How encryption can help protect your sensitive data – 10 minute mail

Here’s how encryption can help keep your data safe from prying eyes – even if your device is stolen or your cloud account is hacked

You probably store all kinds of sensitive information on your personal computer – or your smartphone, for that matter. For good measure, you may even store your data in the cloud. And like the responsible netizen that you are, you’ve probably secured access to your devices with a passphrase, a biometric lock or even a combination of both. That’s all well and good, but what if you lose your device or it is stolen? That’s where encryption comes in, adding an extra safeguard.

To be sure, encryption isn’t just limited to storing your data; you can also encrypt your communications and your web traffic, as well as your passwords. All of these can be considered best practices to secure your private data, and we’ll walk you through some of the choices you have.

Disk encryption

Most computers still have removable hard disks that aren’t soldered onto the motherboard; alternatively, as extra storage, people use external disks. That’s why having full-disk encryption is a great extra security layer; if you misplace your disk or it is stolen, then no one can access any of the information on it. The disk is fully encrypted, including all your data, your software and the operating system you’re running. Unless you can enter the key at boot-up, your whole computer essentially becomes quite an expensive paperweight. There are several commercial options with advanced features, open source projects and built-in options in most major operating systems.

When it comes to smartphones and tablets, the equivalent functionality to look for is device encryption, which is built into, and commonly enabled by default, on contemporary devices. There are many easily found online guides that explain checking for and, if necessary, enabling device encryption for Android or iOS devices.

Cloud encryption

Most of us use cloud storage for its ease of access – you can do it from anywhere at any time so long as you have an internet connection. Unfortunately, that accessibility introduces its own set of challenges. Over the years, cloud storage services have experienced security breaches, either due to human error or targeted attack by ne’er-do-wells. Therefore, encrypting your files before uploading them to the cloud should be a no-brainer.

Even if there is a breach or the cloud provider’s system is compromised, the data bad actors may obtain will be useless to them without the decryption key. You can choose from a variety of products based on your needs and the offered encryption features. Look at those that offer AES encryption at the very least. There are a number of free and commercial options, all with various limitations and a range of price options among the paid-for products and services.

Encrypt your web traffic

One of the easiest ways you start with is by setting up a Virtual Private Network (VPN), which works as an encrypted tunnel for internet traffic. Let’s say you’re working from a coffee shop and you are going to share some sensitive data with a client, a VPN will allow you to share that data over an encrypted network without anyone intercepting it. Another example is that you can securely access data stored on your home network even if you are physically on the other side of the globe. There are multiple types of VPNs to choose from and, if you’re not sure which one will suit your needs the best, you can check out our article on types of VPNs.

RELATED READING: Encryption 101: What is it? When should I use it?

Another way to protect your privacy involves using an anonymity network, such as Tor. The Tor network directs your traffic through a volunteer overlay network of relays and wraps it in multiple layers of encryption. The idea is, of course, to protect your identity and your browsing habits from anyone snooping around.

Another thing you should also always watch out for is that the website you’re accessing uses the HTTPS protocol. The S stands for secure and means that all the communication taking place between the visitor (you) and the webserver is encrypted. Most of the world’s top websites now use HTTPS by default.

Encrypt your messages

When it comes to messaging apps, you have a variety to choose from and while the most popular do offer end-to-end encryption, not all of them have it turned on by default. For example, to turn on end-to-end encryption in Facebook Messenger you have to start a secret conversation by clicking on the profile picture of the user and choosing “Go to secret conversation”; only after that do your messages with that specific recipient become encrypted. WhatsApp, for one, has the option turned on by default; so does Telegram, but it also provides an extra layer of security with its Secret Chat feature, which allows you to set self-destruct on the messages and files you send.

Signal remains one of the most highly rated options by cryptographers, due to its open-source code allowing extensive examination and easy auditing by area specialists. You can also encrypt your email communications as well, with the sender needing your public key to encrypt a message, so that only you can decrypt and read it using your private key, and you needing their public key so they can decrypt encrypted messages you send to them. Again, there are several options, with the most common being PGP or GPG, and S/MIME. There are several plug-ins for, or built-in options in, popular email apps. For example, Microsoft provides a handy guide on how to enable S/MIME in its Outlook email client.

Also worth considering is using a secure email platform, such as ProtonMail and others, that provides end-to-end email encryption. Some are “closed shop” in that you can only send encrypted emails to others using the service and “ordinary” emails to those with other providers, while some provide mechanisms to exchange encrypted messages regardless of the mail service of your interlocutors.

Encrypt your passwords

Password managers are a popular choice for people who don’t want to (or can’t) memorize all their passwords while refraining from recycling them. A password manager functions as a vault that stores all of your passwords: it is secured like a bank vault is, but in this case, it uses fiendish mathematics instead of steel-reinforced concrete.

Most of the cloud-based services keep a copy of your vault on their servers protected with heavy-duty encryption, and, for an extra layer of security, allow their users to use multi-factor authentication (MFA). It is a much more secure way to store your passwords than on sticky notes or docs in your computer or even using a one-password-fits-all solution.

Final thoughts

Although at first glance you may think that the number of things you can do to secure your digital existence is a bit overwhelming, but you should never underestimate the value of good cybersecurity measures securing your digital existence. As the old saying goes, an ounce of prevention is worth a pound of cure, and in the digital world that goes double. A responsible approach to securing your data today can save you from a huge migraine in the future.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

All you need to know about the new threat “Fleeceware” and how to protect yourself!

SophosLabs, a cybersecurity firm has discovered a range of apps on Google Play Store and Apple’s iOS App Store whose sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free.

These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Sophos calls them fleecewear, malicious apps hiding in sheep’s clothing. “Because these apps exist in a categorical grey area that isn’t overtly malware, and isn’t a potentially unwanted app (PUA), we’ve coined the term fleeceware, because their defining characteristic is that they overcharge users for functionality that’s widely available in free or low-cost apps.” writes Sophos Labs.

They found 25 such Android apps on Google Play store in January and 30 apps on the iOS App Store that could be fleeceware.

“In our capitalistic society, you can look at fleeceware apps and say if somebody wants to waste $500 per year on a flashlight app that’s up to them,” says John Shier, Sophos senior security adviser. “But it’s just the exorbitant price that you’re being charged, and it’s not done aboveboard. That, to me, is not ethical.”

You have to be careful while paying for in-app purchases and especially subscription. These apps will offer a trial period but will demand payment the first time you open the app. Or they could ask high payment for simple basic features like photo filter for 9$ per week or 30$ per month.

Fleeceware apps exploit the marketing model of play store and App Store, finding loopholes to charge their skyrocketing prices. But Google is tightening the leash. It announced last week that developers will be required to make details of subscriptions, free trials, and introductory offers more precise and clear by June 16.

“Part of improving the subscription user experience comes from fostering a trustworthy platform for subscribers; making sure they feel fully informed when they purchase in-app subscriptions,” Angela Ying, Google product manager wrote in a blog.

How to avoid fleeceware?

Through some simple steps you can avoid falling into the traps set by this fleeceware:

  1. Install apps developed by prominent developers. Big companies and their apps offer features like emojis, selfie filters, and QR code scanners for free.
  2. If you found something exclusive that the app is providing, it’s better to compare prices by doing a quick search.
  3. If you think, you’re subscriptions are getting a bit out of hand and want to check which apps you have subscribed to and the ones you’d like to cancel – Play Store and iOS App Store both offer the option where you can see all your subscriptions.

“On iOS, open Settings, tap your name, and then Subscriptions to view and manage everything. Or you can open the App Store, insert your initials in the upper right corner, and tap Subscriptions. On Android, open the Play Store, tap the hamburger menu icon in the upper right, and choose Subscriptions to view and manage your signups.”

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Maze Ransomware: What you need to know and How to protect from being hit by Maze! – Disposable mail news


Cognizant Technology Solutions Corp., an IT giant with 3000 employees was recently hit by a strain of sophisticated Windows Ransomware called Maze, encrypting its systems and threatening to make its data public if they don’t pay the supposed ransom.

is particular malware is proving to be quite lethal and is making headlines every week with their new victim. It has spread quite a disarray and chaos not only in the IT sector but even in other companies and firms which deal with sensitive user data. Maze, also known as “ChaCha Ransomware”, was first discovered in May 2019 and started attacking firms by encrypting files and blackmailing them by exposing their data to the public. It attacked Andrew Agencies in October then the city of Pensacola, US Insurance Company Chubb, the leading cable manufacturer Southwire Company (America), Medical Diagnostic Laboratories (MDLabs), Manitoba Law Firm (Canada) and now Cognizant.

How is it more Different and Lethal than other Ransomware? 

There have been other malware that encrypt files and demand ransom but what makes Maze more dangerous is that it encrypts the system and steal the data and export it to hackers or threaten to release it on their own website (yes, they have a website where they publish their new victim and their data) if the ransom is not paid thus it’s not just a malware attack but a fusion of ransomware attack and data breach.

So, the previous tactics like keeping backups and restoring backups and running again fail for Maze as they have your data and can use it maliciously.

How does it infect? 

This ransomware has been seen to use various ways to infect computers like emails, attachments, links, exploiting passwords, and even exploit kits like Fallout and Spelevo. After infiltrating the system it uses two different ciphers (RSA+ChaCha20) to encrypt files. When the file is successfully encrypted it adds more random extensions with 6-7 charts (For Example-“.rC0syGH”, “.DL1fZE”).

How to protect from Maze Ransomware?

Though Backups don’t do much with Maze, you should still deploy secure offsite backups, running up-to-date security measures and solutions and employee training in installing strong passwords and identifying unsecure and spam email attachments and files.

Most corporate use AppData to run the program and most malware like Maze, MedusaLocker, Sage exploit this and run files from here (AppData). Instead, if we install software from program files only administrators can install/copy files and since malware won’t have the license and permission, they won’t be able to run.

Even Chrome and Microsoft Teams are installed in AppData Local, instead, they should be installed from program files.
Using software like “Ransomware Defender”, where AppData, User Profiles, and this kind of folders are blocked and blacklisted and provides for strong protection against ransomware like Maze.

Windows users can install ‘Ransomware Defender’ by clicking here. 


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Google Doubling Down On Efforts to Protect Android Users – Disposable mail news

With the rise in the in-application subscription scams on Android, Google subsequently announced the introduction of new Play Store policies intended to forestall such scams in the near future.

The American multinational technology additionally pledged to provide Android users with direct assistance in the form of notifications when a trial is going to turn into a paid subscription, or a subscription is going to renew consequently.

The new policies announced that demand application developers offer clear info about the obligations associated with subscription models and free trials, and provide a simple and easy way through which users can cancel subscriptions.

These latest policies are a small part of a more extensive Google campaign, aimed especially at ensuring the privacy and security of Android users.

The newly announced policies focus mostly on fleeceware, a form of application that ‘manipulates’ trial periods and membership models to defraud victims. This kind of application usually burdens the user with complex terms and conditions, further enshrouding unjustifiable subscription commitments.

As a component of the new prerequisites, developers must distinguish with enough clarity between features accessible free of cost and those accessible only to paying subscribers.

Thus, Google will convey an admonition to users when a free trial is set to end or when a subscription longer than three months is because of turn over.

The firm will likewise give warnings if a user endeavors to uninstall an application attached to an on-going subscription.

The new policies are said to take effect on June 16, so users should take particular consideration whenever handling of in-application subscriptions on Android in the meantime.

Apart from this, the company took the initiative to remind developers that its new assessment procedure will produce results in August, which will require developers to gain approval from Google before requesting location data from the end-user.

Further Play Store ‘tweaks’ are likewise in the pipeline, which will reportedly address issues related to illusive content and applications.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Fraud Prevention Month: How to protect yourself from scams – 10 minute mail

ESET Chief Security Evangelist Tony Anscombe sat down with us to share his insights on how to avoid falling prey to online fraud

Are you aware of some of the most common tactics that con artists can use to steal your data, identity and money? The digital era has opened new ways for scammers to take aim at potential victims; in many cases, fraudsters can gather a range of details about unsuspecting netizens before hitting them with targeted attacks.

Online scams take various forms and become increasingly sophisticated, but being vigilant and knowledgeable about the threats will go a long way towards staying safe. To mark Fraud Prevention Month, which began in Canada this week, we talked to Tony about what people and businesses across the world can do to avoid falling victim to fraud.

Hi Tony, thank you for joining us. This week marks the start of Fraud Prevention Month, reminding both citizens and businesses of the importance of protecting themselves against fraud. The first question imposes itself: how important is individual action to prevent fraud?

Businesses and citizens lead busy lives and it is very easy to keep items that may not immediately affect us towards the bottom of the to-do list. Fraud is potentially one of those items, we may appreciate it can happen but unless it’s happening to us at this moment in time then we can often be guilty of delaying preventative action. While this is understandable, it should not be the case. If fraud makes an appearance as an issue it will dominate time and effort at the expense of everything else we should be doing.

Preventative measures may not be as onerous to implement as you first think, and the benefits of keeping yourself out of the fraud victim statistics will for certain keep a very stressful issue at bay. For example, preventative measures against identity theft may take 3-5 hours, but recovering from identity theft can take anywhere between 100-200 hours over a six-month period.

And for businesses the risk is compounded; fraud may affect the daily operations of the business and if it requires public disclosure can lead to loss of reputation and potentially create a distrust atmosphere with customers.

Having an action plan to prevent fraud either as a business or a citizen should be a priority on the to-do list; it’s time well spent. Don’t wait to be a victim.

According to ESET Cybersecurity Barometer 2018 for Canada, banking fraud and identity theft are Canadians’ top concerns when it comes to cybersecurity. What steps should we take to protect ourselves against these crimes?

Banking fraud and identity theft are intrinsically linked, as you would expect. Here are some tips on what should be the beginning of your plan to protect your identity.

  • When asked for personal information, either online of offline, always consider whether the requester actually needs the information.
  • Don’t overshare personal information on social media.
  • Register with credit agencies and create alerts warning you when someone is accessing your credit file.
  • Consider locking or freezing your credit file to stop access by any third party, it’s relatively simple to do and to unlock when you may need it.
  • And do all of the above for your kids too, don’t let someone steal their identity before they even start using it themselves.
  • Check bank and financial statements on a frequent basis and be on the lookout for any strange or unknown transactions.
  • Open physical mail in a timely fashion, banks and authorities use the regular mail system to alert you to changes or access to some online activities to ensure they were carried out by you.
  • Protect your mobile phone account against SIM swapping, make sure your phone account requires a PIN code or password to issue a new SIM card.
  • Use strong passwords or passphrases to secure your accounts, and keep each account secured with a unique password or passphrase.
  • When possible switch on multi factor authentication to secure your accounts, either using SMS or a dedicated app to authenticate logins and transactions. A dedicated app is recommended as it provides greater protection if you become a victim of SIM swapping.
  • Register for online social security and tax filing, even if you don’t intend using the online systems. Securing your account will stop someone registering as you.
  • Secure devices with security software and make sure it’s kept up to date.

The same study also revealed that three quarters of respondents were targeted by phishing attacks, through email or via phone (voice phishing, aka vishing). What advice would you give to users who want to protect themselves against falling for these scams?

Many of the above apply to businesses as well, securing a company bank account requires the same identifiers of the person as accessing a personal account. Businesses should adopt frequent awareness education with employees to ensure they understand what to look for to avoid fraud and scams that may affect the company. For example, protecting against phishing for login credentials and business email compromise attacks can be thwarted through education and awareness of how these social engineering attacks take place. Some core tips are:

  • Check the spelling of the web address/URL in email links before you click on then. Most email clients allow you to see the address by hovering the mouse over the clickable area, without clicking. If the address does not look right, then don’t click on it.
  • If you have clicked a link then be vigilant when you get to the website, if it does not look right or seems different to normal then don’t enter any information.
  • Don’t click links in emails that take you to login pages, for example I never click links in messages from my bank, I always type the address manually into the browser and access my bank directly.
  • If you don’t recognize the email or find the attachment suspicious, don’t open or download it.

And criminals do not only utilize electronic means. A recent example of a deepfake audio attack against a UK company shows how criminals are using sophisticated AI technology to attack businesses. Always validate the request using communication mechanisms that are trusted.

The FBI’s 2018 Internet Crime Report demonstrated the growing threat of Business Email Compromise (BEC) attacks, commonly known as CEO fraud, with losses almost doubling between 2017 and 2018. Do you think awareness trainings are efficient measures for organizations to protect themselves from these scams?

Yes, as mentioned previously, I believe employee awareness and education is important. Awareness trainings are an excellent engagement and education tool that gives employees advice not only how to recognize these attacks in the workplace but also offline. The Verizon 2019 Data Breach Investigations Report shows a decline in clicking a phishing test email by employees from 4% to 3% year on year. While this is a controlled test phishing email, it demonstrates that the education on identifying fake emails is working.

RELATED READING: Can you spot the phish? Take Google’s test

What is your forecast for future fraud trends and, more importantly, for steps to take in order to prevent fraud?

As the example above demonstrates, criminals will adopt sophisticated technology and techniques to carry out their malicious activities. As more personal data becomes available through breaches or other means then phishing email will become more targeted taking on the form of spear-phishing emails with enhanced personalization. The language and mistakes made in these malicious campaigns will become harder to spot as the technology available to create them improves.

Identity theft is a growing issue which I don’t expect to decrease anytime soon, taking the steps highlighted in earlier are essential in proactively protecting against it.

And review your protection plan frequently, this is not a do-once-and-forget task!

Would you have a final piece of advice for our readers who are worried about fraud, but may not be sure what their next step(s) should be?

Firstly, don’t worry. There are numerous organizations that can help proactively, such as the advice we give here. Fraud costs financial institutions millions of dollars every year and they have expert teams on hand to both help you prevent it happening and to help you recover from it. Governments around the world also provide excellent guidance on staying safe online and avoiding fraud. The most important advice I can give is: don’t think it will not happen to me; make a plan today and act on it. 



Gabrielle Ladouceur Despins


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Protect your phone from malicious apps by malware scanner VirusTotal Mobile – Disposable mail news


Google last year removed 85 apps from play store after security researchers found that these apps were adwares in disguise.
These were all sorts of applications from Gaming, TV to remote control simulator apps on the Android Play Store. It goes on to show that even the apps from Google play store are not safe and could be running codes and scripts on your phone.

Some of these apps even had API key certificates and apart from these 85 apps, there are other apps that could be malicious and roaming undetected. It is very imperative to protect our phones and machines from such harmful apps and other files that could have been downloaded from “unknown sources”.
It is always good to carefully grant permissions to applications but still some apps could be running in the background, duplicating virus or downloading malware files into your phone.

 One way to protect your phone from such attacks is by using a malware scanner.
A virus/malware scan is the process where software scans and identifies viruses in a computing devise. Through a scan, you can review and identify threatening viruses and programs. Anti-virus software will also do the work but scanning through a scanner adds an extra cushion of security as they usually have more virus and malware codes and scanned by multiple anti-viruses than lone anti-virus software.

Virustotal Mobile, an android application available on play store is a virus scanner app that scans the application installed on your phone for any malicious file like malware, virus, trojans or worms and notifies you if any such malware exists. Scanning your phone for viruses and running this application to remove any malware on your device is a critical process of maintaining your mobile device. If a virus does get onto your phone and is not removed, then it could result in numerous problems like losing important data, your personal data may be leaked or your device could be compromised.

 The app, Virustotal Mobile scans your application by more than 50 anti-virus flagging suspicious content and even files and Url’s can be checked, not only apps. It is developed by VirusTotal.com, a trusted virus, malware, and Url scanner. Its good to remember that the app only tells you the malicious content and not removes the malware.

 Simple, effective and fast (without those annoying adds or pings) Virustotal Mobile is a must-have a tool to protect your phone from dubious apps that could be running pre-installed codes.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

How to Protect Your Netflix Profile With a PIN Code

Facebook Launches ‘Tuned’ Messaging App for Couples

Facebook has quietly released Tuned, a new messaging app designed to provide a “private space” for couples to connect, reports The Information.
Designed by NPE, an experimental group within the company that was established last year, the app encourages couples to share messages, notes, cards, voice memos, photos and Spotify songs with each other, thereby creating a “digital scrapbook” of…

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cybersecurity experts told how to protect yourself when working from home – Disposable mail news

After the World Health Organization (WHO) officially recognized the outbreak of COVID-2019 as a pandemic, many employers offered their employees to switch to remote work. Experts in the field of information security explained what risks exist when working from home and how to protect yourself from hackers.

Check Point Software Technologies specialists noted that employees feel more relaxed at home, especially when it comes to cybersecurity. This disadvantage can be exploited by hackers, who carry out attacks in order to gain access to personal or corporate data.

Employees can protect themselves from such attacks by following certain rules. First, strong passwords should be created. However, it is important to use different combinations for different accounts.

Also, cybersecurity experts recommend employees to be careful about emails. Since emails can be sent by hackers, they need to carefully study the information about the sender. This will make sure that the person is communicating with a colleague. According to experts, domains associated with coronavirus are 50 percent more likely to be malicious.

In addition, it should be remembered that a corporate laptop is not recommended for use in games or watching videos. This creates a security risk.

Experts do not advise company management to save money and provide devices for employees working from home so that they do not use personal devices.

If a person has to work on their own computer or laptop, then first he should consult with the corporate IT team. Also, employees need to protect home Wi-Fi with a more complex password to access the Network.

Timurbulat Sultangaliev, head of information security consulting company AT Consulting, said that for safe work from home, it is important to provide data encryption, antiviruses, firewalls, restrict access to the system to unauthorized users, monitor security and vulnerabilities, and provide multi-factor authentication.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Fraud Prevention Month: How to protect yourself from scams – 10 minute mail

ESET Chief Security Evangelist Tony Anscombe sat down with us to share his insights on how to avoid falling prey to online fraud

Are you aware of some of the most common tactics that con artists can use to steal your data, identity and money? The digital era has opened new ways for scammers to take aim at potential victims; in many cases, fraudsters can gather a range of details about unsuspecting netizens before hitting them with targeted attacks.

Online scams take various forms and become increasingly sophisticated, but being vigilant and knowledgeable about the threats will go a long way towards staying safe. To mark Fraud Prevention Month, which began in Canada this week, we talked to Tony about what people and businesses across the world can do to avoid falling victim to fraud.

Hi Tony, thank you for joining us. This week marks the start of Fraud Prevention Month, reminding both citizens and businesses of the importance of protecting themselves against fraud. The first question imposes itself: how important is individual action to prevent fraud?

Businesses and citizens lead busy lives and it is very easy to keep items that may not immediately affect us towards the bottom of the to-do list. Fraud is potentially one of those items, we may appreciate it can happen but unless it’s happening to us at this moment in time then we can often be guilty of delaying preventative action. While this is understandable, it should not be the case. If fraud makes an appearance as an issue it will dominate time and effort at the expense of everything else we should be doing.

Preventative measures may not be as onerous to implement as you first think, and the benefits of keeping yourself out of the fraud victim statistics will for certain keep a very stressful issue at bay. For example, preventative measures against identity theft may take 3-5 hours, but recovering from identity theft can take anywhere between 100-200 hours over a six-month period.

And for businesses the risk is compounded; fraud may affect the daily operations of the business and if it requires public disclosure can lead to loss of reputation and potentially create a distrust atmosphere with customers.

Having an action plan to prevent fraud either as a business or a citizen should be a priority on the to-do list; it’s time well spent. Don’t wait to be a victim.

According to ESET Cybersecurity Barometer 2018 for Canada, banking fraud and identity theft are Canadians’ top concerns when it comes to cybersecurity. What steps should we take to protect ourselves against these crimes?

Banking fraud and identity theft are intrinsically linked, as you would expect. Here are some tips on what should be the beginning of your plan to protect your identity.

  • When asked for personal information, either online of offline, always consider whether the requester actually needs the information.
  • Don’t overshare personal information on social media.
  • Register with credit agencies and create alerts warning you when someone is accessing your credit file.
  • Consider locking or freezing your credit file to stop access by any third party, it’s relatively simple to do and to unlock when you may need it.
  • And do all of the above for your kids too, don’t let someone steal their identity before they even start using it themselves.
  • Check bank and financial statements on a frequent basis and be on the lookout for any strange or unknown transactions.
  • Open physical mail in a timely fashion, banks and authorities use the regular mail system to alert you to changes or access to some online activities to ensure they were carried out by you.
  • Protect your mobile phone account against SIM swapping, make sure your phone account requires a PIN code or password to issue a new SIM card.
  • Use strong passwords or passphrases to secure your accounts, and keep each account secured with a unique password or passphrase.
  • When possible switch on multi factor authentication to secure your accounts, either using SMS or a dedicated app to authenticate logins and transactions. A dedicated app is recommended as it provides greater protection if you become a victim of SIM swapping.
  • Register for online social security and tax filing, even if you don’t intend using the online systems. Securing your account will stop someone registering as you.
  • Secure devices with security software and make sure it’s kept up to date.

The same study also revealed that three quarters of respondents were targeted by phishing attacks, through email or via phone (voice phishing, aka vishing). What advice would you give to users who want to protect themselves against falling for these scams?

Many of the above apply to businesses as well, securing a company bank account requires the same identifiers of the person as accessing a personal account. Businesses should adopt frequent awareness education with employees to ensure they understand what to look for to avoid fraud and scams that may affect the company. For example, protecting against phishing for login credentials and business email compromise attacks can be thwarted through education and awareness of how these social engineering attacks take place. Some core tips are:

  • Check the spelling of the web address/URL in email links before you click on then. Most email clients allow you to see the address by hovering the mouse over the clickable area, without clicking. If the address does not look right, then don’t click on it.
  • If you have clicked a link then be vigilant when you get to the website, if it does not look right or seems different to normal then don’t enter any information.
  • Don’t click links in emails that take you to login pages, for example I never click links in messages from my bank, I always type the address manually into the browser and access my bank directly.
  • If you don’t recognize the email or find the attachment suspicious, don’t open or download it.

And criminals do not only utilize electronic means. A recent example of a deepfake audio attack against a UK company shows how criminals are using sophisticated AI technology to attack businesses. Always validate the request using communication mechanisms that are trusted.

The FBI’s 2018 Internet Crime Report demonstrated the growing threat of Business Email Compromise (BEC) attacks, commonly known as CEO fraud, with losses almost doubling between 2017 and 2018. Do you think awareness trainings are efficient measures for organizations to protect themselves from these scams?

Yes, as mentioned previously, I believe employee awareness and education is important. Awareness trainings are an excellent engagement and education tool that gives employees advice not only how to recognize these attacks in the workplace but also offline. The Verizon 2019 Data Breach Investigations Report shows a decline in clicking a phishing test email by employees from 4% to 3% year on year. While this is a controlled test phishing email, it demonstrates that the education on identifying fake emails is working.

RELATED READING: Can you spot the phish? Take Google’s test

What is your forecast for future fraud trends and, more importantly, for steps to take in order to prevent fraud?

As the example above demonstrates, criminals will adopt sophisticated technology and techniques to carry out their malicious activities. As more personal data becomes available through breaches or other means then phishing email will become more targeted taking on the form of spear-phishing emails with enhanced personalization. The language and mistakes made in these malicious campaigns will become harder to spot as the technology available to create them improves.

Identity theft is a growing issue which I don’t expect to decrease anytime soon, taking the steps highlighted in earlier are essential in proactively protecting against it.

And review your protection plan frequently, this is not a do-once-and-forget task!

Would you have a final piece of advice for our readers who are worried about fraud, but may not be sure what their next step(s) should be?

Firstly, don’t worry. There are numerous organizations that can help proactively, such as the advice we give here. Fraud costs financial institutions millions of dollars every year and they have expert teams on hand to both help you prevent it happening and to help you recover from it. Governments around the world also provide excellent guidance on staying safe online and avoiding fraud. The most important advice I can give is: don’t think it will not happen to me; make a plan today and act on it. 



Gabrielle Ladouceur Despins


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Russians were given ways to protect themselves from surveillance via a smartphone – Disposable mail news

Experts noted that most often smartphone owners are inattentive and infect their devices with spyware. Such programs can collect personal data and place it in the public domain, listen to conversations, and monitor the actions of the owner.

Sergey Nikitin, Deputy of the Group-IB Computer Forensics Laboratory, said that more than 90 percent of cases are not vulnerabilities, but user actions. According to him, the main source of infection is applications downloaded through the browser.

“The search engine, first, gives not an official site, but contextual advertising. Often, scammers buy it, and by clicking on the link from your phone, you download a malicious APK file,” said Nikitin.
Nikitin gave an example of the GetContact app, which shows how a person is named in his friends’ contact list. According to him, the user provides access to contacts that can leak to the network. He noted that such cases have already occurred. The expert advised not to download applications for remote management, for tracking the user. According to him, it is also not necessary to download the first available antivirus from the search engine, since an unknown program may be a program with a Trojan virus.

Kaspersky Lab expert Viktor Chebyshev also said that popular apps can be malicious. According to him, hackers often fake malicious programs for popular applications. “For example, we recently discovered more than a thousand malware that pretended to be a popular dating application. In General, in 2019, most often Trojans pretended to be photo-processing applications,” informed Chebyshev.

Another loophole for fraudsters is called remote control applications that allow to see the device’s screen.

“An attacker can ask you to install the program and then conduct a financial transaction on your behalf. Many banks now show a one-time code in push notifications, so it is not a problem to see it on the screen,” said the representative of Group-IB.
Experts also added that fake apps can be found even in official stores. You should be wary if the application requests administrative functions.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.