Gone Phishing: Five Signs That Identify Scam Email Messages

A significant danger to businesses today is phishing—the act of forging email to fool someone into revealing login credentials, credit card numbers, or other sensitive information. Of course, phishing is a problem for individuals too, but attackers more frequently target businesses for the same reason as bank robber Willie Sutton’s apocryphal quote about why he robbed banks: “Because that’s where the money is.”

The other reason that businesses are hit more often is that they have multiple points of entry—an attacker doesn’t need to go after a technically savvy CEO when they can get in by fooling a low-level employee in accounting. So company-wide training in identifying phishing attempts is absolutely essential.

Here are some tips you can share about how to identify fraudulent email messages. If you’d like us to put together a comprehensive training plan for your company’s employees, get in touch.

Beware of email asking you to reveal information, click a link, or sign a document

The number one thing to watch out for is any email that asks you to do something that could reveal personal information, expose your login credentials, get you to sign a document online, or open an attachment that could install malware. Anytime you receive such a message out of the blue, get suspicious.

If you think the message might be legitimate, confirm the request “out of band,” which means using another form of communication. For instance, if an email message asks you to log in to your bank account “for verification,” call the bank using a phone number you get from its Web site, not one that’s in the email message, and ask to speak to an account manager or someone in security.

Beware of email from a sender you’ve never heard of before

This is the email equivalent of “stranger danger.” If you don’t know the sender of an email that’s asking you do something out of the ordinary, treat it with suspicion (and don’t do whatever it’s asking!). Of course, that doesn’t mean you should be entirely paranoid—business involves contact with unknown people who might become customers or partners, after all—but people who are new to you shouldn’t be asking for anything unusual.

Beware of email from large companies for whom you’re an anonymous customer

Attackers often forge email so it appears to come from a big company like Apple, Google, or PayPal. These companies are fully aware of the problem, and they never send email asking you to log in to your account, update your credit card information, or the like. (If a company did need you to do something along these lines, it would provide manual instructions so you could be sure you weren’t working on a forged Web site designed to steal your password.)

Since sample email from large companies is easy to come by, these phishing attacks can look a lot like legitimate email. Aside from the unusual call to action, though, they often aren’t quite right. If something seems off in an email from a big company, it probably is.

Beware of email from a trusted source that asks for sensitive information

The most dangerous form of this sort of attack is spear phishing, where an attacker targets you personally. A spear phishing attack involves email forged to look like it’s from a trusted source—your boss, a co-worker, your bank, or a big customer. (The attacker might even have taken over the sender’s account.) The email then requests that you do something that reveals sensitive information or worse. In one famous spear-phishing incident, employees of networking firm Ubiquiti Networks were fooled into wiring $46.7 million to accounts controlled by the attackers.

Beware of email that has numerous spelling and grammar mistakes

Many phishing attacks come from overseas, and attackers from other countries seldom write English correctly. So no matter who a message purports to come from, or what it’s asking you to do, if its spelling, grammar, and capitalization are atrocious, it’s probably fraudulent. (This is yet another reason why it’s important to write carefully when sending important email—if you’re sloppy, the recipient might think the message is fake.)

One of the best ways to train employees about the dangers of phishing is with security awareness testing, which involves sending your own phishing messages to employees and seeing who, if anyone, falls for it. Again, if you need help doing this, let us know.

Winter Weather Warning: Keep Your Tech Toasty!

When it’s cold out, you can always throw on a sweater to stay warm. But your electronics are more reptilian—they can get sluggish or even fail to work in freezing weather. (No, that’s not what iPod Socks were designed to fix.) Worse, charging batteries at low temperatures or moving tech gear between extreme temperature ranges can cause damage.

There’s a difference between temperatures your devices can withstand when you’re actively using them and when they’re just being stored. Manufacturers usually publish the environmental requirements for devices, though it may take a little searching to find the details. Here are the ranges for the devices you’re most likely to care about:

  • iPhone/iPad: Operating temperatures from 32° to 95° F (0° to 35° C) and nonoperating temperatures from −4° to 113° F (−20° to 45° C)
  • MacBook (Air/Pro): Operating temperatures from 50° to 95° F (10° to 35° C) and storage temperatures from −13° to 113° F (−25° to 45° C)

It’s easy to imagine wanting to use an iPhone in temperatures below freezing or a MacBook outdoors on a crisp autumn day. And in fact, they probably won’t stop working entirely. After all, putting your iPhone in your pocket next to your body will keep it warmer than the outside air, and it will take a while to cool down. But you shouldn’t be surprised by crashes, shutdowns, or other unusual behavior if you do use your device below its recommended operating temperature for a while.

Batteries Hate Working in the Cold

The main problem is that batteries prefer to be used in moderate temperatures (they hate heat even more than cold). When batteries get cold, they appear to discharge more quickly. That’s because the chemical reactions that generate electricity proceed more slowly at lower temperatures, and thus produce less current. The weak discharge fools the device’s power management circuitry into thinking that the battery is nearly dead; hence the shutdowns. Once your device has had a chance to warm up, the battery should revive.

However, don’t charge batteries when it’s very cold, as in −4° F (−20° C). Doing so can cause plating of the graphite anode in the battery, which will reduce battery performance.

Other Technologies That Dislike Cold

Two other standard bits of technology don’t like operating in the cold either: hard drives and LCD screens.

Hard drives aren’t nearly as common as they used to be, particularly in laptops that are likely to be left outside in cold cars. Most have a minimum operating temperature of 32° F (0° C), and you’re unlikely to want to use a laptop in temperatures lower than that. In very cold temperatures, the lubricant inside the drive can become too viscous to allow the motor to spin up the platters. Although solid-state drives have no moving parts, most are rated for the same minimum operating temperature, oddly enough.

LCD screens can also have problems. Extreme cold can slow their response times, leading to slow or jerky screen drawing. OLED displays, such as in the iPhone X, XS, and XS Max, withstand cold significantly better—some OLED displays are rated for temperatures as low as −40º (which—trivia tip!—is the same in Fahrenheit and Celsius).

Avoid Temperature Swings

Regardless of whether you want to use your devices in cold weather, you’ll extend their lifespans if you don’t regularly expose them to significant temperature swings. There are two reasons for this: condensation and thermal expansion.

Those who wear glasses know that when you come into a warm house from the cold, your glasses immediately fog up with condensation. That’s true even though most houses are quite dry in the winter. Wait a few minutes, and the condensation evaporates back into the air. The same can happen with any electronic device that’s open to the air, and moisture inside electronics is never good. It’s thus best to let electronics warm up slowly (and in their cases or boxes) to reduce the impact of condensation.

Finally, as you remember from high school science, objects expand when heated and contract when cooled. The amount they expand and contract may be very small, but the tolerances inside electronics are often extremely tight, and even the tiniest changes can cause mechanical failures, particularly with repeated cycles of expanding and contracting. Try to avoid subjecting devices to significant temperature swings on a regular basis or you may find yourself replacing them more frequently than you’d like.

In the end, our advice is to keep your gear warm whenever possible, and if you must use it in temperatures below freezing, be aware that battery life and screen responsiveness may be reduced.

Stop Mailing Files Around and Use Collaborative Apps

Have you ever emailed a document to several colleagues for feedback, and then had to go through each of their changes in turn, merging everything into your master document? What if one of them needs to see the changes that another suggested? Plus, what if you need to make substantial changes after you’ve sent the document out for review, but before you’ve heard back from everyone?

If you’re still doing this document dance, it’s time to quickstep into the modern world and try the real-time collaboration features that are built into many apps, including Apple’s iWork apps (Pages, Numbers, and Keynote), the Microsoft Office 365 suite (Word, Excel, and PowerPoint), and Google’s online app suite (Google Docs, Google Sheets, and Google Slides).

Let’s look at why real-time collaboration is the most efficient and productive solution for working with colleagues.

One Document to Rule Them All

In the old model of collaboration, where you gave each person their own copy of the document, you had to bring their changes and comments back into your master copy. That’s clumsy, time-consuming, and error-prone, even when the apps in question have features for merging.

With modern collaboration systems, there is only one document that everyone works on, so there’s no need to keep track of different copies or merge changes. Plus, you never have to worry about someone’s copy getting corrupted or lost.

Work Simultaneously or Sequentially

In many collaborative scenarios, the people with whom you’re working need to be aware of what the others are doing. Theoretically, you could send your document to one person, get it back, send to the next, get it back, and so on. That way each person sees the changes and comments from those who have gone before, but it takes a lot of time and coordination effort.

But in a real-time collaboration system with a single document, everyone can work at the same time. That’s not to say they will, but even after Alice has taken her primary pass and Bob and Carmen have added more changes and comments, Alice can dip in again to see and react to what they did, assuming they had track changes enabled. It’s a much faster way to resolve differing opinions on a document’s wording or a slide’s appearance.

Some collaboration systems also feature a revision history, which lets you go back in time and see what each person has done at different points. That can be helpful if the app wasn’t set to track changes when a collaborator made some edits.

Have In-Document Conversations

“Collaboration” generally takes two forms: changing information in the document and commenting on it. For instance, if you’re collaborating on a budget spreadsheet with colleagues, each person can add or update the information about annual expenses for their department, saving you the trouble of collecting and entering that information. And if someone makes a mistake, it’s easy for another person to correct it. Collaboration systems generally identify the person who makes each change, so Alice knows that Bob added his department’s expenses and Carmen updated all the dates to the current year.

Equally useful are comments, which you can generally attach to one or more words on a document or presentation, or a cell in a spreadsheet. Also, in many systems, a change or comment can be the start of a conversation much like in Messages, where each person gets to weigh in and the conversation stays tied to that change or comment.

Invite Multiple Types of Collaborators

A key feature of most collaboration systems is that people can take on different roles. There are generally three levels of access—view, comment, and edit—and you can invite any given person to a particular role. So you might ask Alice to proofread your document and give her edit access, while you ask Bob and Carmen merely to add comments. And if you need to show the document to Deepak (but you don’t want to let him even comment), you could invite him with just view permissions.

There’s one implicit role here—you as the document’s owner. Someone with edit access can generally make the same changes you can, but it’s always best to have one person who’s in charge of accepting or rejecting changes and resolving differences. That person might even change occasionally, but you should always make clear what you expect others to do at what point. For instance, if you’re an author collaborating with an editor, you should deal with your editor’s changes, and your editor should accept your subsequent edits.

You’re probably already using apps that can be used for real-time collaboration, so if you’d like help figuring out the best way to get started, get in touch.

What To Do if You Get Blackmail Spam Containing an Old Password

Have you gotten an email message whose Subject line says something like “Change your password immediately! Your account has been hacked.”? If not, it may be only a matter of time before you do. It’s a scary message, especially because it contains one of your passwords, some threats, and a demand for money. Worse, the password is likely one you’ve used in the past—how could the hacker have discovered it? Has your Mac really been taken over?

Relax. There’s nothing to worry about.

This “blackmail spam” has been making the rounds on the Internet recently—we’ve heard from several clients who have received it, and we’ve gotten copies too. The message purports to be from a hacker who has taken over your Mac and installed spyware that has recorded you visiting Web sites that aren’t exactly G-rated. The hacker also claims to have used your Mac’s camera to photograph you while you’re browsing said non-G-rated sites and threatens to share those pictures with your contacts and erase your drive unless you pay a ransom using Bitcoin.

This blackmail spam has raised so many pulses because it backs up its claims by showing a password that you’ve used in the past. Hopefully, it’s not one that you’re still using, because it was extracted from one of the hundreds of password breaches that have occurred over the past decade. Impacted Web sites include big names such as Yahoo, LinkedIn, Adobe, Dropbox, Disqus, and Tumblr—thieves have collectively stolen over 5.5 billion accounts. It’s all too likely that some old password of yours was caught up in one of those thefts.

Concerning as the message sounds, all the details other than your email address and password are completely fabricated. Your Mac has not been hacked. There is no malware spying on your every move. No pictures of you have been uploaded to a remote server. Your hard drive will not be erased. In short, you have nothing to worry about, and you should just mark the message as spam.

However, if you’re still using the password that appeared in the message, that is cause for concern. It means that any automated hacking software could break into the associated account, and it must be a weak password if the bad guys were able to decrypt it from the stolen password files. Go to Have I Been Pwned and search for your email address. If it shows up for any breaches, make sure you’ve changed your password for those accounts.

As always, we recommend that you create a strong, unique password for each of your Web accounts. The easiest way to do this is to rely on a password manager like 1Password or LastPass to generate a random password. Then, when you want to go back to that site, the password manager can log you in automatically. It’s easier and more secure.

If you’re still concerned about your passwords, call us and we can help you get started with stronger security practices.

Why Should You Work with an Apple Professional?

Potential clients sometimes ask why they should work with us instead of solving their own problems or hiring an employee to manage their IT infrastructure. It’s a fair question, and we’re happy to answer it in more detail if you want to chat. But here are a few of the reasons why working with an Apple professional is the right decision. All these revolve around the fact that we’ve been investigating and fixing tech problems for a long time, we’re constantly working to stay up with the latest changes, and we’re good at what we do.

Save Time

The biggest reason to hire an expert to solve your problems is that we can save you time. If you’re an individual, it’s time you can spend on your real job, with your family, or on your hobbies. For companies, it’s time you aren’t taking away from your firm’s line of business.

Aside from the fact that we’ll be doing the work to fix your Mac or get your network operational instead of you or one of your employees doing it, we’ll probably be able to finish more quickly than someone who’s not steeped in the field. Would you prefer to spend hours on something that would take us half the time?

Save Money

As an individual, it might seem counterintuitive that paying us will save you money, but it’s often true. If you buy the wrong hardware or software, that’s a waste of money that could be avoided with our advice ahead of time. For instance, no matter how many ads you see, never get suckered into buying MacKeeper.

For companies, the financial savings are more obvious. Most companies don’t have extra employees just waiting to solve tech problems, and hiring a dedicated IT staff will cost vastly more in salary, benefits, and overhead than outsourcing to us.

Reduce Downtime

It’s easy for businesses to understand the importance of avoiding downtime. If your phone system is down, customers can’t call. If your point-of-sale database gets corrupted, you can’t take orders until the backup has been restored. And so on—the point of working with a top-notch Apple professional is that we can help you avoid problems that would cause downtime, and if catastrophe does strike, get you up and running as soon as possible.

Individuals might say they’re not too worried about downtime, but how long could you go without being able to send or receive email if Mail’s settings get wonky? Or what would your family think about not having Internet access while you back out of a bad firmware upgrade to your router?

Avoid Incorrect Information

Google is a godsend for figuring out weird problems, but it can also lead less experienced people down dead-end paths. If you don’t have years of experience, it’s easy to find a Web page or YouTube video that sounds helpful but makes the problem worse.

For instance, lots of Web articles have advised force-quitting iOS apps to increase battery life, improve performance, and more. Unfortunately, that advice is wrong—force-quitting apps generally hurts battery life and reduces performance. Only force-quit an app when it’s misbehaving badly or not responding at all. Ask us before assuming something you’ve read online is helpful or even correct.

Benefit from the Big Picture View

Because we live and breathe technology, we have a broad and current view of what’s happening both in the industry and with our other clients. We know what new products or services might be the best solution to any given problem, and we can take advantage of our experience with one client to help another.

For example, Apple has officially discontinued its AirPort line of Wi-Fi routers, so we’ve been comparing mesh networking alternatives, including Eero, Plume, Orbi, AmpliFi, Velop, and more. If you’re using an AirPort base station now, ask us which alternative makes the most sense for your installation.

More specifically, because we put the time into understanding your personal or corporate technology footprint, we can use our experience to ensure that everything we recommend will work well together. If you’re buying into HomeKit automation in a big way, for instance, you should stick with Apple’s HomePod smart speaker rather than competing products from Amazon and Google.

We hope we haven’t come off as cocky here—we’re certainly not perfect. But we are good at what we do, and we’re confident that we can help solve any technical problems you may have.

Privacy Request Dialogs in Mojave Explained

With macOS 10.14 Mojave, Apple has beefed up the Mac’s privacy so it more closely resembles privacy in iOS. You’ve noticed that when you launch a new app on your iPhone or iPad, it often prompts for access to your photos or contacts, the camera or microphone, and more. The idea behind those prompts is that you should always be aware of how a particular app can access your personal data or features of your device. You might not want to let some new game thumb through your photos or record your voice.

macOS has been heading in this direction, but Mojave makes apps play this “Mother, May I?” game in more ways. As a result, particularly after you first upgrade, you may be bombarded with dialogs asking for various permissions. For instance, when you first make a video call with Skype, it’s going to ask for access to the camera and the microphone. Grant permission and Skype won’t have to ask again.

Skype’s requests are entirely reasonable—it wouldn’t be able to do its job without such access. That applies more generally, too. In most cases, apps will ask for access for a good reason, and if you want the app to function properly, you should give it access.

However, be wary if a permission dialog appears when:

  • You haven’t just launched a new app
  • You aren’t doing anything related to the request
  • You don’t recognize the app making the request

There’s no harm in denying access; the worst that can happen is that the app won’t work. (And if it’s malicious, you don’t want it to work!) You can always grant permission later.

To see which permissions you’ve granted or denied, open System Preferences > Security & Privacy > Privacy. A list of categories appears on the left; click one to see which apps have requested access. If you’ve granted access, the checkbox next to the app will be selected; otherwise it will be empty.

You’ll notice that the lock in the lower-left corner is closed. To make changes, click it and sign in as an administrator when prompted.

Most of these categories are self-explanatory, but it might not always be obvious why an app wants permission. In the screenshot above, for instance, Google Chrome has been granted access to the Mac’s camera. Why? So Google Hangouts and other Web-based video-conferencing services can work.

There are five categories (including three not showing above) that could use additional explanation:

  • Accessibility:Apps that request accessibility access want to control your Mac. In essence, they want to be able to pretend to click the mouse, type on the keyboard, and generally act like a user. Utility and automation software often needs such access.
  • Full Disk Access:This category is a catch-all for access to areas on your drive that aren’t normally available to apps, such as data in Mail, Messages, Safari, Home, and more, including Time Machine backups and some admin settings. Backup and synchronization utilities may need full disk access, in particular. An app can’t request full disk access in the normal way; you must add it manually by clicking the + button under the list and navigating to the app in the Applications folder.

Automation:The Mac has long had a way for apps to communicate with and control one another: Apple events. An app could theoretically steal information from another via Apple events, so Mojave added the Automation category to give you control over which apps can control which other apps. You’ll see normal permission requests, but they’ll explain both sides of the communication.

Analytics:The Analytics privacy settings are completely different—they let you specify whether or not you want to share information about how you use apps with Apple and the developers of the apps you use. For most people, it’s fine to allow this sharing.

Advertising:Finally, the Advertising options give you some control over the ads that you may see in Apple apps. In general, we recommend selecting Limit Ad Tracking, and if you click Reset Advertising Identifier, any future connection between you and the ads you’ve seen will be severed from past data. There’s no harm in doing it. It’s worth clicking the View Ad Information and About Advertising and Privacy buttons to learn more about what Apple does with ads.

Subscribe To Our Newsletter
Join our mailing list to receive the latest news and special offers from our team.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and special offers from our team.

You have Successfully Subscribed!

Pin It on Pinterest