Sextortion

I got a slightly panicked message from a friend recently. There was an email, mentioning porn use and a demand for $1900 to be sent to a bitcoin address. “I don’t have bitcoin” wailed my friend.

I asked for screen shots of the email. It’s full of technical detail about malware and screen views that is just plausible enough to be concerning. The threat is to release evidence of your activity on porn site via a video with a two camera view – one a screen capture and one a webcam – to all your Facebook and email contacts unless you pay within one day. My friend was worried.

After looking at the images of the email I answered “Total Scam”.

The combination of the high urgency and the vagueness of the actual “misdemeanor” captured made me suspicious and a quick search of a few phrases from the email showed that others had received the same message with the same demand. It’s cleverly crafted to trigger fear and shame – and then you’re very likely to pay up. Classic social engineering.

It’s a case of “sextortion“, using your sexual activity to bribe you.

In this case the sender knew my friend’s email address and password, the email address contained my friend’s name so the email looked credible. However there have been some massive data breaches of legitimate sites; Linkedin, Amazon, Facebook, Sony. The data now for sale to criminals includes email addresses and matching passwords. This means that the email sender did no research, just parsed the email address into name and fired off an email, he’s relying on a percentage of recipients will have used a porn site recently. (PornHub releases their statistics annually, as reported here by Forbes, it was 81 million views per day on their site in 2017)

So while this makes the scam email appear more credible it’s probably due to a data breach rather than any sophisticated hack.

Here are the clues that an email is dodgy

  • somethings unspecific
  • high urgency, threat
  • stuff you wouldn’t want to discuss with anyone
  • the amount is less than a lawyer
  • the text will be reused in other scams or come up in a discussion online (google the text)

So most of us live where porn is legal, but most visitors of porn sites don’t want that discussion with our friends/parents/partners or colleagues. (Fair warning to all friends, family, colleagues and random strangers: I REALLY don’t want any discussion of your porn habits).

Here’s what you can do to protect yourself:

  1. Use a separate email address that does not include your name for any “naughty” sites. By naughty I mean stuff that might be legal but embarrassing.
  2. Use different passwords for everything. This might have come from an old old Linkedin breach. The list of passwords and email addresses discovered in the security breach is then sold online and cyber criminals will then try the combination on other sites, or use the address to attempt to extort money from you
  3. When you hear of a data breach on a site you use change that password immediately
  4. Keep track of your passwords in a list somewhere as well as saving them in your browser, it’s too hard to remember 100 passwords, so write them down, just don’t tape the list to the your laptop bag.
  5. Private browsing, here’s how to do that on firefox or chrome
  6. You can report stuff to the local police or cybercrime unit, realistically there isn’t much they can do, chances are the sender of the email is in another country.

My friend didn’t pay, it’s been a couple of weeks now and there’s no sign of an email from the scam artist, and I am a friend of theirs on Facebook.

Image: Butt via pixabay 

Annoying Newsletter Management

Just Stop it

Today’s complaint is about newsletter management, specifically the sign-up and unsubscribe processes.

I’ve noticed that I’ve been signed up for newsletters on the basis of a single contact with the company, perhaps a service enquiry, or a downloading a white paper. I’ve also seen email suppliers making it hard to unsubscribe from unwanted newsletters. These two annoyances combine into one big annoyance with a company that really should know better.

Automatically Signing Me Up

Please stop signing me up for newsletters without a specific opt in. Just because I visited your site, or emailed you once does not mean I want to hear from you again. Let me opt-in. Do not make it a condition of using your services (looking at you, Microsoft).

  1. There are two things I do to avoid adding to the unwanted email;
    I have an email account that I use only for sites I think might spam me.
  2. I use a junk filter est to “exclusive” in Hotmail so I never see them.

Making “Unsubscribe” Impossible

At some point Microsoft started sending me  emails relating to their products and services to my Hotmail account. Pretty sure I didn’t sign up for it, but Hotmail belongs to Microsoft so I get it.

I clicked on the handy “unsubscribe” button at the bottom of one of these emails, and got this.


Outlook has not given Outlook any info to help me unsubscribe from them.

Translation; Microsoft does not let you unsubscribe from their emails in their own email service. That’s a design choice, they make it difficult for you to unsubscribe so that won’t do it.

The result is that they are now blocked.

I’ve used Microsoft as the example here, but they’re not the only ones guilty of random spamming. In the last month I have been signed up for newsletters from conference organisers, potential suppliers, and random companies who guessed my work email.

I’ve unsubscribed from them all. Where that hasn’t been possible I’ve flagged them as “junk”. If that happens often enough at work their email domain could be blocked.

Please, just stop it.

 Image; Stop | Brainware3000 | CC BY-2.0

The War on Email

Maybe “I can has cheezburger” isn’t for work.

Everyone has, at some point received unwanted email, I don’t mean spam, I mean being included in the cc of an email you don’t want to deal with, or receiving those chain letters, or the latest internet meme.

The nice people at OnlineITDegree.net have created a handy decision tree in an appealing infographic format to help you answer the question “Should I send this email?” which includes a nod to one of the most famous internet paradoxes – millions of people do fantastic work and post it online, but it’s pictures of cats that get sent and viewed millions of times.

I like the idea, and I’ve written before about efforts to manage or limit email. But while it’s true that email can be a drain on our time it remains a great tool for many tasks. It also has the advantage of being much less disruptive than phone calls or visits. Yeah, it’s sad, I like email.

But that comes with a couple of provisos. Emails need to be clearly written, sent to the right people, work-related. That work-related means that the email should contain information I need to do my job, or something I need to act on.

I also like having conversations with my colleagues, and I’ve noticed that “coffee meetings” can be very effective – they rarely last more than 30 minutes and so people tend to stick to the point. Plus at our office they’re in an open setting so it’s easy to move away when the discussion is done, rather than be stuck in a meeting room because it’s “booked for the hour”.

Anyway given that people work in different ways I created my own infographic “Should you send me an email?”


(Thanks to land of web for the twitter coffee cup)

Switched Off

I saw that Volkswagen have forcibly limited the time during which employees (although not senior management) can receive emails. This radical step was taken to redress the work-life balance, to reduce the pressure on employees to be online and answering emails 24/7. It was negotiated between the works council and the company, and a spokesman  agrees that it’s not for every company.

I read the story back in December when I was on the other side of the world with a time difference of 12 hours. Although I was on holiday I was following a couple of issues that needed to be solved by the end of the year that I’d had to delegate. So I was checking my emails first thing in my morning, which was after the close of business back in Amsterdam. My first thought was therefore that it was particularly unhelpful to anyone travelling in different time zones. A colleague pointed out that imposing this limit would mean she’d stay at the office longer, whereas now she has dinner with her kids and then answers emails once they’re in bed.

I think it’s a step backwards; email, blackberries, remote access are all tools to allow us to work more flexibly. Cutting them off seems to defeat the purpose.

I do recognise the problem, it’s really easy to become addicted to the fast response. It’s easy to substitute email for communication. However email is convenient, it’s less disruptive than a phone call – and the employees of Volkswagen can still receive phone calls.

A better solution would be to implement an email charter in your company, setting out how you expect email to be used. If you can’t imagine what that means don’t worry – there’s a handy one already made for you via Chris Anderson of TED fame.

The Charter has rules that are pretty obvious and simple; respect the recipient’s time, promote clarity, don’t cc endlessly.

I’d add one – model the behaviour you want, particularly if you’re a team leader. Respect the recipient’s own personal time, don’t send an email on a day off that doesn’t need urgent attention – or if you do make sure “for Monday” is in the subject line.

We get to use the tools, they don’t rule us.

Scam File; domain names

There are hundreds of scams online. It’s a dangerous world out there. One recurring one is the email from some (fake) domain name agency, informing you that someone is claiming domain names in Asia and you need to Act Now to avoid missing out on these names which include your brand name. Sometimes they refer to spurious trademark or intellectual property legislation.

It’s a scam. You can safely delete the email.

I get a question about this roughly once a week, yet the scam has been around for years. So how can you be sure you’re not caught? What if you see a domain name they’re offering and you think you want it?

First thing is to make sure you are proactive on your domain name acquisition. This requires knowing your company’s brand names and global footprint, and combining that with some knowledge of risk around various domain name registrars. (We used CSC Global to help us figure this out). You should also decide how far down the track of protecting similar spellings you should go – Siemens may regret not buying Seimens.com for example, given how many people have trouble spelling their name.

If you do this, and keep up to date with changes in your company and in the domain name industry, you can be confident that you have the domain names you need for your business to run.

So when the email comes in trying to scare you into paying for domain names you’ll be able to confidently ignore it. This goes for small and large companies.

Very, very occasionally there might be a domain name in the list sent you that you want.  What should you do?

Nothing.

Wait a couple of weeks.

Acquire it yourself – it will still be available.

 

An Email Charter

a

  • Ever had a day when 5pm rolled around and you felt you hadn’t done any work but answer emails?
  • Ever read through an email and not understood what the sender wanted you to do?
  • Thought an email contained an important attachment, only to find it was an image in the sender’s logo?

I’m guessing we’ve all had the above  frustrations – and worse – with our email. I’ve written before on some strategies to up productivity in relation to email. Oatmeal took a more humorous look at bad email behaviour with the “If you do this in an email I hate you“, prompting wry chuckles as it was emailed around the world.

Now Chris from TED has taken a more radical approach to the whole email problem.

He points that it is a scarcity issue – scarcity of attention, and that an email may cost more attention to resolve than it takes to create it; particularly when you take all the cc’s into account.

So he’s proposing an email charter, that we can all sign up to to curb our own email excesses. Some are known – limit the use of cc, keep it short, avoid responding when you feel angry. But he also proposes using some standard abbreviations, for example eom for “end of message” at the end of the subject line when there is no text inside the email.

There are good ideas and a range of comments – join the discussion.

Image Breathe while reading your email! / CC BY-NC-ND 2.0

The Email Vortex

It’s easy to get sucked into the email vortex and end up spending your whole day working on email and when five pm rolls around feel that you’ve done nothing. I spent about 2 hours last week figuring out some sensible rules that will work for me.

Emails relating to delegated stuff gets forwarded automatically, daily reports get sent to one folder and I can check through them all at once, but the best thing I did was automate CC emails.

Whereas once they clogged up my mailbox and made it impossible for me to prioritise or even find specific emails now they float into my mail box, and the float out again almost as quickly to a designated folder. I admit to sitting and watching this phenomenon several times.

Why didn’t I do this earlier? It’s only this year that I’ve taken over formally managing a team, suddenly there’s a whole lot of stuff people think I need to see – in fact my team take care of it perfectly well and in general there’s no need for my involvement.

Email management comes with the usual set of tips – and following them makes your day easier.

  1. turn off the on-screen notification
  2. set up extra folders with associated rules to get rid of stuff that’s neither urgent nor important
  3. turn off email, this is akin to blasphemy in some companies but it works.
  4. set an email routine to control the times you work on email
  5. if you’re really completely overwhelmed consider declaring email bankruptcy

Fortunately by following 1-4  I’m not ready to call email bankruptcy now.

 

image vortex via pixabay