FBI Probes More Emails from Clinton’s Private Server

This is not a political blog. We cover technology. In an example of just how technology is tangled in our lives is the current presidential election. This year’s presidential election has been tied up and may hinge on something that we should all be aware of.

Email management.

I have spoken about it, I have written about it, and I have taught classes on it. Over the past 20 years we have all become so comfortable with it that we often use it unwisely. Countless people have lost their job over it. This included General David Petraeus who in the November of 2012 was forced to resign as Director of the CIA. Although there were other behaviors that resulted in this resignation, General Petraeus’ email management played a role as well.

Of course we all use email, both at home and at work for many topics. Most will not get you in trouble. However it is easier then you may think to get in legal trouble.

Who Our Next President Is May Rest on Email Management

Now less then 2 weeks from the election for the presidency of the United States one of the candidates is answering questions about her email management and the conversations found.

The FBI has uncovered new emails related to Hillary Clinton’s use of a private email server, prompting federal authorities to investigate them.

The FBI discovered the emails as part of an “unrelated case,” FBI Director James Comey said in a letter to a congressional committee that was later tweeted on Friday.

103894270-gettyimages-534816054-530x298

These emails “appear to be pertinent” to the FBI’s original investigation into Clinton’s private server use, which the agency wrapped up back in July, Comey said. Clinton, now the Democratic nominee for U.S. president, used the private server while she served as Secretary of State.

Comey said he agreed to allow the FBI to determine if the newly uncovered emails contain any classified information, “as well as to assess their importance” to its original investigation.

The FBI can’t say whether the emails are significant or how long the agency will take to probe them, he added.

On Friday, the FBI confirmed that a letter was sent out to members of Congress but declined to offer further comment.

U.S. House Speaker Paul Ryan, a Republican, said on Twitter the FBI had essentially reopened its investigation into Clinton’s private email server use.

“She was entrusted with some of our nation’s most important secrets, and betrayed that trust by carelessly mishandling highly classified information,” he said in a statement.

He’s asking the U.S. director of national intelligence to suspend all classified briefings with Clinton until the matter is resolved.

Clinton and her presidential campaign have yet to respond to the FBI’s new investigation.

In July, the FBI concluded that Clinton had been “extremely careless” in her use of a private email server, but the agency didn’t recommend filing any charges against her.

The FBI said Clinton’s server faced ongoing cyber threats from possible hackers, including phishing email attacks and failed login attempts. However, the agency found no evidence confirming that the server was ever compromised.

The letter from FBI’s director didn’t mention how the newly uncovered emails were obtained or where they came from.

However, recently stolen emails from a Clinton aide have been published through WikiLeaks and include allegedly thousands of private messages between U.S. officials and her staff.

The Fate of a Nation

What happens in the next 2 weeks no one knows. The course of the the most powerful nation this world has ever seen may rest on…. email.

Avoiding Email Scams with 10 Easy Tips

Recently I have been asked about a couple of suspicious email messages, which were both of course not legitimate messages but scams in which the sender, a truly bad guy was “phishing” in order to steal money from the receiver.

Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for.

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs (or website addresses). Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is more then likely fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the very telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.

I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

I have found that sadly this often works because most people trust companies like “Microsoft” and “Apple” so when long standing names like this are used people often let their guard down. The lesson here is to never let your guard down when it comes to email messages.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from a major corporation’s legal department.

4: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank does not need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action

Just yesterday I received an email message informing me I had won the lottery! The only problem is that I have never-ever bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

8: The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam. Let me give you an example.

Just recently a workmate received an official looking email that was allegedly from a co-worker. The email went on to ask for our “account number” and “routing number”. Although it appeared to be an email from one staffer to another staffer the email originated from a hidden domain and as I mentioned in Tip #3 the spelling and grammar was poor.

Also – As I mentioned in Tip #4 – legitimate companies will not ask for sensitive information by email and you – of course should never-ever send this type of information via email.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they will send messages claiming to have come from a law enforcement agency like the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

I can’t tell you how government agencies work outside the United States. But here, government agencies do not normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They do not engage in email-based extortion.

10: Something just doesn’t look right

In Las Vegas, casino security teams are taught to look for anything that JDLRjust doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle also applies to email messages. If you receive a message that seems suspicious, it is usually in your best interest to avoid acting on the message.

TED Talk Feature – Think Your Email is Private? Think Again.

What is TED?

TED is a nonprofit devoted to spreading ideas, usually in the form of short, powerful talks (18 minutes or less). TED began in 1984 as a conference where Technology, Entertainment and Design converged, and today covers almost all topics — from science to business to global issues — in more than 100 languages. Meanwhile, independently run TEDx events help share ideas in communities around the world.

I have learned so much from TED during the past decade. My curiosity is often satisfied, at least for a short time after watching these short, inspirational talks. I really cannot say enough how amazing TED is and I was thinking of how I could spread the word. When I was thinking about this I thought of you, my dedicated readers. So with this in mind I am going to try to post and write about TED Talks on a regular basis right here… on The West Chester Technology Blog.

Most of the TED Talks I will feature will of course focus on technology and science but once in a while I will probably diverge from those arenas because inspiration comes in many forms.

My first TED Feature has us learning more about the “privacy” of our email.

Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It’s just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.

Amazon to Offer Email Service

I am not so sure about this one Amazon.com.

While I am a big fan of your amazon.com website for purchasing and Amazon Prime is amazing, and both your Kindle and Amazon Fire TV are winners I am not sure that on the heels of the disaster that was the Amazon Fire Phone trying to sell yet another email service is the best move.

Amazon has reported that they will launch an enterprise email and calendar service that competes against products from Microsoft and Google.

Called Work Mail, the product will “focus on security and ease of use”, because Amazon claims many companies view enterprise email applications as expensive and difficult to use.

“Customers are not happy with their current email solution,” Adam Selipsky, an Amazon Web Services official, told the Journal. “A lot of customers feel those solutions are expensive and complex.”

I simply do not buy this reasoning. I have heard very few people complain to me that their email service is “too confusing” or “not secure”.

Details are few today on the technology behind WorkMail and Amazon has been vague on the service details itself. WorkMail will apparently work with existing email client applications, such as Microsoft Outlook, and provide the back end email and calendaring functionality. It will compete primarily against Microsoft’s Exchange Online, which is part of the Office 365 cloud suite for businesses, and against Google Apps for Work’s Gmail component.

With the new service, Amazon is joining a host of others in the quest to upend Microsoft as the king of email and other office productivity tools. Competitors in the crowded field already include Google, with its Apps for Business, as well as many  start-up companies, including Dropbox, Evernote, Box.com, and Quip.

Good-luck Amazon.com. I will be pulling for you but I have a bad feeling about this one.

How to Set Up Multiple Email Signatures in iOS 6

Today I was asked if you can have multiple signatures on your IPhone & IPad. The good news is that yes you can, as long as you have upgraded your Apple device to iOS 6. This upgrade was made available earlier last year, so hopefully you have already completed the upgrade.

Before iOS 6, you were allowed only one common signature that appeared on each email account. Other then deleteing and adding a new email signature for each email message there was really no other way to deal with multiple email accounts.

With the new iOS each of your accounts can have it’s own distinct signature. Isn’t technology womderful! So, your work email can give all your professional information while you’re personal account can have more of a personal signature.

Here’s how to set it up:

Go to Settings on your home screen, select Mail, Contacts, Calendars. Scroll way down until you see the Signatureoption. Tap on it and you’ll see the options shows in the image below.

All Accounts will enable one signature to be sent from all your email accounts. Tap Per Account and each of your accounts will pop up, allowing you to create personalized signatures for each of them. (see image below)

Now, when you send an email, iOS 6 will automatically know which account it’s coming from and apply the correct signature.

Tis’ the Season for Email Scams

The holidays are almost here and sadly in the cyber world that means a new onslaught of potential computer risks to all of us. For example security researchers from Symantec are warning about a recently intercepted flood of Christmas themed malicious and fraudulent campaigns. Each year these malicious campaigns become more complex and dangerous. The recent campaign is an excellent example of this. Not only are the senders completely unknown by the recipients, but also, users are exposed to fraudulent e-shops for counterfeit shops.

Over the past year, there have been numerous attempts to entice users into clicking on links to fraudulent e-shops by impersonating a legitimate message or notification from respected, trusted and well known brands. These dangerous emails will without a doubt become more prevalent  as we get closer to the holidays.

As a result of these fraudulent emails I recommend common sense.  You should avoid clicking on links found in suspicious messages. Remember this lesson, “If it sounds to good to be true, it probably is”.

Chase recently posted some examples of fraudulent email messages sent referring to their company. You can check them out here.

During the holiday season I will keep an eye on this situation and try to post updates when possible.

Verizon Email Scam Confirmed – Use Caution

In the past 24 hours, a large number of fake emails arriving in Baltimore City mail box/email accounts have been confirmed to be falsely claiming to be from Verizon. This has been a scam that has been going on for much of the month of May 2012. I have also confirmed that these messages have been appearing in the West Chester PA area as well. These emails would appear to be “Phishing Scams”, but they are link trying to take you to web pages that quietly exploit your workstation.

IF YOU RECEIVE A EMAIL MESSAGE LIKE THIS, PLEASE DELETE IT IMMEDIATELY & REMEMBER THE GOLDEN RULE. NEVER EVER OPEN AN UNSOLICTED EMAIL MESSAGE. YOU ARE ONLY RISKING YOUR PERSONAL INFORMATION AND THE DIGITAL LIFE OF YOUR PC.

Hackers, Spammers and Scammers all love a BIG story, and there certainly is no bigger news item now then the recent take down of Public Enemy Number 1, Usama bin Laden. These hackers and other bad eggs are using this news story to intice people into downloading a file in order to watch a video. This is a HOAX and if you follow the link, download a file from one of these messages you will infect your computer, or become a spamming machine. This hoax is especially active on Facebook at this time. Be aware that the United States Government has not released any photos or video from their recent operation. Often the message, either through an email or a social networking site such as Facebook will have a link to a website it wants to redirect you to. Often stating it’s an “official source”, such as CNN. This is a ploy. Ignore it. Also be aware that even the best anti-virus software can not prevent a human being from clicking on and downloading an infected file. Here is the official FBI news release in respect to this recent hoax

 Today we launched a companion twitter feed for the West Chester Employee’s Tech Blog. Please click below and sign up. The basic idea of hosting our own “West Chester Technology” Twitter feed is to provide everyone with an easy, fast and informative way of communicating not only with me but with each other about all things tech. You can post questions or ideas for everyone to see and comment on. Click the link below and sign up. https://twitter.com/westchestertech Once you sign up for a twitter account make sure to follow our tech feed and download the free twitter app for your smartphones and mobile devices.

Tip: Adding A Signature To Your Email

Many of you have asked from time to time, “How can I add a signature on the bottom of my email messages?”. I thought I would take the time to demonstrate one of the ways you can do this easily.

If you access your email through Web Outlook, select the “options” menu on the bottom of the left side toobar.

Then browse down and open “edit signature”.

Finally, enter what you would like your signature to look like and save. That’s it. You now have a signature that will appear on all of your email messages.

Fake DHL / FedEx Delivery Email Messages

The fictitious DLH and FedEx delivery email messages continue to plague computer inboxes everywhere. Although our filtering system (Postini) does a good job blocking most of these messages a few do make it to inboxes here and there. Below is some information you should be aware of regarding these messages.

Recently, security researchers at AppRiver (security firm) have warned of a fake malware infected DHL delivery status e-mails that are targeting innocent internet users.

The “From” column of the e-mails is spoofed as if it had come from “DHL Services” and the complete content of the message is written in Spanish. These emails are quite different from all other DHL spoofs as they exploit a real DHL email template, which comprise the company’s logo, color schemes, images, and contact information.

These fake e-mails states that a package could not be delivered on time due to unclear or badly written shipping address. The e-mail further informs recipients that the parcel can be collected from the local post office. To collect the parcel, the e-mail asks the users to carry along a print of the shipping label enclosed in the attachment.

The shipping label attachment is named Etiqueta_ID#####.zip (# being a random digit) and encloses a folder with a malicious .exe file. The file contains a fake Excel document icon, which installs an Oficla variant. The Oficla family of malware is called droppers. As the name suggests, their main aim is to penetrate into systems and drop malware that can further damage the system.

Commenting on the issue, Fred Touchette, Security Researcher at AppRiver stated on his blog post that, he was not sure that who would like to get into all of these troubles by clicking on several links and attachments, but one thing he was sure of is that, this trick works. He further said that, he could only presume that those files were foldered and zipped to avoid detection by anti-virus software, which doesn’t check that thoroughly, as reported by AppRiver on October 25, 2010.

Finally, users can apply their common sense approach and keep in mind the following suggestions to avoid falling prey to such malware attacks. First and foremost, if the user doesn’t speak Spanish, he should immediately delete from their inbox. In case, if the user speaks the language, but not expecting some DHL shipment, then also he should immediately delete the e-mail.

But in case, if the user is expecting a shipment from DHL and speaks Spanish, then he should think for a while regarding the poorly written message and understand that a reputable company would not sent such a badly written thing or file attachment like this (via e-mail).

You can read the original article here.

1 2 3 12