Yahoo!

Yahoo has recently been in the news again lately due to yet another problem with data breaches. Having a Yahoo account, this Victor crew member has received an email from Yahoo about it.
Yahoo Email
In this message, they tell me that they are investigating the creation of forged cookies. They say they are taking steps to secure accounts. They say this forged cookie may have been created in 2015 or 2016 and they believe it to be connected to the September 22, 2016 data theft. They also give some actions you can take.

They suggest using a Yahoo Account Key which is something we will investigate ourselves at a later time. This user is on the verge of dismissing this account altogether although it was my first email created back in the 90s. I have added 2-step verification as well as changed the password.

Yahoo Email
Another email as a reminder from Yahoo states a reminder to secure to secure the account. They suggest updating to the Yahoo Mail app on android or iOS. They suggest to turn off insecure apps.

Yahoo Email
As I logged into the account after the above emails, there was a link to update security settings to block apps with less secure login. I am not sure what this entails yet, but will let you know when I find out.

Encrypt your email

There’s a standalone app called PassLok. It will encrypt your email on your device or in your (Chrome) browser. It can be used as a webapp, on Android, Chrome, or iOS. It works through private and public keys when you send an email. Only you should be able to open the encrypted email (as long as you don’t give the key out). You can watch the short video below to learn the specifics of how it works.

You can learn how to use it here.

Phishing for your credentials

Google and the University of California, San Diego conducted a study to analyze the effectiveness of email scams. The study ran from 2011 to 2014. They explored how criminals acquire credentials of their victims, how criminals monetized the account credentials and how Google gave control back to the victim.

They found accounts were hijacked most often through phishing. Most of the hijacking attempts came from China, Ivory Coast, Malaysia, Nigeria, and South Africa based on the geolocation of their ip addresses. Criminals attempted to access 20% the accounts within half an hour. . Victim’s accounts were found to be restored through SMS 81% of the time. A secondary email address helped 75% of the time. Without these to be relied on, they need to rely on secret questions and the causes the success rate to fall to 14%.

The ways criminals manually hijack an account consists of phishing the user’s credentials, installing malware on the machine to steal the credentials or trying to guess their password. The study was limited to phishing emails sent to victims and specifically to 100 emails selected at random from 5000 emails reported by users. They also used phishing pages that were detected by SafeBrowsing. They found that once they are into the account, the contacts are also targeted.

Of the hundred phishing emails studied January 2014, 62 of them contained urls that pointed to pages designed to impersonate a well-known site to trick users into putting in their credentials. The other 38 emails asked for users to reply to the email with their credentials. Since the emails with the links go to the page from the email itself, they found there wasn’t a referring website when they were tracking which confirmed when they were clicked on.

One surprise is that the most common email addresses being phished had the .edu top domain. The study reported that it was possibly due to schools having less robust spam filters and more social networks being used by the students.

The study estimated that 13.7% of visitors complete the web forms used in phishing, higher than they thought it would be. In order to get some data, they submitted 200 fake credentials into a random sample of phishing pages that asked for Google credentials. They recorded the times so they could follow the response times. They found 20% of the fake accounts were accessed within half an hour and 50% within 7 hours. Once logged in, they spent an average of 3 minutes to assess the value of the account before exploiting it. The criminals would look through email history for the victim’s banking information or what they flagged as important.

The hijackers would spend some time going through emails and contacts to see how they could monetize the account. They found some of the scams to consist of story to pull at people’s heartstrings in order to try to make some money.

What you can do:
Use 2-factor login. Check your account often. Have backup email address or SMS number available for account recovery.

Jody Victor

Email may just have gotten easier…

Microsoft and Godaddy have partnered to make it easier small businesses to use Office 365. The email will be connected to your domain name. Plans start at $3.99 per user per month for 5GB storage. This includes 2GB storage on SkyDrive. The other plans offer 50GB email storage and 25GB storage on SkyDrive for $8.99 per user per month; for $12.49 per user per month, you get full access to Office 365 with desktop apps on up to 5 PCs and Macs and access to mobile apps on iPhone, Android, and Windows phone.
Learn More

Jody Victor® discovers a site dealing with communication and technology manners

Jody Victor wondered about proper communications with today’s technology and found a site that has several articles dealing with “etiquette” by Emily Post.

She has a section on being a Good Conversationalist which also covers some American sign language. Another section on Notes and Letters that includes E-vitations, a section on telephone, cellphone, and texting manners, a section on personal communication devices which includes articles on smartphone and tablet use, video and conference call etiquette, mobile and texting manners. Finally there is a section on computers and communication which covers iPad etiquette, using computers in public, LinkedIn networking tips and email tips.

Jody hopes you will take the time to read some of these articles.