Tag Archive for email

| December 11, 2024
Comments Off on Master Email for Business Efficiency

Master Email for Business Efficiency

Master Email for Business EfficiencyEmail is one of the best things that has happened to business efficiency since telephones landed on the office desk.  For instance, in 2023, global electronic mail (email) traffic reached approximately 347.3 billion messages daily.  To put this into perspective, imagine stacking 4,021,296,296,296 standard 8.5″ x 11″ sheets of paper.  This stack would equal seven trips to the Moon.  Moreover, by 2026, email traffic is expected to surpass 390 billion.

people misuse and misunderstand the technology in many waysDespite its popularity, people misuse and misunderstand the technology in many ways.  Therefore, remember to treat office messages as potentially accessible by authorized parties.  For example, your boss can legally read your communications if you’re an employee.  Similarly, your information technology department can probably read your mail if you’re the boss.

Email is impossible to destroy

Once you hit the “Send” button, your note is gone and impossible to destroy.  Consequently, for several reasons, you will never know who received a forward or what hard drive your note lives on.

Human Error:

  1. Misaddressing: Typing the wrong address can lead to messages being sent to unintended recipients.
  2. Reply All: Accidentally clicking “Reply All” in a group mail can broadcast the message to everyone on the list.
  3. Forwarding: Recipients may forward the message, even if the original sender intended it to be private.

Technological Issues:

  1. Data BreachesEmail Spoofing: Malicious actors create messages that appear legitimate, tricking recipients into opening them.
  2. Data Breaches: Compromised email servers allow hackers to access and distribute emails.
  3. Clients and Servers: Bugs or vulnerabilities can lead to unauthorized access.

Organizational Factors:

  1. Lack of Clear Policies: Organizations without clear communications confidentiality policies may lead to misuse.
  2. Inadequate Training: Employees unaware of email risks may mishandle sensitive information.

Email is more like a virus.

You’re mistaken if you think online correspondence is temporary, like a phone call.  Instead, it’s more like a virus that you can’t cure.

Even with electronic mail’s many benefits and entrenched position in users’ lives, many users post like their mothers never taught them online manners.  To address this, some fundamental mail rules (Netiquette) help create a positive and respectful online environment.

The first rule is to avoid using ALL CAPS, as it conveys shouting.

Another email gaff is a subject line like’ IMPOR—T—PLEASE, READ,’ which often leads to less critical content.  These subject lines are like a bait-and-switch itch for unimportant messages.  In contrast, if it were essential, the subject line would read something like “Evacuate-Kitchen Fire.”

Subject lines

Subject lines should summarize emails, aiding busy readers in prioritizing.  Remember when you were in fifth grade, and you learned how to pull the “main idea” out of a story?  If you wondered why, you learned that now you know: It was because your teacher knew that email would be invented and was teaching you how to complete the subject line.
 
Another no-no is the hanging subject line that continues in the email body.  Clearly, this is someone who struggled with the “main idea” concept in Mrs. Jones’s fifth grade.

Don’t send an email

Don't send an e-mailDo not say negative things in online correspondence.  DON’T!  (Yes, I yelled.) Negative messages are likelier to find their way into a courtroom because people don’t sue each other for happy things.  Remember.  Written words create a record that may need defending later.  The heat of the moment has a funny way of playing out in court years later.
 
Next, let’s look at it from a human perspective.  Negative email words linger, affecting readers each time they revisit the message.  Furthermore, the written word seems much weightier than the spoken word.  Balancing tone in writing is challenging; written words often carry more weight than spoken ones.  Therefore, if it’s negative, get up from your desk and see the person.  Could you not send them an email?
 

rb-

 
Do yourself a favor and remember one thought: electronic mail is forever.
 

Related article

Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005.  You can follow me on Facebook or Mastodon.  Email the Bach Seat here.

Category: Uncategorized | Tags: , ,
| September 28, 2024
Comments Off on Job Scams That Will Compromise Your Safety

Job Scams That Will Compromise Your Safety

Job Scams That Will Compromise Your SafetyJob scams are on the rise. NBC reports that they increased by 118% from 2022. Job scams are essentially fake job postings. The scammer is trying to access your bank account and looking for your personal information. The rise in remote work and advancements in AI have made it easier for scammers to create convincing fake job listings.

Mark Anthony Dyson has written an interesting article on the Job Scam Report about conducting a safe job search. He warns that job scammers are hijacking the hiring process to steal personal information in the long run. However, they are also after cash in the short run. According to the FTC, the typical job scam victim in 2023 lost $2,000. Additionally, the article details five myths about job scams that are putting job seekers at risk.

Your future

Dyson says that bad guys are running scams to compromise personal info. The Better Business Bureau reports that employment scams were the number one riskiest scam for people ages 18-44 in 2023. Consequently, if scammers get hold of data, your future financial and employment will be adversely affected. 

He points out that most scams are just old scams with new layers and better disguises. They use basic social engineering tactics, like phishing links, infected files, and fake landing pages. We’ve known about all of these tactics for decades.

Dyson says some job seekers let their guard down, and others give up on their job search. However, this critical error in judgment makes everyone more vulnerable to job scam myths like:

Job scams ONLY target the desperate.

Scammers use social engineering to cast a wide net.False: Scammers use social engineering to cast a wide net. They want to find anyone looking for something better. They create offers that are “too good to be true” and uniquely plausible. The “offers” are designed to pique the interest of the receiver. The BBB warns that if you are offered a job without a formal interview with excellent pay and benefits, it’s likely a scam.

How to stay safe: Don’t entertain the possibilities unless you know who sent it to you. One way to verify the sender is to search for the number quickly in Google. If the number is associated with a legitimate business, you should see that the business’s website appears in the first few results. Verify that the number shows up on that business’s website.

Job scams are easy to spot.

False: Job scams evolve just as the job market changes. The author points out that job scams increase when unemployment and uncertainty rise. The growing use of AI is currently driving this trend.  

How to stay safe: Read articles like this about job scams. In addition, check out the Better Business Bureau’s Scam Tracker, which catalogs over 34,000 scams. The BBB is working closely with the FBI to identify scammers.

Legitimate companies won’t ask for personal or financial information.

Legitimate companies don't ask for personal information upfrontTrue: Legitimate companies don’t ask for personal information upfront as a candidate. Once hired, your personal information, such as your social security number or bank account, is necessary, but not before you are hired. Moreover, the BBB states you should be especially wary if someone pressures you to divulge your information, saying the job offer will only last if you fill out all the forms.

How to stay safe: Follow your instincts. Never give sensitive information to anyone you aren’t sure you can trust. Does something seem “a little off?” If that is the case, disconnect and report the crime to the FBI’s ic3.gov or the FTC. You should also contact the job board if that’s where you encountered the scam. Most job sites have a mechanism for reporting these types of issues.

Additionally, Dyson says you must contact the appropriate institutions (bank, credit card, etc.) if you have given up your personal information, cash, or both.

Once scammed, you’ll know how not to get scammed again.

False: No matter how tech-savvy you may be, you are still vulnerable to social engineering tactics. You can be a victim more than once. Different scams can look the same. The bad guys take advantage of job seekers who are desperate and anxious; others are curious due to the “desirable” opportunity they seek.

How to stay safe: You must do your due diligence and research every part of your job search to ensure the opportunity is legitimate. Research the person who contacted you. Look them up. A quick LinkedIn search should reveal if they work for the company they claim to represent. Additionally, you can find the company’s contact information on their official website (check the URL) and contact them directly to ask if they are hiring for the position you’re applying for. You can go even further and verify the website at ICANN here. If they say they’ve been in business for five years, but the website was created a week ago, that is a huge red flag for a job scam.

Once scammed, there’s nothing more to do.

your personal information is their end gameFalse: Once you’re an online scam victim, the work is just beginning. The scammers may have gotten away with some money, but your personal information is their end game. They want to steal your identity and cause damage to YOUR NAME:

They can use your personal info to:

  • Get bank accounts.
  • Open Credit cards.
  • Incur Medical care resulting in medical bills.
  • Apply to multiple jobs in the same company.
  • Scam other people.

How to stay safe: Start before they scam you. Be proactive and protect your personal information. The author suggests you:

  • Regularly change your passwords.
  • Freeze your credit and bank accounts and credit reports.

Furthermore, if you fall victim to a scam, tell your network. The scammers can create social media accounts to scam others in your name.

Related article

 

Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005. You can follow me on Facebook or Mastodon. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| November 23, 2019
Comments Off on The Internet is 50

The Internet is 50

In 1969 Apollo 11 took man to the moon, Woodstock rocked, Sesame Street debuted, Wendy’s was founded and the Internet was born and crashed. On October 29, 1969, at 10:30 pm Pacific Time. The first use of the proto-Internet was attempted by UCLA student programmer Charley Kline. He was trying to log in to a system at Stanford.

proto-Intenet userOnly 2 characters were sent before the entire fledgling Internet crashed. About an hour later, after debugging a code translation problem caused by the UCLA computer using EBCDIC (Extended Binary Coded Decimal Interchange Code) and the SRI computer using ASCII (American Standard Code for Information Interchange), the first actual remote connection between two computers was established over what would someday evolve into the modern Internet.

ARPANET

The proto-Intenet was funded by the Advanced Research Projects Agency (the predecessor of DARPA). It is commonly believed that ARPANET was built to explore technologies related to building a military command-and-control network that could survive a nuclear attack. However, Charles Herzfeld, the ARPA director who would oversee most of the initial work to build ARPANET told ars Technica:

ARPANET was not started to create a Command and Control System that would survive a nuclear attack  … clearly, a major military need, but it was not ARPA’s mission to do this … ARPANET came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators … were geographically separated from them.

Oringal Internet 1969In its infancy, ARPANET had only four “nodes”:

Internet routers

Rather than being directly connected, physicist Wesley Clark suggested the mainframe computers connect to ARPNET via another device to off-load the connections. These devices were called Interface Message Processors (IMPs). IMP’s were the first network routers and built by BBN which used Honeywell DDP-516 mini-computers with 12K of memory. The early-ARPANET connected the nodes with AT&T 50kbps lines. This would allow additional systems to be added as nodes to the network at each site as it evolved and grew.

Some of the major innovations that occurred on ARPANET include;

  • Email (1971),
  • Telnet (1972)
  • File transfer protocol (1973).
As ARPANET grew interoperability grew as an issue. The solution proposed by Vinton Cerf and Bob Kahn in 1982 was TCP/IP. The evolution of TCP/IP allowed organizations of all sizes to began using Local Area Networks or LANs. A standard network protocol like TCP/IP then allowed one LAN to connect with other LANs.
ARPANET was operated by the military until 1990, and until then, using the network for anything other than government-related business and research was illegal. TCP/IP made it possible for anyone to get on ARPANET. As non-military uses for the network increased, it was no longer safe for military purposes. As a result, MILnet, a military only network, was started in 1983.ARPANET logical diagram 1977

NSFnet

NSFnet logoARPANET was slowly replaced by NSFnet (National Science Foundation Network) beginning in 1986. NSFnet first linked together with the five national supercomputer centers, then every major university. ARPANET was finally shut down in 1990. NSFnet formed the backbone of what we call the Internet today.

When ARPANET was shut down, Vinton Cerf, one of the fathers of the modern Internet, wrote a poem in ARPANET’s honor:

It was the first, and being first, was best,
but now we lay it down to ever rest.
Now pause with me a moment, shed some tears.
For auld lang syne, for love, for years and years
of faithful service, duty done, I weep.
Lay down thy packet, now, O friend, and sleep.

rb-

Len Kleinrock, a UCLA professor since 1963 who was present at the birth of the Internet, described the attitude of the early Internet for NBC News, “Allow that open access, and a thousand flowers bloom … One thing about the Internet you can predict is you will be surprised by applications you did not expect.”

That openness of the early Internet has given way to growing concern that the Internet has become centralized by a few major companies, compromised by governments, and monetized by the collecting and sharing of private data.

ars Technica notes that the first three characters ever transmitted over the precursor to the Internet were L, O, and L. Without ARPANET, there would have been no Internet.

The Internet is still laughing out loud at us.

Related Posts

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 29, 2019
Comments Off on Presidential Wannabe’s Don’t Use Email Security

Presidential Wannabe’s Don’t Use Email Security

Most Presidential Wannabe's Don't Use Basic Email SecurityWe are in the run-up to the 2020 silly U.S. Presidential election season. Not much has changed in the three years after Trump operatives Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign. Email security firm Agari reports that nearly all 2020 presidential candidates have learned nothing. They have not implemented email security. They are not protected against email attacks, fraud, and data breaches typically run by nation-states.

During the 2016 presidential campaign, the chairman of Hilary Clinton’s campaign, John Podesta, was the victim of a spear-phishing attack. That attack led to the now-infamous WikiLeaks email publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari’s CMO, Armen Najarian, explained the importance of DMARC email protection;

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.

Which campaign practices email security

ClownsData released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed her campaign staff, potential donors, and the public.

Agari suggested in a blog post that the remaining 11 candidates it checked do not use DMARC. This includes Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. All do not use DMARC on their campaign domains to secure their email accounts. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks.

Agari also analyzed advanced email security controls of the campaigns. They found that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite.

Email alphabet soup

DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. DMARC records are published alongside DNS records, including:

  • SPFemail security
  • A-record
  • CNAME
  • DKIM

Matt Moorehead at Return Path explains that DMARC is the latest advance in email authentication. DMARC ensures that legitimate email properly authenticates against established SPF and DKIM standards and that fraudulent activity appearing from domains under the organization’s control is blocked. Two key values of DMARC are domain alignment and reporting.

DMARC’s alignment feature prevents spoofing of the email “header from” address. To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC flowrb-

Using email authentication to prove that an email comes from the person it says it is is important because nearly 30% of advanced email attacks (PDF) come from hijacked accounts. Without email, authentication accounts are vulnerable to email security-initiated breaches – attacks typically run by nation-states. The 2018 Verizon DBIR found that nation-state groups accounted for at least 23% of the attacks in successful breaches by an outsider.

DMARC is a widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy. DMARC helps protect customers and brands; it discourages cybercriminals, who are less likely to target a brand with a DMARC record.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| January 19, 2019
Comments Off on Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver - Bolsters Email SecurityCompetition in the email security market is intense. Most of the major endpoint security companies, Barracuda, Cisco (CSCO) Fortinet (FTNT), Mimecast (MIME), and Proofpoint (PFPT), have moved into email security — emphasizing training services to mitigate rising phishing threats. Plus, Microsoft (MSFT) has pushed into email security services that wrap around its core business productivity software Office 365.

email securityThe global email security market is expected to reach $18 billion by 2023, expanding at 22% from 2016, this report asserts. This growth has drawn the attention of venture capitalists. The latest VC deal is unique in that the smaller company is buying the larger firm.

Publicly traded Zix (ZIXI) is acquiring AppRiver for $275 million in cash. Zix is a Dallas-based maker of email archiving and security products including ZixMail which manages the key management to provide end-to-end email encryption that protects messages and attachments.

Zix is acquiring AppRiver AppRiver is a privately held Florida-based MSP-friendly cybersecurity and Microsoft Office 365 cloud solutions provider specialist. AppRiver, founded in 2002, supports more than 60,000 companies globally in 2019.

Zix and AppRiver each have about 260 employees. As part of the M&A plan, Zix expects to generate about $8 million in cost synergies — which typically means that layoffs are coming. AppRiver CEO Michael Murdoch is exiting the combined firm. Zix CEO David Wagner would not rule out further job cuts.

cost synergiesCEO Wagner has lined up financial backers to help finance the AppRiver deal. Among the financial players are:

True Wind Capital will make a $100 million equity investment with the closing of the AppRiver acquisition.

SunTrust Bank and KeyBanc Capital Markets committed to a new five-year $175 million term loan and a $25 million revolving credit line.

The combined company, known as Zix, expects to generate roughly $200 – $207 million in annual recurring revenue in fiscal 2019, up 11% – 15% year over year. The deal is expected to close by March 31, 2019. Bu purchasing AppRiver, the new Zix will grow its channel from about 400 to 4,000 partners and its customer base will go from 20,000 to 60,000.

AppRiver is no stranger to acquisitions as it worked to position itself as a one-stop-shop for commercial cybersecurity services.

In October 2017, VC firm Marlin Equity Partners purchased a majority stake in AppRiver with intention of expanding its global footprint.

In March 2018, AppRiver acquired Canadian company Roaring Penguin for its anti-spam and machine learning technologies. In October of 2018, AppRiver acquired Total Defense, a provider of subscription-based endpoint security for consumers and small businesses.

rb-

The last three places I have worked were AppRiver or Zix shops. It makes sense email is the gateway to the cloud for many firms. Email is mission-critical and complicated to secure so it gets moved to the cloud.

My experience with both firms was OK. We were an earlier adopter of hosted Exchange from AppRiver and then at a re-seller. In keeping with industry trends, my current employer moved from Zix as we moved to O365, maybe this deal is a year too late.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries