Category Archives: Email

Wise giving in the wake of Hurricane Harvey

by Colleen Tressler

It’s heartbreaking to see people lose their lives, homes, and businesses to the ongoing flooding in Texas. But it’s despicable when scammers exploit such tragedies to appeal to your sense of generosity.

If you’re looking for a way to give, the FTC urges you to be cautious of potential charity scams. Do some research to ensure that your donation will go to a reputable organization that will use the money as promised.

Consider these tips when asked to give:

  • Donate to charities you know and trust with a proven track record with dealing with disasters.
  • Be alert for charities that seem to have sprung up overnight in connection with current events. Check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
  • Designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund.
  • Never click on links or open attachments in e-mails unless you know who sent it. You could unknowingly install malware on your computer.
  • Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
  • When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate.
  • Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they’re not, consider donating through another charity.


The Hackable Human – 6 Psychological Biases that Make Us Vulnerable


There’s a red thread that you can follow in each story about cyber attacks. If you pay attention, you’ll see how human nature is deeply rooted in the mechanics of successful cyber compromise.

Technology is only half of the story. When cyber crooks launch their assault on your devices and data, they don’t target just the security holes on your system. They also aim to prey on your weaknesses.

But how do attackers know which buttons to push to make users click on infected links, even when all the signs spell “danger”?

Today’s article focuses on just that: some of the cognitive traits that make us, humans, hackable (myself included, of course) and how to fight them.

Social engineering and its many tentacles

When you think about cyber criminals, you might be tempted to reduce them to the “hoodie-clad, lone wolf who does nothing but code” stereotype.

However, nowadays, cyber crooks are highly skilled in the art of digital illusion. They have a strong portfolio of tactics and knowledge, including:

  • what Internet users like to do online and which brands they trust
  • which wants and desires make these users act towards achieving them
  • which technology products have the most vulnerabilities that can be exploited
  • where they can purchase malware that can get them what they want (money, data or both)
  • how they can build a business by recruiting more cyber criminals to spread their malicious software.

When all the elements I’ve just mentioned come together, you get a rough definition of what social engineering is. Its mission is clear: to persuade the victim to give up confidential information or perform actions that cause a security breach.

Anything you can think of, cyber criminals use on a daily basis: instilling fear, creating confusion, impersonating trusted people or entities, sabotage and a plethora of other mind games.

To bring down the bigger targets, social engineers spend time thoroughly documenting their attacks. They have to make sure that their plan can be executed to perfection. If you’ve watched Mr. Robot, you know how it works. (If you haven’t watched it, please do.)

The further you move from clear thinking and rational decision-making, the stronger the grip that cyber criminals have on you.

Our imperfect human nature turns us into liabilities for our own online safety. Add carelessness and distractions to the equation and you have the perfect scenario for an attacker to take advantage of.

The sooner we accept our faults, the faster we can learn to become stronger when confronted with cyber threats.

6 Psychological biases that favor bad decisions

Certain thinking patterns breed poor decision-making. Just like hanging out with the “cool” gang in high school gets to many teenagers to start smoking.

The 6 preconceptions below are traps we set up for ourselves and which Internet crooks exploit. It’s time to be honest with ourselves and admit that we can do better.

1. Anchoring bias

When you first bought a computer, you were probably told or found out that you need antivirus. Ten or twenty years later, you probably still believe that antivirus is the only solution you need to keep your computer safe.

This is the anchoring bias in action! Relying too much on the first piece of information you received (the “anchor”) will affect how you act going forward.

If your job and your personal life have changed in the past 10 years, then so has Internet security. It’s time to let go of the past and make decisions based on what’s going on at the moment.

anchoring bias

2. Availability heuristic

“I don’t need antivirus or other security products. My brother doesn’t have antivirus and he never got hacked!”

The availability heuristic makes people overestimate how important the information that’s available to them really is.

Knowing someone who somehow got by without AV doesn’t mean that roaming around the web without any kind of protection guarantees your safety. That person may have a ton of malware on his PC without even knowing it.

So remember: the related situations you know are not the industry average. A tiny bit of research using trustworthy sources will give you a better impression of what’s objectively recommended.

3. Information bias

More information isn’t always better. This is what the information bias is all about.

You’ll find this to be especially true in cyber security. It’s easy to get caught up in all kinds of details, but you don’t need all those details to strengthen your online safety. You just need the right ones.

That’s why you may find it difficult to make a decision after reading tens of articles on the subject. The deeper you dig, the more complex it becomes.

I’m not saying you should fall into the anchoring bias I mentioned earlier. But you should choose the details that suit your purpose and acton them.

Internet security advice is abundant, but applying it is what makes a real impact.

4. Ostrich effect

“Look at all this news about cyber hacks! There’s nothing I can do about it, so I’ll just ignore it.”

As you can imagine, this bias comes in when we stick our heads in the “sand” and decide to just ignore negative information.

But we both know that ignoring an issue doesn’t make it go away. As humans, we may be hardwired to avoid psychological discomfort, but acting on this feeling is when change happens.

If you’re uncomfortable with negative cyber security news (which is torrential nowadays), it’s because you know that even you could become a victim. But sitting idly by is not going to stop that.

Ostrich effect

5. Placebo effect

You already know this one and you probably stumble upon it more often than you realize.

“I don’t go on any strange website, so there’s no chance I’ll get infected.”

Or: “Antivirus is all I need to keep my data and devices safe.”

The placebo effect might make you feel safe, but it doesn’t mean that you are safe. Cyber criminals don’t get scared because you strongly believe in your cyber security habits.

So don’t mistake your perspective for reality. They rarely overlap in Internet security matters.

6. Overconfidence

“If I got infected with malware, I would know.”

This well-established bias is all about people who are too confident of their abilities. It can happen to anyone, but overconfidence can trick you into making bad decisions.

Remember that this is a subjective perspective, so you should check the facts to see if you’re not building a false sense of security.

Oh, and if you did get infected with malware, you most likely won’t notice. Second-generation malware, which roams the Internet today, is incredibly stealthy and damaging. It can infect your computer in a matter of seconds and trigger the attack at specific moments (for example, when you do online banking transactions).

It’s important that you train yourself to spot threats and avoid them, but your intuition, skills and experience can’t replace cyber security technology.

Developing cognitive humility

These 6 cognitive biases are a gold mine for cyber crooks of all ranges. They know that people tend to neglect cyber security because of these preconceptions or because they lack the time or skills to do better.

By becoming aware and accepting that we have our limitations and weaknesses, we can help us develop better strategies to protect us from ourselves. Not just in cyber security, but in life as well. This is what it takes to build cognitive humility.

So try to take a few minutes now to go over the biases listed above and see if they got in your way lately. Making a conscious effort to “override your default settings” can help you gain clarity and make better choices for your cyber safety.

The one key habit to cultivate your Internet safety

How you perceive things, your outlook basically, determines your actions. A perspective distorted by biases cannot lead to sound decision-making.

If you think that you don’t need anything else than antivirus on your system, you may continue to be exposed to nasty financial malware or ransomware.

In the malicious hacker’s playbook, mental weakness = vulnerability. Attackers don’t exploit this with technology, but, as you now know, social engineering comes with a large toolkit.

cyber criminal

Counteracting inevitable missteps is certainly possible. All it takes is sticking to one key habit that I’ve found helped me a lot. But before I share it, let me ask you:

Have you noticed how we think more clearly after something bad has already happened?

In hindsight, we make better decisions because we’re not limited by fear or scared of the unknown. At that stage, we’re not overwhelmed by emotion. Instead, we rely on logic and see things for what they are.

In real-life, however, I noticed that we’re more inclined to learn from our own mistakes rather than others’. It’s natural, and I’ve done the same many times over. But in cyber security (and some other fields), personal mistakes are usually costly experiences.

So the right moment to decide which cyber security products you should use and which advice is worth applying is now! Not tomorrow, not the next weekend.

“Now” is a great time. A time that’s not troubled, when your computer is malware-free and there are no constraints to rush you into poor decisions.


Scammers impersonate the National Institutes of Health

by Cristina Miranda

Consumers are reporting another government imposter scam – this time the scammers are pretending to be calling from the National Institutes of Health (NIH). According to reports, callers are telling people they’ve been selected to receive a $14,000 grant from NIH. To get it, though, callers tell people to pay a fee through an iTunes or Green Dot card, or by giving their bank account number.

If you get a call like this from someone asking you to pay money to get money, stop. Hang up the phone. The federal government will not call you to give you a grant. NIH does give grants to researchers, but they have to apply for them, and those grants are for public purposes, not for personal use.

Also, the federal government will never call you, demanding that you give your personal or financial information – like your bank account or Social Security number. Has a caller ever asked you to wire money, cash a check they send you (and send them money), or use a prepaid card to pay someone? Those are all red flags. Nobody legitimate – and certainly not the government – will ever ask you to pay in any of those ways.

For more tips on avoiding government grant scams, check out NIH’s handy guide. Did you send money to an NIH imposter? Get in touch right away with whoever you used to send the money (your bank, MoneyGram, Western Union, iTunes…) and report the fraud. You might not get your money back, but you certainly won’t if you don’t report it. And then tell the FTC.


Cyber security myth busting – “I set a strong password, so I’m safe”

“I set a strong password for my account, so I’m safe. Nobody can breach my account!”
Tsk tsk. Don’t count on that.
Yeah, I strongly recommend that you set a strong password, so don’t skip this essential step.
It should be one that has more than 15 characters, both upper and lower cases, and contains various numbers and symbols.
But keep in mind that having a strong password is not enough to keep cyber criminals away.
It’s just one of the many security layers that you need to maintain in order to keep you protected.

Next layer of safety: your password should be unique. Don’t reuse it between accounts, otherwise a cyber crook will have access to all your digital assets, just by breaching one of those accounts.
Afterwards you should activate second-factor authentication, if possible. It will work as an extra defensive wall that’s even harder to be knocked down.

And if you’re worried that you have too many accounts and you’re not going to remember all their passwords, you can keep them safe (and encrypted) with a password management software. Just make sure that you don’t forget the master password to that.

How scammers get rich through click fraud

Scammers always try to trick us to click on ads or visit websites that we don’t want to.
That’s called “click fraud” and it costs marketers all over the world billions of dollars every year.
It consists in generating clicks that don’t come from genuinely interested users or by hijacking clicks that were intended for a legit advertiser.
You may argue that it’s harmless, only wasted time, right?
Well, take those few cents that a scammer will earn from your click and add to the other millions of clicks that they managed to gather.
And that’s not all. You can end up with data-stealing malware or ransomware just by clicking on an infected banner.
So pay close attention to how you spend your clicks.

This is how clone phishing works

Clone phishing is less known, but just as dangerous as your “common” phishing attacks. That’s because it uses legitimate, previously delivered emails.

Here’s how it works:

The cyber attackers will use original emails and create a cloned (or almost identical) version.

Clone phishing emails may claim to be a resend of the original ones or an updated version of it.

What will be different: the attachment or links are replaced with a malicious version of the legit ones.

Clone phishing appear to come from the original sender and use a fake reply-to address.

It’s a strategy that works because it exploits the trust created from the original email.

Encryption here, encryption there, encryption

Data encryption is no longer a complicated thing to do, accessible only to top experts.

Nowadays there are plenty of tools that are easy to use (and sometimes even free), tools that will help you encrypt your sensitive data.

By doing this, you ensure that your valuable information will remain safe and hidden from malicious eyes. That means no cyber attacker will peek through your private conversations or files or any other important data.

If you have the latest versions of iOS and Android, encryption is easy-peasy, as it’s enabled by default (and you should leave it like that).

Create multiple email accounts

Create completely separate email accounts with different purposes.

  • One email account to subscribe to newsletters and shopping deals
  • Another one for online accounts, such as your Facebook or Uber
  • Different email accounts for work and personal conversations

It might seem like a hassle, to create and manage all those accounts, but it’s worth it. And it will also help reduce the chances to receive spam on your important emails.

The cluelessness of identity theft victims

Identity theft is the illegal use of someone’s personal information.

It’s when a malicious hacker steals your data and starts making financial operations in your name.

They open bank accounts, take out loans, ruin your credit cards’ ratings, and many others.

Besides the financial loss, there may also be additional consequences. You can even realize one day that you are held responsible for criminal actions that you had nothing to do with.

And wanna hear what the worst part is?

Most of the identity theft victims are usually clueless.

They have no idea what’s happening to them.
Recent statistics show that:

  • almost 70% of the victims don’t know how the thief got their information;
  • 92% don’t even know anything about the individual (or group) that stole from them.

Don’t wait for bad things to happen

Most people wait for something bad to happen before they take any security measures. They either don’t realize the threats they expose themselves to, or just consider protection to be too consuming of time, money and comfort.

Unfortunately, nobody is and never will be safe online. Any of the online accounts that we use can be breached.

What if that lesson is too expensive to learn the hard way?

What would happen if you lost one of your accounts?

Or the data you had on them?

What if that data was sold? Or used to blackmail you? How much would that ruin your reputation?

If it’s too late and you’ve already been hacked