Snapchat Latest Phishing Attack Victim

Last week I wrote about the dangers of phishing attacks and here only days later we have yet another example of their danger.

A phishing attack this past Friday reportedly tricked a payroll department staffer at Snapchat into revealing private information about some current and former employees, the video messaging service said yesterday in an online apology. No internal systems were breached and no information about users was released, the company added.

Employees whose information was released have been contacted and offered two years of free identity Relevant Products/Services theft insurance and monitoring, according to the Snapchat blog post about the phishing incident. The company also reported the attack to the U.S. Federal Bureau of Investigation.

The phishing attack caused a payroll employee to believe an e-mail request for information came from Snapchat CEO Evan Spiegel. It’s a type of attack known as “spear phishing” that targets individuals or narrow groups of people rather than sending out e-mails to thousands of random users.

Quickly Reported to FBI

Snapchat stated that it responded “swiftly and aggressively” after learning of the suspicious e-mail and subsequent release of employee information.

“Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI,” the company said in its statement.

The company added that it will “redouble our already rigorous training programs around privacy and security Relevant Products/Services in the coming weeks. Our hope is that we never have to write a blog post like this again.”

Phishing Is ‘No. 1 Attack Vector’

Scams involving spear phishing and other kinds of business e-mail compromise efforts “became a major problem in 2015,” according to a report on phishing activity trends released in December by the Anti-Phishing Working Group (APWG). Between the first and third quarters of last year, the number of reports of unique e-mail phishing campaigns ranged from just under 50,000 in January to nearly 150,000 in May, the report said.

Founded in 2003, the APWG is an international organization whose members include businesses, government organizations, law enforcement agencies and non-governmental organizations. Among the businesses participating are Cisco Relevant Products/Services, Facebook, Intel Relevant Products/Services’s McAfee, Microsoft Relevant Products/Services, PayPal and Symantec.

“Phishing is the No. 1 attack vector today and with good reason — it often leads to success,” noted PhishMe’s inaugural “Enterprise Phishing Susceptibility Report, also released in December. “An organization’s employees are the primary target, the means to the attackers’ end of gaining access to company systems. Employees are the easier targets due to their susceptibility to various emotional and contextual triggers.”

A company that provides “human-focused phishing defense solutions,” PhishMe gathered data Relevant Products/Services for the report by sending 8 million phishing simulation e-mails to more than 3.5 million employees of customer Relevant Products/Services companies. The research showed that employees most often responded to phishing e-mails in the morning, especially at 8 a.m., and they were most often tricked by e-mails with subject lines like “File from Scanner” or “Unauthorized Activity/Access.”

Providing behavioral conditioning to employees reduced the chances that they would respond to malicious e-mails by more than 97 percent after four simulations, the report added.

“It is important to train employees to report phishing attempts as soon as they are recognized in order to offset the likelihood that a phishing attempt will be responded to in its first several hours in a network environment,” according to the report.

Tax Season is a Time to Be Aware of Phishing Attacks

It’s tax time, so you should think twice before clicking on that link in your email inbox. What may look like a legitimate communication from your bank, financial institution or email provider may actually be part of a scheme designed to steal the confidential information stored in your computer, or to gain access to the network it’s attached to.

Experts warn that tax season is a prime time for this brand of fraud known as “phishing” where hackers are out to steal your information in hopes of using it to file a false tax return.

Phishing emails remain one of the top causes of data breaches. While people are more aware of their danger than ever before, the lures continue to evolve and increase in sophistication, making it tough for the average person to discern which emails are legitimate and which ones aren’t.

Here are a few answers to common questions about phishing:

Why Is It So Bad This Time of Year?

Phishing peaks during tax season, partially because it’s a time of year that many people are accustomed to entering their most personal information such as their Social Security number or bank account information on websites.

Hackers can use this information to file false tax returns and steal your refund.

This year is no exception. Earlier this month, the IRS said that it stopped an attack on the e-filing portion of its website. Hackers tried to use a combination of malware and 464,000 Social Security numbers that had been stolen elsewhere to generate PIN numbers that could be used to file fraudulent returns.

Thankfully no taxpayer data was stolen from the IRS computer systems as a result of the hack.

Phishing also spikes around Christmas, with attacks in the form of fake delivery notifications. Thieves also often tie phishing emails to major sporting events, or natural disasters like overseas earthquakes.

What’s the Difference Between Phishing and Spear Phishing?

Phishing is like a person casually throwing a rod in a lake and waiting for a bite. Phishing emails don’t contain a lot of specifics, but are quick and easy to send out in mass quantities.

“Spear phishing” is much more targeted and personalized. The people behind those attacks spend time researching their targets in order to create highly customized emails that look much more legitimate and are much more likely to be clicked on.

The rise of social media has made this a lot easier. Thanks to Facebook and Twitter, details including a person’s place of employment, where they bank, like to shop and the names and ages of their children are just a few clicks away.

What Other Red Flags Should I Be on the Lookout For?

In an effort to get more people to click on a link before thinking about the possible consequences, many phishing emails will give an impression of scarcity, or include some kind of time limit.

For example, an email made to appear to be from a person’s bank or email provider may state that if that person doesn’t click on the enclosed link within 24 hours, they will be locked out of their account.

And while poor English and long, complex web links were previously sure signs of phishing, they’re not as prevalent anymore. Many overseas hackers are no longer using clunky translation websites, because there are fluent English speakers who specialize in translating phishing emails.

Meanwhile, it has become easier to shorten the Web links that direct a people to fake websites.

You should be wary of emails purported to be from banks, or other companies you do business with, but did not opt into emails from. Be aware that banks generally do not include Web links in emails.

Be aware of this. Links can take you to a fake website where you will be asked to login and those credentials will ultimately be stolen.

In addition phishing attacks do not just come in the form of email. They can come as text messages as well, with those links often containing viruses.

Is There Any Way To Prevent a Phishing-Related Hacking?

Basic cyber hygiene can go a long way toward preventing a data breach, even if a link in a phishing email gets accidentally clicked on.


Using different passwords for different accounts, two-factor authentication and changing passwords frequently all can be a big help. In addition, companies should test their employees by periodically sending out fake phishing emails to see who falls for them.

Also organizations need to make sure their security keys are up to date, along with their anti-spam filters, so past bad senders don’t keep getting through.

In the end – even you do not remember most of this – one simple rule will do a lot to protect you.

Facebook’s Extends it”s “Like” with Emojis

Today, you can do more than “like” your friend’s Facebook post.

Thanks to a list of new reactions that have already gone live, you can love someone’s funny post or video. You also can give it a haha, wow, sad or angry reaction.

This is something users of Facebook have been asking for – for quite a long time and it’s good to see Facebook at least trying to give people other options then “like” when commenting on a post.

While avoiding adding a “dislike” button, which Facebook apprently thought would add too much negativity to the site, users now can hold down the like button when using the mobile app, or simply hover over the like button on the desktop, to see the expanded list of reactions in the form of colorful emojis.

facebook likes

Changing Facebook’s Like button is a really big deal for the company.

Facebook has reported that users click on the Like button about 6 billion times a day. Users are accustomed to liking posts about friends having babies, going on great vacations, running a 5K or adopting a new dog.

Likes have become a means of communication in this age of social media.

Users pay attention to the likes they get on a post to gauge their friends’ reactions. Companies pay attention to the likes to gauge customers’ interest in a new campaign or a new product.

While users may have fun trying out new reactions to their friends’ and relatives’ Facebook posts, the Facebook stands to get a much bigger payback from the effort.

Be aware that Facebook is also helping itself to collect more data about its users and allowing advertisers to collect more detailed data about their products and customers.

Securing Your iPhone

With the recent FBI – Apple dispute regarding unlocking a iphone now is a good time at reviewing various ways to make sure your iPhone is safe from hacking and breaking into.

The Lock Code

By default, we are allowed six-digit unlock codes. If those six digits are chosen carefully, it’s a strong way to protect your phone from most threats. The reason for this is due to a couple of security features from Apple and the sheer number of passcode combinations possible.

The first security feature is the requirement that all password combinations are attempted on the phone itself. The good news here is that currently, it is not possible to connect an iPhone running iOS 9 to a machine in order to brute force the passcode.

The second feature adds a delay to each attempt. This delay gets longer as you guess incorrectly. After four incorrect guesses, the attacker has to wait one minute before trying again, and then five minutes, 15 minutes and finally one hour.

There’s a third feature as well, but it has to be turned on. In Settings > Touch ID & Passcode, you’ll find an option at the bottom that says Erase Data; enable it.


Enabling this feature gives attackers 10 tried to guess your passcode and then wipes all of the data from your phone.

All of the features above are what the Department of Justice ordered Apple to write new firmware for. If Apple had created this new firmware, it would allow the FBI to bypass these security features and simply guess all possible password combinations. If allowed, the FBI could crack a six-digit numeric passcode in less than a day.

Of course, if you just want to call it a day and put this whole thing to rest right now, you have the option to create longer passcodes, or even to make them alphanumeric. In Settings > Touch ID & Passcode > Change Passcode, you have the option to set it to alphanumeric after you input your current passcode.


A 12-digit passcode with letters, numbers and special characters, for example, would take 4 million years to crack using current brute force techniques and hardware. Even if Apple did create the software the FBI is asking for, it’d be all but meaningless. However few people are going to take the time to create a password this long.

Disable Touch ID

This may surprise you but sadly it has been proven repeatedly that the fingerprint sensor is not really a secure way to unlock your phone. To disable Touch ID, Settings > Touch ID & Passcode and then disable all of the settings that use the Touch ID.


The strongest passcode in the world means nothing if you can defeat a fingerprint sensor with a piece of plastic.

Instead of Touch ID you really want to force attackers to enter a passcode, and a long one at that.

Another problem with the TouchID is that there is also a precedent that police can force you to unlock a phone with a fingerprint sensor, even though they can’t require your passcode without a warrant. Weird huh.

Stop Automatic Backups – They are NOT Secure

iCloud backups are not secure. Your files reside on Apple’s servers, non-encrypted, and are easily accessible by Apple, and anyone else who has a court order.

Instead of iCloud backups start making local backups of your iPhone using iTunes. I realize this is not the most convenient of solutions, but if you are looking for the safest way to protect your backups, this is it.

If you’re extra tinfoil hat-y, you can even disable the internet while making these backups, but it’s not necessary.

Don’t forget to encrypt the backup by checking the appropriate box.


Now, you can store the encrypted backup file in iCloud, Dropbox, Google Drive, or any other cloud storage provider, or locally on your hard drive.

More Considerations

The steps above are all reasonably easy changes to make and none require a significant shift in user behavior. They’re also going to prove remarkably efficient at keeping attackers out of your iPhone.

From here, the only common vulnerabilities are going to be from third-party applications, malware or perhaps a Bluetooth exploit, but the latter is said to have been fixed in iOS 9.

Stingrays are also a real threat, but even they can’t decrypt files within an iPhone. Instead, they trick your phone into believing it’s connecting to a cell tower and then handing over call and messaging data.

If you’re worried about bulk data collection tools, like the Stingray, you can avoid calls, email or sending text messages and instead opt for a secure messaging app that uses end-to-end encryption, such as Signal orChatSecure.

Again, no security solution is perfect but if you were looking to protect your information, while not significantly altering usage behavior, we hope these steps will help.

OneNote 101

Microsoft has revamped many of its internal apps to match both the design aesthetic and increased functionality in Windows 10, and what we’ve gotten in the new OneNote is no different.

If you’re already a devoted customer of competing products like the Evernote desktop app, many of the features provided by Microsoft’s answer to quick note taking will already feel familiar. However, longtime users of the original OneNote may still need some tips on navigating the fresh design, which is why we’re here to help.

It’s worth noting here that there are actually two versions of OneNote: There is the standard desktop edition that is part of Office, and there is the new Universal app that is part of Windows 10. We’re talking about the latter.

I hear people say OneNote is too confusing or bloated, so they have stayed away from using it. While I am not completely sure why this is, I have guessed this stems from a fundamental misunderstanding of OneNote. So what is OneNote? The best concise description would be, OneNote is digital paper. However this description could initially raise more question than it answers, but it does frame the program in a helpful way.

OneNote’s Digital Paper – Doing Your Part for Green 

Why call OneNote digital paper, because much like paper, OneNote is very flexible with how information is added and arranged. OneNote lets users add photos, files, text, ink, recordings, and tables wherever they want. While this flexibility can be nice, it can also be a drawback for many users. What do you mean I can just put stuff all over the place?? Wouldn’t that result in a disorganized mess?!? Yes, OneNote is so flexible, messes are extremely easy to make, but with a little thought and reorganization those messes can be turned into value.

So what can you expect from OneNote? 

OneNote works best when you have content which needs to be saved in an amorphous way. Instead of creating a new Excel or Word document to capture some data, just drop it into OneNote. For example you can write down shopping lists with checkboxes easily; jot down a phone number you need to call; take meeting notes; outline your paper; brainstorm gift ideas, and so on.

If you have a device with pen support then OneNote can be a whole different kind of useful. OneNote has unparalleled support for inking: ink to text, ink to math, search for inked text, and soon shape recognition. Use OneNote to markup screenshot or share sketches with co-workers. Since OneNote is just digital paper you can sketch forever and never run out of space.

While stylus support makes OneNote great, the program has an immense amount of potential when just using a keyboard and mouse. All day we encounter tidbits of information which doesn’t fit into our standard bins. Remembering the code for a friend’s garage door; the model and serial number of new computer hardware; checklists for work procedures; writing down ideas which come at less than ideal times. All of these pieces of information can be captured and organized into OneNote.

Why spend the time collecting and organizing all this information into OneNote? As more of our life moves into the digital world we need ways to collect and organize that information. Keeping important information in emails, texts, photos, random documents, or in your head will fail you some day. Maybe not today or tomorrow but eventually the loose ends will unravel.

Start now and start small but everyone using mobile devices needs some plan to get a handle on their digital documents.

TOS 50 Book Mission # 7 – “The Modala Imperative”

I found myself in need of a quick read before the new Star Trek novel, “The Latter Fire” by James Swallow arrives in my mail box this week. Just enough time for a graphic novel.

Star Trek: The Modala Imperative is a 8 part graphic novel (OK – a comic book) published in 1991 that spans 80+ years. The first 4 parts involve the TOS crew while the final 4 parts pick up 75 years later with the TNG crew.

Although this story pans two Enterprise crews Doctor McCoy and Spock are the true stars here. The Modala Imperativetends to play this fairly straight as these characters are the most involved because they’re in both legs of the story, but in each story the spotlight is shared equally among the main cast the same way it would be in an episode of Star Trek. The first part focuses on Chekov, Kirk, Scotty, Bones, Spock, Sulu, and even Transporter Chief Kyle, with moments set aside for Uhura and several other characters. The second part focuses even more equitably on Picard, Troi, Spock and Bones, as well as giving attention to Riker, Data and Worf.

The first half of the story is reminiscent of the episode “A Private Little War”. Here we find a potential Federation candidate’s fascist faction has been armed by a mysterious benefactor with advanced weaponry. Unfortunately, it is all that Kirk and Chekov (and their rescue team of Spock and McCoy) can do to get back off of the planet without breaking the Prime Directive, and the source of the weapons remains a mystery for another one hundred years. It’s not until a celebration for the 100th anniversary of Modala’s entry into the Federation that the suppliers of the weapons show their faces, and it’s not the Klingons: it’s the Ferengi!

Perhaps more interesting than the plot – which is good, but is standard episode fare – is the arc for the characters in question. This is Pavel Chekov’s first away mission, and he is dealing with issues ranging from nerves to hero worship of his Captain. Throughout the first four issues Scott, Sulu and Kirk all lend their hands to help Chekov develop, while McCoy, Kirk and Spock debate the wisdom of taking him along on this particular mission. The end result is a great story for Chekov in addition to a standard one for the more seasoned officers.

The second story is about aging. McCoy fears he might grow irrelevant, and he even implies that the existence of Data indicates that Spock himself is becoming outdated. Unfortunately, this leg of the story is hurt by the fact that Bones really is pretty pointless in a crisis at this point. At close to a century and a half, there is not much he can do to defend himself. He’s not needed for any medical situations, either; the most he does is to influence morale simply by being his abrasive self. Bones and Spock do bring up the age-old “Kirk vs Picard” debate, but they cop out by choosing “Spock” as the answer.

Here are Spock and McCoy, reunited at last in the pages of issue #2 of the second Modala series:

The first story is significantly better than the second. Not only does it focus entirely on its regular cast members of its own show, but it also provides character development for Chekov that his character rarely enjoys. The second story, on the other hand, focuses more directly on guest stars Spock and McCoy, with nobody on the TNG crew really developing in a way that they would not on an average episode.

All in all, this is a good story for fans of either series to pick up.  The story is well paced, exciting and really captures the feel of both series to a really good extent.  The art, while not great, especialy in the second half of the graphic novel, is still good enough to make the action and characters feel like their real life counterparts.

TED Talk Feature – Think Your Email is Private? Think Again.

What is TED?

TED is a nonprofit devoted to spreading ideas, usually in the form of short, powerful talks (18 minutes or less). TED began in 1984 as a conference where Technology, Entertainment and Design converged, and today covers almost all topics — from science to business to global issues — in more than 100 languages. Meanwhile, independently run TEDx events help share ideas in communities around the world.

I have learned so much from TED during the past decade. My curiosity is often satisfied, at least for a short time after watching these short, inspirational talks. I really cannot say enough how amazing TED is and I was thinking of how I could spread the word. When I was thinking about this I thought of you, my dedicated readers. So with this in mind I am going to try to post and write about TED Talks on a regular basis right here… on The West Chester Technology Blog.

Most of the TED Talks I will feature will of course focus on technology and science but once in a while I will probably diverge from those arenas because inspiration comes in many forms.

My first TED Feature has us learning more about the “privacy” of our email.

Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It’s just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.

Affordable Cloud Backup Service!

I have mentioned this backup service before. In fact way back on October 10, 2015 I wrote about Skyhub simply because of it’s very affordable price. We all know that computers and hard drives fail from time to time. There can also disasters at home where your computers and hard drives are damaged and of course we can all be victims of theft.  The best way to protect your digital files is to back them up – off site – in the cloud.

The perfect balance of space, access and security can be an elusive quality in the cloud storage world. Though some services are great, prices tend to rise after a set period of time, and the cheaper services are rarely secure.

The most well-known services (Google Drive, Dropbox, etc.) sell monthly and yearly subscriptions but usually offer restrictive limits in storage space, often forcing you to buy into higher plans. The optimal balance can be found in the SkyHub Cloud 2TB Backup: Lifetime Subscription, now just $49.99 on TNW Deals.

With SkyHub Cloud backups, you can keep your files safe for life on SkyHub’s servers, away from whatever natural disaster or external threat that might threaten your devices. You’ll get unlimited encrypted backups of any size from up to three computers, and can view them from any device.

There are a number of reasons it’s been credited with ‘online file storage excellence’ by the Wall Street Journal:

  • Get 2TB of automatic backup for 4 computers, add more to your account anytime and backup all your devices, discs & thumb-drives
  • Back up 2TB of data as needed—there’s no catch!
  • Quickly & easily get set up
  • Rest assured that all your data is secure thanks to the advanced encryption security
  • View all your backed up files on the web, store them long term, or take advantage of the innovative SkyHub hybrid storage system

There are no tricks or catches – you can store a full terabyte of data in the Skyhub Cloud, as well as all your devices, to be stored in SkyHub’s servers forever. For a limited time, enjoy a lifetime 2TB Backup deal at 90 percent off.