Gmail – some features

There are a few newer features added to Gmail in the past year or so that can be annoying to some, helpful to others.

Gmail NudgesOne newer feature is called Nudges. Do you forget to answer emails? Gmail can nudge you now to answer the email. I had noticed there was an older email (4 days old) that I wanted to wait to answer. All of a sudden the email was at the top again. In the subject line there was orange print that said “Received 4 days ago. Reply?” You can choose to reply or even “snooze” the email. If you snooze it, it will go into a new folder called “Snoozed”. This can be enabled or disabled in Settings.

“Smart Reply” is another newer feature. The first time I saw it, I was a little confused because I hadn’t read anything about it. These are the words that show up at the bottom of an email that allow you to choose a canned response. For instance, based on words in the email (yes that’s creepy), I’m looking an email that ends “How’s that sound?” and the canned response choices are: “Sounds good to me.”, “Sounds like a plan.”, and “Sounds great!” So I could choose any one of these quick replies. I can usually tell when I’ve gotten one of these from somebody. These Smart Replies can be enabled or disabled in Settings. This picture shows the instructions for disabled from your iOS device.

Another newer feature is the “Hover Actions” where you can hover over the email list and delete or label while in the list. This action can be enabled or disabled in Settings.

You can now add a split view to Gmail where you can see the list of mail on the site and a pane with email to the side or top of it (horizontal split or vertical split). If you have a wide screen, it makes it nice to work with.

Gmail

If you have a gmail account, did you know that your email address can also have dots in it and you’ll still get it? For example, if your address johndoe@gmail.com, it won’t matter if you send to john.doe@gmail.com. You can even send it to j.o.h.n.d.o.e@gmail.com and still get it. Most mail systems do not allow this. Apparently this has been like this for some time.

We found out recently when we saw an article from ZDNet about how scammers are exploiting this by registering for different websites under your email but adding the dots. It may be sites like Netflix, Amazon.com, or eBay. They would see the dotted account email as a different one.

One group has used a variation to obtain credit cards. They have filed tax returns, registered for trial accounts, USPS change address requests, collecting Social Security benefits, apply for unemployment benefits, and apply for FEMA disaster relief.

The article brought out two other things that could be exploited. First, Google allows + signs – you can send email to johndoe+someword@gmail.com and johndoe@gmail.com will get it. Second, before gmail.com it was googlemail.com and if you use johndoe@googlemail.com, johndoe@gmail.com will still get it. Yes this has been tested and confirmed.

Collection #2-5 Breach

Just a couple weeks after Collection #1 Breach was identified, there come Collection #2-5 Breaches. There are an estimated 2.2 billion unique accounts compromised in this breach.

The site we usually check for breaches (HaveIBeenPwned.com) has not been updated yet. In the meantime, you can use the Hasso-Plattner Institute’s tool to check. When you enter your email into this tool, it will email you a report of what has been found in a breach.

Once again, we want to stress that you use a password manager, use hard to type or guess passwords, use 2FA where available.

Gone Phishing

Phishing Quiz
You’ve gotten those emails asking to click on something. It could be to learn how to make more money, or maybe someone has your information, or something that really looks legitimate. They prey on people hoping to get more of your personal information.

Google’s Jigsaw unit has a phishing quiz. The Victor crew suggests you take it to see if you can spot some phishing emails/sites. It is only 8 questions long but it may help you be on the ball. You start out by making up a name and email for the quiz. Some are phishing and some are legitimate. See if you can spot the imposters:

Take the quiz

Source: Google Blog

Beginning days of Email

Remember when people were first getting connected in the late 90s and early 2000s? Emails would travel round and round to everybody and their friends and family. No one would think twice about getting a joke and feeling the obligation to pass it on to everyone in their address book. Not so much anymore.

I wax nostalgic remembering all the emails and then going to Snopes.com to look up the stories to see if they were true. Snopes was the “fake news” buster everyone would check with. Fake news can come in different format these days. It can be a tweet, a post, or even a news article. Snopes still has it covered. They have changed the format of their website quite a bit. They have sections called What’s New, Hot 50, Fact Check, News, Video, and Archive. They even have a Random button that will bring a different item every time you click it.

While looking at their site, we found they are trying to raise some money to keep going. You can visit their GoFundMe page.

So whether it’s a preposterous post, nonsensical news, or a totally thin tweet, you can still look it up at snopes.com!

Yahoo!

Yahoo has recently been in the news again lately due to yet another problem with data breaches. Having a Yahoo account, this Victor crew member has received an email from Yahoo about it.
Yahoo Email
In this message, they tell me that they are investigating the creation of forged cookies. They say they are taking steps to secure accounts. They say this forged cookie may have been created in 2015 or 2016 and they believe it to be connected to the September 22, 2016 data theft. They also give some actions you can take.

They suggest using a Yahoo Account Key which is something we will investigate ourselves at a later time. This user is on the verge of dismissing this account altogether although it was my first email created back in the 90s. I have added 2-step verification as well as changed the password.

Yahoo Email
Another email as a reminder from Yahoo states a reminder to secure to secure the account. They suggest updating to the Yahoo Mail app on android or iOS. They suggest to turn off insecure apps.

Yahoo Email
As I logged into the account after the above emails, there was a link to update security settings to block apps with less secure login. I am not sure what this entails yet, but will let you know when I find out.

Encrypt your email

There’s a standalone app called PassLok. It will encrypt your email on your device or in your (Chrome) browser. It can be used as a webapp, on Android, Chrome, or iOS. It works through private and public keys when you send an email. Only you should be able to open the encrypted email (as long as you don’t give the key out). You can watch the short video below to learn the specifics of how it works.

You can learn how to use it here.

Phishing for your credentials

Google and the University of California, San Diego conducted a study to analyze the effectiveness of email scams. The study ran from 2011 to 2014. They explored how criminals acquire credentials of their victims, how criminals monetized the account credentials and how Google gave control back to the victim.

They found accounts were hijacked most often through phishing. Most of the hijacking attempts came from China, Ivory Coast, Malaysia, Nigeria, and South Africa based on the geolocation of their ip addresses. Criminals attempted to access 20% the accounts within half an hour. . Victim’s accounts were found to be restored through SMS 81% of the time. A secondary email address helped 75% of the time. Without these to be relied on, they need to rely on secret questions and the causes the success rate to fall to 14%.

The ways criminals manually hijack an account consists of phishing the user’s credentials, installing malware on the machine to steal the credentials or trying to guess their password. The study was limited to phishing emails sent to victims and specifically to 100 emails selected at random from 5000 emails reported by users. They also used phishing pages that were detected by SafeBrowsing. They found that once they are into the account, the contacts are also targeted.

Of the hundred phishing emails studied January 2014, 62 of them contained urls that pointed to pages designed to impersonate a well-known site to trick users into putting in their credentials. The other 38 emails asked for users to reply to the email with their credentials. Since the emails with the links go to the page from the email itself, they found there wasn’t a referring website when they were tracking which confirmed when they were clicked on.

One surprise is that the most common email addresses being phished had the .edu top domain. The study reported that it was possibly due to schools having less robust spam filters and more social networks being used by the students.

The study estimated that 13.7% of visitors complete the web forms used in phishing, higher than they thought it would be. In order to get some data, they submitted 200 fake credentials into a random sample of phishing pages that asked for Google credentials. They recorded the times so they could follow the response times. They found 20% of the fake accounts were accessed within half an hour and 50% within 7 hours. Once logged in, they spent an average of 3 minutes to assess the value of the account before exploiting it. The criminals would look through email history for the victim’s banking information or what they flagged as important.

The hijackers would spend some time going through emails and contacts to see how they could monetize the account. They found some of the scams to consist of story to pull at people’s heartstrings in order to try to make some money.

What you can do:
Use 2-factor login. Check your account often. Have backup email address or SMS number available for account recovery.

Jody Victor

Email may just have gotten easier…

Microsoft and Godaddy have partnered to make it easier small businesses to use Office 365. The email will be connected to your domain name. Plans start at $3.99 per user per month for 5GB storage. This includes 2GB storage on SkyDrive. The other plans offer 50GB email storage and 25GB storage on SkyDrive for $8.99 per user per month; for $12.49 per user per month, you get full access to Office 365 with desktop apps on up to 5 PCs and Macs and access to mobile apps on iPhone, Android, and Windows phone.
Learn More

Jody Victor® discovers a site dealing with communication and technology manners

Jody Victor wondered about proper communications with today’s technology and found a site that has several articles dealing with “etiquette” by Emily Post.

She has a section on being a Good Conversationalist which also covers some American sign language. Another section on Notes and Letters that includes E-vitations, a section on telephone, cellphone, and texting manners, a section on personal communication devices which includes articles on smartphone and tablet use, video and conference call etiquette, mobile and texting manners. Finally there is a section on computers and communication which covers iPad etiquette, using computers in public, LinkedIn networking tips and email tips.

Jody hopes you will take the time to read some of these articles.