Source: This article was Published forbes.com By Lee Mathews - Contributed by Member: James Gill

The Internet is a very leaky place. Security researchers find new servers spilling private data with alarming regularity. Some incidents have involved well-known, reputable companies. This one does not. It involves a server that helped cyber criminals run a massive SPAM campaign.

While investigating massive spam-producing malware network, security researchers at Vertek Corporation made an unexpected discovery. One of the servers linked to the malware hadn't been properly secured. Anyone who had the IP address of the server could connect at will and download a massive cache of email addresses.

Vertek tallied more than 44 million addresses in total. Of those, more than 43,500,000 were unique. The data was broken down into just over 2,200 files with each one containing more than 20,000 entries.

Bleeping Computer was provided with a list that broke down which email services were the most popular with the spammers. Yahoo addresses were the most common, at nearly 9 million. AOL was a close second at just over 8 million. Comcast addresses were the third most common at around 780,000.

The numbers fall sharply after that, with none breaking half a million. Many of the addresses that appear are provided by ISPs like AT&T, Charter, Cox, and SBC. Curiously enough, very few Gmail accounts were listed. Bleeping Computer thinks that may be because the database Vertek was able to access only contained part of the spam server's address book. It's also possible that these particular domains were chosen to target a specific type of user.

Vertek's researchers have shared their findings with Troy Hunt, who is analyzing the list against the already massive database he maintains at the breach notification service HaveIBeenPwned.

It wouldn't be at all surprising if Hunt discovers that all 43 million addresses were already exposed by other leaks or hacks. Why? Because at least two other leaks from spam-linked servers contained way, way more.

In August of last year, Hunt processed a whopping 711 million addresses from a compromised server. Many of those, he determined, had been dumped before. The biggest leak involving a SPAM service involved twice as many emails. MacKeeper's Chris Vickery discovered a mind-blowing 1.4 billion addresses exposed by a shady server.

Categorized in Internet Privacy

Source: This article was published cnet.com By MATT ELLIOTT - Contributed by Member: Grace Irwin

Want to quietly opt out of an email chain or take back that pathetic note to your ex? Gmail can help.

Google overhauled Gmail with a new look and a host of new features including Smart Compose, and you can get the new Gmail right now. While the new additions are appreciated, Gmail has a number of oldies but goodies that you may have overlooked. Here are seven such features that make Gmail awesome.

Mute annoyingly noisy email threads

Muting group texts are probably the single greatest thing about owning an iPhone at Cricket Wireless) (or at least texting on an iPhone), and Gmail offers a similar ability to mute noisy email threads. If you got put on a group email and no longer care to follow the back-and-forth replies, you can opt out. Open the thread, click the triple-dot button at the top and click Mute. The conversation will be moved to your archive, where it will remain even when more replies arrive. 

If you later get curious about what you missed, you can always find it in the All Mail view of Gmail, which includes your archived messages. You can then unmute the conversation if you so choose by opening the conversation and clicking the Move to Inbox button at the top of the page.

Send and archive for the win

You can add a second send option for all replies and email forwards that archives the conversation with your reply or forward. It's helpful for keeping your inbox orderly. And don't worry, the conversation will pop back up in your inbox if someone replies to it. To set it up, click the gear icon in the top right and go to Settings > General > Send & Archive, select Show "Send & Archive" button in reply and then scroll down and hit the Save Changes button. Now, you'll see a blue Send-and-archive chive button next to the regular Send button at the bottom of replies and forwards.

gmail-send-and-archive
Screenshot by Matt Elliott/CNET

Set undo send to 30 seconds

There's an undo option for emails you send and then immediately regret sending, whether it's because of a typo or your current emotional state. Or maybe you just hit send by accident when you were in the middle of composing your missive. Go to Settings > General > Undo, select the maximum time limit of 30 seconds and then scroll down and hit the Save Changes button. (The other options are 5, 10 and 20 seconds). After you hit send, look for the banner that pops up at the bottom of the screen that says "Your message has been sent." Click Undo to bring it back.

Hiding in plain sight: Advanced search

With Google behind Gmail, it's no surprise that Gmail offers powerful search functionality. You've likely used the search bar above your inbox to dig up an old email based on a keyword or sender, but it can do so much more. Click the little down-arrow button on the right of the search bar to open Gmail's advanced search panel where you can search for date ranges and attachment sizes, by subject line and with other filters.

gmail-advanced-search
Screenshot by Matt Elliott/CNET

Preview pane for an Outlook-like look

If you've got a big display, then I encourage you to make use of your luxurious screen real estate and use Gmail's preview pane. It makes Gmail look and feel more like Outlook, where you can view and respond to messages without leaving the inbox. Head to Settings > Advanced, click Enable for Preview Pane and then scroll down and hit the Save Changes button. You'll see a new button at the top of your inbox that lets you toggle the preview pane on and off and choose to split your inbox horizontally or vertically.

Choose your tabs

Gmail does an admirable job of filtering your inbox so the messages you care about go to your inbox while the rest get relegated to the Social or Promotional tabs. Go to Settings > Inbox > Categories and you can choose which tabs you want at the top. Or if you simply ignore all tabs other than your Primary inbox, then you can uncheck all but Primary for a streamlined, tab-less Gmail experience.

Email large attachments via Google Drive

There's a little Drive icon at the bottom of Gmail's compose window. It lets you attach files you have stored in Drive or simply send a link. For Google Drive formats -- Docs, Sheets, Slides and so on -- your only option is to send a link to the file. For other file types -- PDFs, Word docs, images -- you have the option of sending them as an attachment or a Drive link, which lets you share files larger than Gmail's 25MB size limit for attachments.

Categorized in Research Methods

Source: This article was published lifewire.com By Heinz Tschabitscher - Contributed by Member: Alex Grey

Keep Email Addresses, Private, When Sending to Multiple Recipients

Sending an email to undisclosed recipients protects everyone's privacy and makes the email look clean and professional.

The alternative is to send an email to multiple recipients while listing all their addresses in the To: or Cc: fields. Not only does this definitely look messy to everyone who looks at who the message was sent to, it exposes everyone's email address.

To send an email to undisclosed recipients is as easy as putting all the recipient addresses in the Bcc: field so that they're hidden from each other. The other part of the process involves sending the email to yourself under the name "Undisclosed Recipients" so that everyone can clearly see that the message was sent to multiple people whose identities are unknown.

How to Send an Email to Undisclosed Recipients

  1. Create a new message in your email client.
  2. Type Undisclosed Recipients in the To: field, followed by your email address in. For example, type Undisclosed Recipients.
    1. Note: If this doesn't work, make a brand new contact in the address book, name it "Undisclosed Recipients" and then type your email address in the address text box.
  3. In the Bcc: field, type all the email addresses that the message should be sent to, separated by commas. If these recipients are already contacts, it should be fairly easy to start typing their names or addresses so that the program will autofill those entries.
    1. Note: If your email program doesn't show the Bcc: field by default, open the preferences and look for that option somewhere so that you can enable it.
  4. Compose the rest of the message normally, adding a subject and writing the body of the message, and then send it off when you're done.

Tip: If you end up doing this often, feel free to make a new contact called "Undisclosed Recipients" that includes your email address. It'll be easier next time to just send the message to the contact you already have in your address book.

Although these general instructions work in most email programs, small variations might exist. If your email client is listed below, check its specific instructions for how to use the Bcc field to send a message to undisclosed recipients.

Bcc Cautions

Seeing Undisclosed Recipients in the To: field of an email is a clear indication that other people received the same email, but you don't know who or why.

To understand this, consider if you decided to send your email to just one name (not Undisclosed Recipients) and still Bcc other recipients. The problem that arises here is if the original recipient or any Cc'd recipients find out other people were copied on what they assumed was a private email. This can damage your reputation and cause bad feelings.

How would they find out? Simple: when one of your BCC recipients happens to "reply to all" on the email, that person's identity is exposed to all the hidden recipients. Even though none of the other Bcc names are revealed, the existence of a hidden list is discovered.

Much can go wrong here if any of the recipients reply with disparaging remarks about someone who is on the blind carbon copy list. This all-too-easy-to-make mistake could cost a co-worker her job or damage a relationship with an important client.

So, the message here is to use Bcc lists with caution and broadcast their existence with the Undisclosed Recipients name. Another option is to just mention in the email that it was sent to other people and that nobody should use the "reply to all" option.

Categorized in How to

Written By Rachel Summers

The Email was intended to make communication quicker and easier but sometimes it’s more of a hindrance than a help. We now spend too long at work checking emails, trying to find old emails, searching through relevant chains for the information you need or trying to delete old mail. It seems emails are put as a priority above too many other business activities.

Remember email is a tool to help not a priority. Here are ten tips to improve email management.

  1. Process Once a Day
  • In some businesses, you have to check email several times a day just to stay in the loop but you should only process them once a day. Try marking your calendar and setting your availability to busy to prevent interruptions.
  • Set aside a dedicate time in your daily life to process your emails. Prioritise the most important ones and then let the others go. Make a system that works for you, making sure you still acknowledge time-sensitive emails. Don’t let your email account run your life.
  1. Prioritize
  • The 80/20 rule is a great way of dealing with emails. “The 80/20 rule is the idea that twenty percent of inputs are responsible for eighty percent of outputs, meaning you should prioritize the twenty percent high-value emails which will lead to maximum output,” advises leading email marketing manager Angela Bradley, from the Australian Reviewer.
  • These prioritized emails should be replied to immediately, if not at least get back in less than three days. For the other eighty percent, you can allow yourself to take more time to reply if you do feel the need to engage with them.
  1. You Don’t Have to Reply to Everything
  • Don’t feel obliged to reply to every email, no reply can often say as much as writing out an email. If you spend your day replying to emails just to acknowledge you’ve received them it will take you away from the things that actually need doing. Only reply if the cost of replying doesn’t outweigh the benefits then it’s not worth worrying about. Especially when so many emails are sent out to more people than necessary or are impulsive and often not relevant to your work.
  • For those, you feel obliged to respond to create a folder for the lesser important emails that require responses. Set aside a day once every three days in a week to respond to these emails, it will take away the pressure to reply immediately and quell the fear of ignoring someone.
  1. You Don’t Have to Answer Everything Urgent
  • This may sound a little counterintuitive, but a lot of seemingly urgent emails resolve themselves without your assistance. Any urgent email about something going missing or not being able to get hold of a person are often resolved by themselves, wait an hour and see if you get a follow-up email. The follow-up email will declare if the situation has escalated or has been resolved.

  • This method also trains people to be more self-reliant and to have realistic expectations about how connected their colleagues can be to their inbox. This idea does require some common sense depending on which industry you work in, if you work in customer service and deal first hand with customers this will work differently.
  1. Use a Template
  • There is probably a trend to the things you respond to. Use a template if you find you are repeating yourself on a daily basis. Customize the template to fit the needs of the email and it could save you vital work hours.
  1. File into Categories
  • Folders, or labels for the gmail user, can be a great way to organize your mailbox. Use a relevant name system that works for you and sort them into a hierarchical structure. Remember just because you have folders and subfolders you don’t have to keep everything, don’t be afraid to delete messages you won’t ever need to look at again.
  • Prioritize, group, sort and file messages, this will make it easier to locate a specific email in the future. Create parent categories for broad subjects and then use subcategories related to more specific topics like a client or a work colleague’s correspondence.
  • Make sure you use obvious email subjects and put keywords in emails so they will be easy to relocate at a later date. Get help writing the best email subjects with UK Top Writers and Via Writing.
  1. Be Ruthless in unsubscribing
  • We’ve all been guilty in signing up to newsletters in the hope of getting a discount code, but these impulsive sign-ups can quickly clog up an inbox. If you find yourself repeatedly deleting this type of mail from your inbox it means you should probably unsubscribe immediately.
  • To quicken the unsubscribing process search your inbox for the term “Unsubscribe” and determine whose emails you continue to want and those you find useless.
  1. Send Less Emails
  • It may sound simple, but a golden rule of email management is if you send less you receive less. The less people you send the email to the less response you’re likely to get, so when you go to send that email think about who really needs to see this information.
  • If you want to send an email but do not really want a response use declarations not open ended questions. Questions will generate more emails, which will require you to give more attention to your inbox.
  1. Take It Offline
  • Email can be as destructive as it can be productive. Sometimes nuanced and often sensitive subjects can create inbox arguments. Words can easily be misconstrued and tone mistaken, and the outcome can be combustible. If you find yourself in an antagonistic discussion stop, take it offline. Pick up a phone or have a face-to-face interaction, it is likely to douse the flames before they become too heated. An aggressive chain email will not help any situation and will seriously damage work productivity.
  • Only write an email if it’s necessary and avoid using anything personal that could initiate conflict. If you are concerned your emails could be misunderstood use a writing service like Revieweal.
  1. Use Autoreply
  • The out of office message can have lots of alternative uses. Set it up to inform people you are minimalizing your email time, but put an emergency number or your assistant’s contact details for the sender to refer to. If you are receiving a high level of emails about one subject, maybe the time of a meeting or a certain piece of data, if it’s not highly confidential add this to an out of office message.
  • Like any regimes, there is no overnight results but the most critical step is sticking it for the long run. The keys tips to remember is not to let your inbox control you and to regular housekeeping to avoid being overwhelmed. At first, you may struggle but following these steps will, in the long run, simplify your life.

Rachel Summers is a social media manager with seven years’ experience in the industry, working for big and small companies, including Best British Essays. Rachel, in their free time, advises small and start-up businesses on their social media campaigns.

Categorized in How to

Internet Phishing Scam, Example 1

Here they are, revealed: the phishingcon games of the Internet. They prey on ignorance, tug your heart strings, and promise professional services while secretly taking your account numbers and passwords. Don't get suckered by these convincing phish emails and web pages! Take ten minutes and see what internet phishing and email scams really look like.

Probably the most damaging kind of email spoof is the "phishing" email. With this type of attack, a clever con artist is trying to lure you not to buy something, but to enter your account and password information, which can then be used for financial gain. Although eBay and PayPal are common targets, any company is fair game. This example above only shows one of many ways phishermen will attempt to con you into divulging your private information.

Be skeptical about any email that asks you to login through a link in the email. No legitimate online financial service will ever ask you to login this way.

Internet Investment Scam, example 2: Pump and Dump Investment

Like all con games, be they online or in person, the con man is trying to deceive you somehow. In this case, by artifically generating excitement around a stock, the con men can lure hundreds of people to purchase a particular stock. This purchasing excitement artificially inflates and "pumps up" the value of the stock, whereupon the con men will "dump" sell their own shares to reap the dishonest profits. This "pump and dump" spamming is a form of "phantom trading", which is illegal.

Be skeptical about any random unsolicited email that promises stock tips. If these were legitimate investment planners with legitimate stock advice, they would be dealing with their own existing clients, not recruiting via random email. As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Lottery Scam, example 1

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that claims you have won a prize. A legitimate lottery would not contact you via email; they would be calling you via telephone. And keep in mind: if you never entered the contest, how did you win? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Job Offer Scam, example 1

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.\

Be skeptical about any email that promises high profits for minimal investment. If it's too good to be true, it probably is a scam.

Internet 419 Scam, Example 1

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Phishing Scam, example 2

Like all "phishing" emails and web pages, a clever con artist is trying to lure you into entering your account and password information. While eBay and PayPal users are the people most targeted by phishermen, anyone is fair game for them. This example above only shows one of many ways they will attempt to con you into divulging your private login information.

Be skeptical about any email that asks you to login through a link in the email. No legitimate online financial service will ever ask you to login this way.

Internet Phishing Scam, example 3

Like all "phishing" emails and web pages, a clever con artist is trying to lure you into entering your account and password information. While eBay and PayPal users are the people most targeted by phishermen, anyone is fair game for them. This example above only shows one of many ways they will attempt to con you into divulging your private login information.



Be skeptical about any email that asks you to login through a link in the email. No legitimate online financial service will ever ask you to login this way.

Internet Lottery Scam, example 2

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that claims you have won a prize. A legitimate lottery would not contact you via email; they would be calling you via telephone. And keep in mind: if you never entered the contest, how did you win? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Phishing Scam, example 4

Like all "phishing" emails and web pages, a clever con artist is trying to lure you into entering your account and password information. While eBay and PayPal users are the people most targeted by phishermen, anyone is fair game for them. This example above only shows one of many ways they will attempt to con you into divulging your private login information.

Be skeptical about any email that asks you to login through a link in the email. No legitimate online financial service will ever ask you to login this way.

The 419 Internet Scam, Example 2:

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.



Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 3

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Scam: 419, example 4

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 5

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 6

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.



Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 7

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 8

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet 419 Scam, example 9

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that asks you to move money, especially large sums. A legitimate financier would use legitimate means to move that kind of money. Even if they were only semi-legitimate: why would they find random people through random email to move millions of dollars? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Lottery Scam, example 3

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.



Be skeptical about any email that claims you have won a prize. A legitimate lottery would not contact you via email; they would be calling you via telephone. And keep in mind: if you never entered the contest, how did you win? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Investment Scam, example 3: Pump and Dump Scamming

Like all con games, be they online or in person, the con man is trying to deceive you somehow. In this case, by artificially generating excitement around a stock, the con men can lure hundreds of people to purchase a particular stock. This purchasing excitement artificially inflates and "pumps up" the value of the stock, whereupon the con men will "dump" sell their own shares to reap the dishonest profits. This "pump and dump" spamming is a form of "phantom trading", which is illegal.

Be skeptical about any random unsolicited email that promises stock tips. If these were legitimate investment planners with legitimate stock advice, they would be dealing with their own existing clients, not recruiting via random email. As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Lottery Scam, example 4

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any email that claims you have won a prize. A legitimate lottery would not contact you via email; they would be calling you via telephone. And keep in mind: if you never entered the contest, how did you win? As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Investment Scam, example 4

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any random unsolicited email that promises stock tips. If these were legitimate investment planners with legitimate stock advice, they would be dealing with their own existing clients, not recruiting via random email. As with any smart skepticism: if it's too good to be true, it probably is a scam.

Internet Investment Scam, example 5

Like all con games, be they online or in person, the con man is trying to get you to entrust him with your cash or access to your cash.

Be skeptical about any random unsolicited email that promises stock tips. If these were legitimate investment planners with legitimate stock advice, they would be dealing with their own existing clients, not recruiting via random email. As with any smart skepticism: if it's too good to be true, it probably is a scam.

Source: This article was published lifewire.com By Paul Gil

Categorized in Internet Privacy

Phishing attacks are more rampant than ever before, rising by more than 162 percent from 2010 to 2014. They cost organizations around the globe $4.5 billion every year and over half of internet users get at least one phishing email per day.

The best defense companies have against phishing attacks is to block malicious emails before they reach customers with the DMARC (Domain-based Message Authentication Reporting and Conformance) standard. Brands must also work with a vendor that can offer email threat intelligence data revealing attacks beyond DMARC (e.g., attacks that spoof their brand using domains outside of the company’s control).

Unfortunately, no matter what companies do, some phishing emails will always make it to the inbox. And those messages are extremely effective—97% of people around the globe cannot identify a sophisticated phishing email. That’s where customer education comes in.

Here are 10 tips on how to identify a phishing or spoofing email. Share them externally with your customers and internally with your company.

Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name. 

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

screen_shot_2015_09_22_at_2_16_17_pm

Since My Bank doesn’t own the domain “secure.com,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for mybank.com to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from the email address with more than two-thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

Want to learn how to block phishing threats before they reach your customers? Check out our guide, Getting Started with DMARC.

Source: This article was published blog.returnpath.com By Estelle Derouet

Categorized in Internet Privacy

As a follow up to our recent article on how to spot and stop phishing attempts, we’re now going to focus on the difficulty of recognising phishing and email spoofing attempts on mobile devices and how to overcome this.

img src="https://www.beaming.co.uk/wp-content/uploads/SamPhone1-370x312.png" alt="Email spoofing: Mobile spoof email can be hard to detect" width="432" height="364" srcset="https://www.beaming.co.uk/wp-content/uploads/SamPhone1-370x312.png 370w, /

Beware the email address

Sometimes a spoof email seems to be from someone famous or well known, to attract the attention of the recipient.  Otherwise, it may be a trusted brand name. More sophisticated scams will appear to be from someone the user knows, usually through work. Email spoofing addresses tend to be a mixture of letters, numbers and meaningless words. Depending on the type of device and app you are using, this may be more difficult to spot on a mobile device as they often just display the sender’s “Friendly name” and the email address itself is more difficult to find.

To display the sender’s email address you’ll need to open the email. At the top, underneath the “From” and “To” lines, you should find a link entitled “Details” or “View detail.

img src="https://www.beaming.co.uk/wp-content/uploads/Samphone2.png" alt="Email spoofing: How to view a sender's email address on mobile" width="236" height="430" srcset="https://www.beaming.co.uk/wp-content/uploads/Samphone2.png 236w, /
Once clicked, this will expand the “From” and “To” details so that you may view the email address of the sender and details as to when the message was received.

Watch what they ask for and how they ask for it

Spoof emails will be asking for something from you, this may include money, passwords or sensitive information. Legitimate banks or companies will never ask for personal credentials over email so don’t give them up.  High-end brands are extremely cautious with their spelling, punctuation, and grammar so if an email has many spelling mistakes, it’s likely that the email is trying to spoof you.

 Treat all links as suspicious

 Malware and ransomware can be spread when victims unwittingly click on an untoward download link. Phishers will also send links that take the user to a convincing looking corporate website where they are encouraged to enter personal information such as credit card details.

If you’re on a PC, you can use your mouse to hover over any link in an email to view the destination web address. As with the email address, if the destination web address is a random mixture of numbers and letters, be wary of it. Likewise, if the website address is mis-spelled this is a red-flag that can be easily missed eg http://www.micorsoft.com. On a mobile device, you won’t have a mouse, but you can still check the link by holding your finger down on it. Unlike a short tap, which would open the link, holding your finger on it will cause a new dialogue window to pop up, showing you what the destination web address is but without actually following the link.

As is always our advice, if you are in any doubt, check! Don’t put your personal details or business in jeopardy. By making sure that everyone is aware of tactics used in email spoofing and know how to verify the original source of an email, you can save wasted time, effort and resources in the future.

Source: This article was published beaming.co.uk By Beaming Support

Categorized in Internet Privacy

Cybercrime is everywhere, and the least you can do is read up about it. You might think Internet and email scams only affect those who are not tech savvy or do not keep up with the daily news, but that is not true. From IT professionals to teachers, to journalists, people from all fragments of society and professional fronts have fallen for these immaculately planned online fraudsBusiness Compromise ScamsPharming, etc, which might confuse anybody. And the notion of risk-taking obviously does not work in this context. With the advent of social network and the wide usage of emailing, these scams acquired quite a foothold.

Common Online, Internet & Email scams

Here are the 10 Internet and email scams you should look out for:

Nigerian Scam

Possibly the most talked about scams, these operate mostly through the mail and messaging services. People usually receive mails from a fake Nigerian individual, who claims to be from a very wealthy family and is looking for somebody to donate her money. Usually, these scams are fronts for black money or identity theft. The user is promised a huge amount of money if he or she would share his details, and a surprising number of people fall for it. They will also ask the unwitting user to sign a number of legal forms, which are actually pretty effective in taking money out of your account.

International Lottery Scam

The lottery scam is perhaps the oldest and most obvious scams in the history of Internet fraud, and yet people are duped by it. Basically, a mail reaches your server from an unknown lottery company, and it looks official and almost real. But there are obviously some red flags which expert can point out. Usually, when this happens, the mail will not address you by your name or your personal details. They promise to transfer millions of dollars into your personal account, if you give them your bank details, and then, of course, they drain the money out of your account. Millions of people around the world have lost a massive amount of their earnings through this scam. Sometimes, the emails take the name of a famous lottery company, which might be a global name, and with high-end techniques, conmen have better means of faking their credentials, so you should always be on the lookout.

Travel scams

This kind of fraud is pretty relevant even today, as people who are on these websites or get the fraudulent emails are not at all expecting to get swindled. People see huge discounts or really low rates on some travel packages and fall for it. They will also ask for your private details, and you will need to pay some money. Usually, these are quick scams and won’t drain your account, but you will never see the money you spent or get any tickets. Whenever you receive such a mail or spot something suspicious on a website, it is best to double-check.

Credit Card Scams

These frauds are also hugely common.Usually, you will get a mail from your an operator who claims to be your bank. They will tell you your credit/debit card has been canceled, or you are facing some breach in your account and thus, need to act fast. Most people, in a state of panic, give out their credit card details, One Time Passwords, and even their pin numbers. It is very important to remember that your bank would never ask you for this kind of sensitive information over mail or phone, and be careful.

Job Scams

These kinds of frauds prey upon those who are vulnerable. Most people are looking for jobs update their personal details, like mail ids and names on employment search portals. Anybody can access those details and contact the user. You will get a mail, asking for your resume, educational details, and other credentials. They will promise you an interview and possibly ask for a token amount of money, which would be reverted back to you upon hiring or at a later time. These scams are usually fronts for identity thefts and money swindling.

Digital payment scams

These are the easiest and the most dangerous frauds there is, and everybody should take note since people are so tech-reliant right now. Millions of people use digital wallets or online payment portals like PayPal or Venmo. Users often get an alert on their mail about how their account has been hacked, or an amount of money has been taken out of their account. Usually, people panic, and it never occurs to them that they are being duped by a third party.

Online ad scams

These are similar to the employment scam routine, just a little more creative. When you post an item for sale on a portal or post an ad to buy a specific item, in websites like eBay or Craigslist, or any other platform, fraudulent people can access those details and get back to you. They’ll tell you they have what you are looking for, and might even share pictures with you, but these offers usually come with a payment-first policy, and after you pay them,  you don’t hear back from them.

Investment scams

These frauds are like a short-term Ponzi scheme. You might get alerts or emails offering you ‘double your money on a month’ plans or any other such scams. Some fake portals even have provisions for your verification, where they ask you for a token amount of money, and hence dupe you.

Disaster relief or rescue scams

Whenever you get a mail asking you to donate money to a charity or a rescue operation, never respond to them. Most people obviously fall for these as they want to support a cause, but as there is no way to verify these scams, and people usually donate a substantial amount of money to disaster relief, this is a very dangerous fraud.

Ask for help scams

These frauds are more personal in nature, and you might get a mail with very specific details about a certain person, stuck in a situation in a random country, from where he/she cannot get back home and will ask for your money. People often get blindsided by the personal nature of these emails, but it is very important to remember that these are usually chain emails, and ask people to send over financial help.

Online scams are a huge risk as you can encounter them anywhere, and the smartest of people get affected by it, as they never see it coming. Whenever you encounter anything on a new portal or website, it is always best to verify their credentials before you send in your money or personal details.

Be aware, Stay safe!

 Source: This article was published thewindowsclub.com

Categorized in Internet Privacy

About 10 percent of the email credentials of all those employed at Fortune 500 companies have been leaked on the dark web, according to a new study.

The VeriClouds report, which included data from a three-year period, that looked at 27 million Fortune 500 staffers and found about 2.7 million credentials among the eight billion stolen credentials found on the dark web. If that is not bad enough VeriClouds found that the stolen data was found in multiple locations thus increasing the possibility it is bought and used by malicious actors. The good news is the number represents a 7.5 percent decline from 2016.

“We see that on average each leaked Fortune 500 email address, associated with an online account, is found at 2.3 leaked data sources. Furthermore, the availability of credentials data increases when many bad actors repackage or combine older breach data and resell it,” the report stated.

The availability of these passwords opens a corporation up to any number of potential cyberattacks, including spearphishing, credential stuffing, and account takeover attacks, which can lead to bad guys having direct access to personnel or corporate networks.

Workers in the telecom, industrial and energy sectors saw the highest percentage of stolen credentials with 23 percent, 18 percent and 17 percent, respectively, leaked. The financial, technology and healthcare fields had more records on the Dark Web, but this is primarily due to the fact that those industries have more employees overall.

In many cases the Fortune 500 firm is not directly to blame for the data loss because their employees used their corporate email address, and possibly the same sign-on credentials, to create an account at a third-party website. If this entity suffers were to suffer a breach and the person has used the same login then the Fortune 500 company could be vulnerable.

Compounding the problem is a large number of weak passwords associated with their accounts.

“Computers, Office Equipment industry has the largest percentage of weak, compromised passwords with 25 percent, followed by Transportation Equipment and Telecommunications industries with 17.6 percent and 12.9 percent, respectively,” the report said.

When it comes to shear volume commercial banks have the highest number of weak or compromised passwords with 109,000; telecom is next with just over 100,000; and the computer, office equipment sector is third with 73,000.

Source: This article was published scmagazine.com By Doug Olenick

Categorized in Deep Web

Imagine you went to a networking event last night and met a potential business partner. You're all set to send a pleasant follow-up note but realize you've forgotten the one thing you need–their email address.

While you can find most people on various social networks–from professional ones like LinkedIn to personal ones like Facebook–email still reigns supreme as the preferred method of getting in touch. Email's more personal and professional at the same time, and your contact is all-but guaranteed to have an email address, as there are 2.9 billion email addresses in the world.

Contacting people over social media has more hurdles than sending a simple email. You might have to pay to send a LinkedIn message, or the person might not accept Direct Messages on Twitter from strangers. It's worth the trouble to just email instead.

Finding email addresses isn't always easy, though. Most people are protective of their email address, for good reason: We all hate spam. With a little investigative work, though, you can find almost anyone's email address. Here's how.

Start with Quick Email Searches

Google search for email
A Google search might be all you need to find an email

The first place you should look for email addresses is the “About” page of their company’s website. You might find anything from a brief bio to detailed contact info for every team member. Dig around a bit, and you might find email addresses in unexpected places. For instance, on Zapier's About page, you'll find team members' contact information by hovering over their photos.

Personal websites are another great place to check. If you can find a personal blog or landing page for that contact, you'll likely find an email address on their Contact page. At least, it's worth checking.

Google can help out, by finding other personal sites or the email address itself. There’s a chance your prospect's email address is listed somewhere online, so just search for their first and last name along with the word and email perhaps their company name. Google will find anywhere this combination appears.

If you can find your prospect's social media account, check their profile for contact information. Users sometimes list this information on LinkedIn or Twitter, often with a space between their email address and the domain. On Twitter, for example, use the search from operator to find an email address (e.g., email from:dannyaway).

Twitter email search

Alternately, use 3rd party Twitter search app SnapBird. It can search through all of the Tweets from your feed or followers; just enter a keyword such as “email” and the user’s name, and it’ll do the rest.

LinkedIn is also worth exploring for email addresses. It lets you export contacts and their email addresses if they’re available on their profiles, for an easy way to find addresses of anyone you're already connected with. You can also use a tool such as Lusha to find contact information for people on LinkedIn, including their corporate email address, personal email address, and phone number.

Then, there are also several “people search” websites that can be helpful, including SpokeoPeopleSmart, and Pipl. Some sites are free to use (including Pipl), while you'll need a paid subscription to unlock most people search sites' full features.

When all else fails, you can try guessing. Seriously. If you can find the naming convention the company uses perhaps from another employee at that firm (in some cases, This email address is being protected from spambots. You need JavaScript enabled to view it.), you can try that format with your prospect's name and wait to see if the email bounces back. Guessing might not be efficient, but it could work.

Try an Email-Finding App

If you’ve completed your web and social media search and still can’t find a trusted email address, it’s time to use a tool designed for this email search. Fortunately, there are lots of apps just for this.

Just enter your prospect’s name along with their company name, and you’ll receive either the app’s best guess or a list of viable options. Here are the best options:

Email Generator

Email Generator

Part of your initial email search may involve entering various name and company domain combinations into Google. This is not only time consuming, but it can be frustrating considering the various combinations that can exist. That’s where Email Generator comes in. It generates over 50 popular email combinations for that name for you in seconds just from their name and company domain.

As an added bonus, Email Generator will also give you potential email variations for popular email services like Gmail and Outlook. If you’re confident that you’ve found the correct email address, consider installing Email Generator’s email tracking software, MailTrack.io, which will let you know when your email recipient opens it.

Price: Free

Mail Tester

Mail Tester

Once you've found a potential email address, use Mail Tester to see if the email address is valid. It can't tell you if that's the real email for the person you want, but it can confirm whether or not that email address exists on that domain name.

If the email address is valid, Mail Tester shows the server info it found. If it’s unable to confirm the accuracy of an email address, it will display a message stating that the company’s server doesn’t allow email verification.

Keep in mind, even if the app can’t confirm whether an email address is accurate, that doesn’t mean that there’s anything wrong with the email address. Sometimes it comes down to whether or not a company’s server will allow Mail Tester to connect to it and provide users with valid information. The only way to be 100% certain is to send an email to the address and see if you receive a bounce-back notification stating that the email address doesn’t exist.

Price: Free

BuzzStream

BuzzStream

BuzzStream is another fantastic app to use to boost your email search. It can find contact information (including social network profiles) for “influencers”, people who are active on social media and blogs. Once you've gotten in touch with an influencer, it will save those messages, and let you share them with your team to easily follow up.

When you need to find email addresses, simply add in the company URL and the app will display both employee email addresses and the company’s Twitter handle. If the app can’t find the email address of a specific person, it will provide you with the about and contact pages of the company as a starting point. Or, use its free email research tool to get auto-generated Google Search links that'll help you find their email address.

Price: Free 14-day trial; from $24/month for one user

Voila Norbert

Voila Norbert

Voila, Norbert is one of the simplest ways to find an email address. Just enter the first and last name of anyone you’re trying to find, along with the company’s domain name. It'll then ping the domain to show any addresses it finds that might match the name, along with reviews from users to show if the address is actually valid or not.

It works surprisingly well for finding company addresses. Keep in mind that some companies strive to keep the email addresses of their employees private, though, so if Voila Norbert isn’t given access it lets you know.

Price: Free for searching up to 50 email addresses; plans from $49/month

Voila, Norbert Zapier integrations coming soon!

Email Hunter

Email Hunter

Email Hunter lets you find email addresses right from its homepage. Just enter the company domain name into the search field, click search, and the app will find all of the publicly available email addresses for that company domain.

It also shows the number of sources found online for each email address, to add to the verification and validity of each one. That makes it an even better bet for finding email addresses that actually work.

Price: Free for searching up to 150 email addresses per month; plans from $49/month

See Email Hunter integrations on Zapier

Conspire

Conspire

Conspire is a little different from the other apps on this list. Rather than solely providing emails, it operates on the “six degrees of separation” theory. Like the game "Six Degrees of Kevin Bacon," where you try to figure out how a person would be connected to Kevin Bacon or some other celebrity, Conspire assumes you might know someone who knows someone who knows your prospective contact.

If you’d like to meet a new potential client through the people you already know, the app will show you the best possible path—based on people in your network—to reach out through. You can then connect with folks just outside of your network even if you haven’t met them by mentioning your mutual contacts.

Conspire uses data from your linked Gmail account to get a sense of your current network. It then scores each relationship to give an idea of how “strong” the connection is, using the To, From, CC, Subject and Date fields of your emails—along with your frequency of communication—to determine connection strength. This data determines how you and your contacts communicate.

Price: Free

Find an Email with a Browser Extension

Another handy way to find email addresses is with a browser extension—many of which work right inside your Gmail inbox. With just a couple of clicks, you can quickly look up an email address without opening a new app or webpage.

Rapportive (Chrome, Firefox, Internet Explorer)

Rapportive gif

Rapportive puts contact info discovery right inside Gmail. It can be used in conjunction with an app such as Email Generator. Simply enter a few email variations into the “Send To” field when composing an email in Gmail. Hover over each email address and Rapportive will show as much profile information as possible.

For example, with a real email, Rapportive can show you the contact’s full name, profile pic, company name and location, and links to websites (both personal and professional) and social networks. That's enough to be confident that you’ve found the right email address. Or, if it doesn't find any info, you'll see a grey block which means you'll need to keep searching for the right address.

And, when you're reading emails, Rapportive will show that same contact info in the right sidebar for a simple way to learn more about your contacts.

Price: Free

Clearbit (Chrome)

Clearbit

Similar to Rapportive, this Chrome extension integrates with Gmail. However, instead of checking variations of an email address, Clearbit quickly finds email addresses from its database, along with other company and personal data. Just enter a company's name, select the correct one, then filter through the contacts it finds there.

Then, when you receive an email, Clearbit can also give you extra info about each email—something extra helpful when trying to remember how you met a contact.

Price: Free for up to 50 searches per month

See Clearbit integrations on Zapier

Datanyze Insider (Chrome and Firefox)

Datanyze Insider can find any email address with just the first and last name of the contact—no need to enter a company domain name.

To use the extension, highlight the contact’s name as it appears online (for example, in LinkedIn or the company’s about page), right click, choose “Datanyze Insider” and click “Find email”. Datanyze Insider will then ping email addresses that are most likely to be valid (based on name and company domain variations) and display the ones that appear to be valid. It also provides a percentage for how confident it is that it found the correct email address.

Price: Free

Ninja Outreach (Chrome)

Ninja Outreach searches a company's website for any mention of a contact's name that you highlight on the web page. If it doesn’t find a match, the extension will check its own database for a match. Ninja Outreach will also give you links to the prospect’s social networks, location address, and more.

Price: Free without signup to search for addresses; register for a Ninja Outreach account to get full features including contact form autofill, web app templates, and enhanced website information

Find That Lead (Chrome)

Find That Lead adds an icon next to people's names on web pages you visit, such as LinkedIn. Click the icon and the resulting pop-up menu will display the person's company name and email address. If the search isn’t successful, the plugin will display the best result it was able to find, along with a percentage score of how certain it is that the email address is accurate. It can also work with a tool such as Rapportive if you need added certainty before sending an email.

Price: Free for up to 10 emails per week; from $15/month for additional searches

LeadFuze (Chrome)

LeadFuze helps you build a relevant contact list. It does the tedious work for you of finding email addresses, social network profiles, and prospect details such as titles and company names for an entire list of contacts. Once you have a list you’re happy with, you can set up targeted emails and subsequent follow-up emails. To be sure you have the correct email addresses, LeadFuze includes reports to see whether your email has been viewed.

Price: Free for up to 20 leads; plans from $150/user/month

Source: This article was published zapier.com By Milveen Eke-Allen

Categorized in How to
Page 1 of 3

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now