Email Security Blog

The email would have to be encrypted if sent normally, but would be okay if the files came over a VPN tunnel connection

I was asked to verify my email address when I signed on to some groups. When I went to do that and got ready to send I was told that my response was not going to a secure site. Therefore I cancelled sending the verification. Why is Yahoo not using a secure site for verification notices?

ok in my opinon sounds like forged webpages trying to stealyour password, check the validation on there cetificates
but i still say stay away from it
good luck

I have a friend who wants to send an email to another individual, but she does not want that email to be forwarded on to other email addresses. Is there a way to secure an email message in this way? Can Yahoo mail do that? Any other free email service (gmail, hotmail, etc)?

No.

Anything that the recipient could read, they could copy and paste, or do a screen shot of it, and then send it wherever they want.

If you don’t want it spread around, don’t send it in the first place.

I sent an email with a word doc as an attachment to a friend. Now she is very upset about it and says that sending her an attachment like that was an equivalent to posting it on the NY Times: "now anybody can see what you have written to me".

Is this true? If I were to delete it from my machine and she were to delete it from her machine, does the message still exist for any experienced hacker to be able to get it from cyberspace?

Could it be that I already have hackers that are spying on the email that I write and that they already have the info?

It was very innocuous information; just something that my addressee does not want to have public.

Also, "if the damage has already been done", is there anyway to "undo" the damage?

Also, if I post information to Yahoo! Groups are others outside of the group able to access who are the members of that group or there postings?

Is info in an attachment sent via email less secure than info sent in the body of an email?

Thanks!

I don't know what's the environment in terms of what kind of email server or backup policy you have, but here is a couple of tips for Microsoft Outlook:

If you read email and deleted it permanently the same day you are most likely ok. If it's a corporate email and the message spend a night in a mailbox (even in Deleted Items) then most likely it was saved into backup and it can be restored.

Outlook saves open attachments in Internet Temporary Files. Your friend has to find that folder and check that it's there.

It doesn't sound like a lot of damage unless there is some legal action - then your email can be found, restored, and work as an evidence Ask ForensicGirl about it

The most prevalent type of phishing scam involves setting up a site that has the complete look and feel of an online bank or a popular Internet destination, like PayPal. Phishers send out email to get unsuspecting users to log on and provide their account information, which is then stolen.

Another common tactic is to entice customers to buy products at what will turn out to be a fake ecommerce store. A criminal will set up a phony Web site for a few weeks, collect orders, and then suddenly disappear.

One of the newest phishing trends to emerge has almost everybody in the security industry concerned: Trojan phishing. So-called Trojan programs, named after the horse of mythology that put the Greeks inside Troy’s city walls, disguise themselves as beneficial files, but actually enable hackers to gain access to computers from remote locations to steal account information directly from a computer.

Some hackers use these Trojan-infected computers to set up networks of so-called “zombie” machines. The advantage to the hacking cybercriminal is that he/she/they will have a continuous data flow and little chance of detection.

The Trojans also give cybercriminals a way in to install keylogging software, which is quickly becoming the tool of choice for Internet gangsters. A study released recently by the digital-infrastructure company, VeriSign, discovered thousands of different kinds of keylogging programs in operation, with potentially hundreds of thousands of computers infected.

Keyloggers consist of coding that is secretly deployed and silently installed on unsuspecting consumers’ computers. The software can record every keystroke on infected systems and send that information back to hackers automatically. Such programs often are piggy-backed in phishing email or spyware applications that are able to elude antivirus software and firewalls.

Some European and Asian governments are beginning to work with U.S. and British law enforcement agencies to fight back against cybercrime conglomerates. But the hackers’ abilities to work thousands of miles from where the actual thefts occur give them a solid advantage and a degree of anonymity.

Accordingly, U.S. and British agents are trying hard to get other countries to cooperate in sharing cybercriminal information in a attempt bring cybercrime to a screeching halt. So far, that trust has been hard to establish, mostly because many countries don’t understand the severity of the problem, according to security experts.

Cybercriminals can set up from foreign countries using stolen credit cards to establish accounts at various website hosting companies. Then they can point those web servers to other hacked servers, hijacking lots of web servers along the way.

According to cybercrime experts, this type of remote operation keeps rolling from one distant server to another as banks catch up with them and shut them down. Meanwhile, the cybercriminals never have to leave their homes. And the kick in the teeth to the innocent server owners is that they have no idea that this illegal activity is going on from their own servers.

Don’t lose hope: Internet security firms are gradually turning the tide against cybercriminals. There is an increase in consumer awareness and software products are now able to warn web surfers of unsafe websites. With an increase of solutions popping up, the up-time of phishing sites is now being reduced to a safer level.

Some professional security firms, on the other hand, are seeing cybercriminals moving to places where there is no law enforcement. In the history of online fraud and security breaches, solutions never solve much of the threat criminals pose.

The only real solution for the consumer is prevention via education and a sophisticated managed security services. To protect yourself, you need an Internet security team of experts making sure that you, your family, and your business computer are always safe and secure. The best protection you can have in today’s rapidly changing world of cyber-attacks is to have expert support for all your Internet security needs that will provide technical support without any hassles and without charging you extra fees. It will become even more critical than it is today as time goes on. You need to find your own personal team of experts to rely on. If you ever have a security problem, you will want to have a trusted expert you can call for professional help, without any hassles and extra costs!

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk. These cybercriminals leave you with three choices:

(1) Do nothing and hope their attacks, risks, and threats donâ??t occur on your computer.

(2) Do research and get training to protect yourself, your family, and your business.

(3) Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!

Send encrypted email messages with Microsoft Outlook using the MessageLock add-in. Learn how.

Duration : 0:9:46

more… »

Technorati Tags: email, encryption, messagelock, outlook

I setup my email server a week ago it was working fine but just after 2 days I can see somebody is sending email through my server. I think they are spammers, I turned off my server for several days and turned back on just after 30 minutes the spammers back in and starts sending email again. Can somebody help me configure/secure my mail server so that It will not let spammers use it. Thanks and Cheers..

Using Windows as a server is an oxymoron.

Set up a Linux box if you want to run a mail server.

Identity theft cannot be 100% fully prevented. To do so would require a policy of never sharing financial information with anyone, anywhere, anytime. You would not be able to conduct financial transactions in society with that policy. And even if you were able to, your information is already in the records of your physician, bank, the IRS, department of motor vehicles, etc. There is no way to remove this information. Therefore you could become victim to identity theft. However, there are steps you can take to reduce those chances.
Internet mail is one of the main sources that perpetrators of identity theft are using to gain access to your personal information. The perpetrator may send threatening emails, or emails that seem appealing. Emails requesting personal financial information are linked to identity theft and arrive in millions of mailboxes worldwide each and every day.

In most cases, no one person is being specifically singled out to become the next victim. It is just not worth the effort involved. Identity thieves are not interested from whom they are stealing the identity from. Instead they focus on targeting as many people as possible as it is a numbers game. The more people they target the higher are the chances that someone will be tricked into volunteering personal financial information.

The senders of these emails are challenging the receiver by using deception, hoping the receiver will give out personal information, such as bank numbers, PIN and passwords, Social Security numbers and other precious information that the thief can use to gain control over your identity. Often these emails state that a bank account or Paypal account has been frozen until information is verified. The victim, being worried that pending transactions will not clear properly, will follow the demand of the email that account information be “updated”. The criminal who sent the email will always include a handy link to click on for updating the requested information. Never click on those links.

If you want to avoid identity theft, there are several emails that you may want to bear in mind are SPAM, and you should completely ignore them. One is the forzen account along with a request to update your personal financial information. Another is a claim that you have won x amount of cash, and to act now to receive your prize. If you have not joined a contest, then chances are you have not actually won a prize. A third is an email claiming that you could receive scholarships or grants to attend such and such a college; to earn your degree act now by providing your personal information. These are all fake and designed by criminals to steal your personal financial information. Delete them without a second thought!

Companies that already have your personal information, such as your bank have no reason to ask for this again in an email. In fact, most banks clearly state in their Terms & Conditions that they will never send electronic mail requesting information from the customer at any time. Giving your personal information to someone that sent an email that has your bank name listed in the header is only asking for trouble.

Identity thieves are extremely creative when it comes to stealing identities, including sending emails in respected names. The prestigious FDIC was targeted by thieves; the sender sent emails to recipients of the bank requesting that they provide personal information to avoid closure of their accounts. Microsoft was also targeted by thieves when emails were sent to various inboxes requesting the receiver to download patches to protect their computers. Once the receiver downloaded the attachment, a dangerous virus took control of their computer, leaving a backdoor entry that would give the hacker access to the information stored on the computer.

EBay is also a target for thieves. EBay scams abound. False Paypal payments are common, as well as false or counterfeit checks. Be very wary of anything purported to be from EBay that seems fishy. If you have to think twice about the legitimacy, it is likely a scam. Beware.
Here are some helpful tips for you to avoid identity theft as much as possible:
1) Do not open emails if you do not trust the sender.

2) Never give out your personal information over the internet, unless you know that the company can be trusted and is using encryption to secure the web page(s). If Paypal or EBay request your information, which they never have done to this author. go directly to their home page, log into your account there, and see if the request is associated with your account. Never click the link in an email requesting information.

3) Do a background check on any site you are thinking of giving your information to or you are considering buying from. This includes calling the state attorney general’s office.
4) Change your PIN numbers and passwords regularly, at as minimum every 6 months.
5) Do not post even general financial information on forums, bulletin boards or discussion boards online.

6) Conceal your personal information at all times, including at home.
7) Never give your personal information over the phone line.
When using ATM or other machines to make deposits, withdrawals, or purchases make sure no one sees you type in your PIN number.

9) Do not just throw personal information, such as bank statements or letters containing your postal address, account numbers or any sensitive information in the trash. This is a favorite place for criminals to search. Put it through a shredder first. 
10) Never mail your tax return by putting it in your mailbox with the flag up. Criminals will drive neighborhoods during tax season searching for tax returns. These are the ultimate sources of information for identity theft.

Safely transfer large files, as large as 5 GB or more, directly to a computer, providing secure, easy, and quick solution to your file transfer needs, reducing the need of FTP and email attachment. Resume broken transfers at your convenience. No configuration required; send and receive large files in just 3 clicks. Send your files DIRECTLY from your PC to any pc, ANYWHERE, with a sense of security. This makes your data secure.

Duration : 0:6:12

more… »

Technorati Tags: 123go, and, attachment, email, files, ftp, large, replace, replacement, send, solution, transfer

can anyone will have access to an email message other than the recipient sent through a proxy mail server ?
No network,it is from my pc to a friends pc.

it depends, if you have remote access on your proxy server, and VPN is allowed, and someone hacks into the proxy via the firewall port, then yeah someone could, but in all reality very little chance of that happening.