A friend of mine had his security compromised a few days ago when someone managed to steal some information from him and cause further damage. He called and wanted to know things he should do.
I told him to assume his home computer, or all of them, was compromised and I encouraged him to use a different platform (a chromebook in this case) to start resetting his passwords and revalidating his information. Leave his likely compromised home computer alone for a while. Turn it off.
He started down this path and then re-logged into his email account (gmail in this case) and changed the password.
I wasn’t with him at this time but a few minutes it occurred to me that he ought to look at the filters or rules that he had put in place to process his email so I sent him that message. I don’t know why I thought of this as I don’t recall thinking of it or reading about this before, but I just thought he ought to look at his filters. He looked.
Someone, had put a filter in place to block certain inbound emails and send them elsewhere.
So, his email had been compromised and the perpetrators had been clever enough to put filter rules in place to further hide the compromise as long as possible. Amazing. I had never considered this before and I’m still thinking about its implications.
If you get your email or computer compromised, you really need to start over on a new platform and then methodically regain control of your accounts. And, turn on two-factor authentication wherever you can.
Be careful out there.
Have been reading about and experiencing an increase in phishing attacks and an increase in their sophistication. Wikipedia defines phishing as:
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
There was a good article published late last year which talks about why they are getting more dangerous and I highly recommend you take a look at it. Phishing emails are harder to spot, they come from trusted sources, they know a lot about you and the people you are around and they have specific targets in mind to steal from you. They no longer are impersonal emails about a package delivery. Now they are related to your job function and they may reference people you know. This article is spot on.
An article published last October told of how to spot these emails. I recommend you study this message and then pass it along to friends and family. You might think you’ve got this figured out, well then help your co-workers, family and friends figure it out too.
About 18 months ago I did a security ‘talk’ to my family and I covered topics like passwords, computer updates, phishing and other related ideas. I think I need to do it again and I was thinking about doing an afternoon session for whoever wants to attend where I go to church. If you are informed, tell someone else. This stuff is dangerous.
In the last few months, I’ve encountered several different situations where a different and better paradigm is needed for pulling all ones information together into one place on a mobile platform (or a desktop). Today, the iPhone model is one of separate applications on the screen with the user of the iPhone navigating from one application to another. A person might check their email in one application, then launch another application (with a different UI) to check Facebook, then repeat for Twitter, etc.
Instead, a different paradigm would be to bring the related content together into one place. There was a post on line a few months ago that caught my eye about an Android application called Aro that pulled together different sources into a single pane or view. I’ve also noticed on the current Windows 7 phones steps in this direction where the people view ties together information from the phone address book with information from Facebook in a very well done and slick fashion.
The need is there to bring everything together into one place instead of having separate islands. In the corporate world, this one place is usually (always?) email because that is the one common place that all applications can work with in a consistent manner. Online approvals in corporate applications can almost always send an email with a URL to approve something. As a result, email is the common place in the workplace. But putting things in a person’s inbox is not the same as integrating the data together.
In the mobile world where the integration can be much tighter and where applications are being built now instead of perhaps 10 years ago for corporate IT systems there is a real opportunity to pull these connections or conversations or information nuggets together into a common place. I’d love to see all pieces of information related to a person brought together into a single view.
I look forward to where Windows 7, Android and the Iphone go in the coming year. There is much opportunity.