have changed it and saved my client a little distress.
Unfortunately the password was not only 'protecting' the stolen Yahoo account, but it was identical to several others including the website from wence it was hacked. All of these had to be painstakingly changed. You may be assured that this client now heeds the age old advice to maintain a password manager and use long, complext and unique passwords. In fact I think he has enabled two factor authentication too. Unfortunately many of his messages and contact list were deleted and not backed up.
The golden rule is to assume that your Facebook (and other) accounts will be broken into one day. Your next potential employer or your ex-spouse's lawyer will be pouring over it. Don't ever publish anything you would object to being posted on a bill board outside your house.
If you look hard enough, Facebook does offer plenty of controls to guard against your details being harvested by the bad folks. Security settings and their defaults do get changed though, so it's a good idea to revisit this periodically. To save some time looking for the key components, here are some suggestions.
Please add a comment if you think this post can be improved.
The currently most frequent ailment I encounter is computer speed restriction. This is most often caused by the owner downloading – perhaps inadvertently – programs that are bundled with something else. The problem often starts with a new off-the-shelf computer; they are almost all stuffed with unwanted commercial software trials that purport to add value to your purchase. By coincidence they also boost the seller’s profits through partnership deals.
Another common route of entry is for the parasitic software to come bundled with the desirable. Acrobat Reader is a good example: search Google for a download location and several sites are presented, all of which come with a payload of partner products. Even Adobe’s own download contains McAfee Security Scan unless you opt out; so it is essential to read through any windows that appear to ensure you are not acceding to install potentially dangerous and unwanted software such as search toolbars or worse, malware ridden scams.
If you do get caught there are some automated tools that can help rid you of many problems. Try the following in order and stop as soon as the problem is resolved as these get more aggressive further down the list. I recommend taking a full image backup first in case things go from bad to worse.
All the above run in under 10 minutes as they target specific problems. For complete scans of the disk taking up to an hour to remove malware consider the free
Irrespective of what’s discussed above it is essential to install a paid for Internet security suite. And more than that, make sure all programs including Windows itself are kept at the latest versions. This can be eased by running a free version checker such as
Each year in the Autumn I review the comparative group tests of the major labs to glean the consensus of the ‘best’ security product. That is the one I buy many licenses of at wholesale prices and recommend to anyone who’ll listen.
The labs I generally look at are
No one lab will give the definitive best product as they
So I look at all and form my own opinion based on the consensus. Although all the labs are independent, some are commissioned to conduct tests by one of the anti-virus companies and those companies usually get a good score. This is not because of anything underhand but shows that the issues found have been corrected. As long as the reader is aware of this it is not a problem as the other products are tested on a level playing field.
I read through many reports and assess the value of the most recent evaluations. I then form an almost subjective opinion based on objective criteria.
:: Next >>
|<< <||> >>|