Other Ways To Connect

Monday, July 29, 2013

Protecting yourself from the phisher

Not a day goes by when you don't receive an odd email, tweet, or Facebook update from a friend or acquaintance imploring you to click a link to see a funny cat video or learn about a hot stock tip. Unless you have a very unusual set of friends, it is unlikely that these are legitimate messages. How does this happen?  How can you protect yourself from becoming a victim and becoming a source of spam messages for your friends?


How does the bad guy hack my account?

Perhaps he blindly guessed your password. Historically, many people have had very weak passwords, but most services impose some strength checks on passwords these days. Or perhaps the service you were using was hacked and your password was released. If this was the case, you either have read about it in the news, or your service was required to notify you. 

Be careful to not get hooked!
It is more likely that you were phished. The bad guy tricked you into clicking on a link that you thought was legitimate but in fact led to a site or software owned by the bad guy. This is primarily a social attack. The email or tweet appears to be from your friend or your bank. Either the message was spoofed (not really sent by the bank or friend), or your friend has already been hacked, and the attacker is using a legitimate account to send you a message.

In the past 5 years, phishing attacks have escalated to more directed attacks called spear phishing. A basic phishing attack is not directed at all. It gets a bunch of email addresses and sends a generic message about their Bank of America account with no knowledge of whether their target has a Bank of America account or not. With spear phishing, the attacker knows something about you, so the message will be more personalized and believable. If the attacker knows you just applied for a loan with Citibank, he can send a message about your loan application, and you will be far more likely to open that link.

What happens when I click on a bad link?

It is possible that the item you are tricked to click on is an executable or an infected word or pdf file. Perhaps it appears that your friend has sent you a MS Word document with the secrets of great riches. By opening that document, you are giving the bad guy the ability to execute code on your machine. That means he can install programs to use your machine later (e.g. to send spam to others) or to gather information from your machine (e.g. tracking your keystrokes to find other passwords and account numbers).

So never open documents, zip files, or executables sent to you when you are not expecting them. Legitimate companies do not send attachments. Most friends are not going to send your attachments either unless you are actively collaborating on something.

The link may just be to another web site. That can harm you in a couple ways. The page may include some malicious javascript. Javascript is limited in what it can do, but it can grab session tracking cookies and potentially take over an active session you have with your bank or credit card company. When accessing sensitive sites like your bank, you want to limit access within the same browser to other sites.

In the classic phishing attack, the link will take you to a web page that looks like the real login page for your bank. So you enter your username and password. The bad guy stores that away, logs in for you, and redirects you to the real bank site. Now the bad guy has your user name and password to login to your account at his convenience. In the case of social media sites, the bad guy may log in as you to propagate the attack to your friends.

While having the bad guy get access to your facebook or twitter account may be embarrassing, it could be worse. Many people use the same password everywhere, and the bad guy knows that. He will be trying more interesting services like banks and credit card sites with the social media login information.

How do I protect myself?

Always be cautious when clicking on links from emails, tweets and facebook. Most email, twitter, facebook, etc. clients will show the actual link as a pop up or at the bottom of the page. Many messages are formatted now to show user friendly names for links. So while the email says "Bank of America Login", the link may well be http://hackmenow.com instead of http://www.bankofamerica.com.

The Wombat Security Technologies group from Carnegie Mellon University has a game called Anti-Phishing Phil which trains you on identifying untrustworthy links. Check out the demo version.

Be skeptical about whether an attractive email is legitimate. Do you have a relationship with the company in question?  If Bank of America sends you an email saying they owe you $10,000, it is probably not legitimate particularly if you don't have an account with Bank of America. Or your Aunt Matilda is probably not going to be sending your links with opportunities to get rich via a hot stock tip.

Do not share passwords between services. At least do not share passwords between services that  have less critical information (e.g. Facebook) and those that have critical information (e.g., your bank). Getting hacked on Facebook is embarrassing. Getting hacked on your bank site can be bad for your financial future.

I clicked on an unsavory link. What should I do now?

The attacks are getting better and more sophisticated. It is likely that at some point you will be tricked into entering your Facebook account information first thing in the morning. What do you do now?

If you downloaded and opened or executed a file (e.g. a pdf, exe, doc, or zip file), run a deep virus scan on your computer. If the scan doesn't reveal anything, don't be too relieved. If it is a new attack, it may not yet be characterized by the scanners. You may want to take your computer to a local computer service company to perform a deeper analysis. Do the scan even if you are running an Apple device. While Windows devices have the bad reputation, Apple devices are also vulnerable to attack, particularly if you execute the program for the attacker.

If you entered your password into a bogus site, change your password now. If you use the same password on other sites, change your passwords there as well. Don't wait for folks to tell your that you are sending odd emails. Do it now!

If your friends start reporting getting odd emails or tweets from you, assume you have been hacked and didn't realize it. Change your passwords for the service sending the odd messages and for any other services that share that password.

Good luck out there! A little vigilance will keep your safe in your Internet travels.

Friday, July 26, 2013

Grow Your Practice With SafelyFiled


For lawyers, financial and estate planners, accountants and professional organizers - an easier way to organize and securely communicate with your clients.

Last year we introduced SafelyFiled as a secure and organized electronic safe deposit box for your important documents.  But we always knew that that was just a start.  So in the past few months, based on member requests and suggestions, we have made some changes that take advantage of SafelyFiled’s powerful and flexible architecture.

A number or our professional members who need to maintain confidential communications with their clients see SafelyFiled as a way to replace cumbersome encrypted email software.  Others, who spend a lot of time holding their clients' hands, see it as a tool to keep their clients organized, making the clients happier and reducing the time spent helping clients find lost documents.

Making It Even Easier With You In Control

So we made it easier for you to get and stay closer to your clients.  Just give them sponsored accounts.  In other words, you can now set up your clients’ folders and upload their documents.  Then, with a simple click of a button you get your clients started with their own SafelyFiled account.  Your clients simply click a link in their email invitation and it takes them to a SafelyFiled page where in about about two minutes they have a 256 bit encrypted account.  Now your clients are in the SafelyFiled secure “bubble."
And once in that bubble, it gets a whole lot easier to stay in touch with your clients - securely and with you in control.

SafelyFiled Benefits

Using SafelyFiled for your clients gives you four important and easy-to-use functions that you need in your practice.

First, it enables easy, one-step encrypted communications with your clients, something that is especially important when your communications come under the HIPAA or other regulations.  And, given the recent changes in Gmail, with Google sorting email for its users and putting it into tabs, SafelyFiled is a great way to make sure your clients actually see all of your communications. (Think automated text messages to let them know you've put something in their SafelyFiled folders.)
Second, the audit trail verifies that documents are available for your clients to read or download and whether or not your clients have seen them.  And with the SafelyFiled’s organization system, your clients can easily find their documents.
Third, you can use SafelyFiled to send reminders to your clients, in text or email form, about important documents you've prepared or that they need to look at.
And fourth, your clients can securely send you their documents.

Create Loyalty and Increase Exposure

As a sponsor, you can easily brand your clients’ view of their SafelyFiled documents.  Your logo and message can be on the top right of every client’s page.  Since SafelyFiled was designed to let your clients add their own documents, they’ll use it even for important matters that you are not involved in – but they’ll still see your name.  And when they share their documents with their family members (e.g. a medical power of attorney with adult children) their children will see your name too.

Try It Risk Free 

We offer a 30-day money-back guarantee on your own account, so you can try SafelyFiled without any risk.  It’s not expensive.  And when you decide to become a member and sponsor your clients, you can always cancel a client (or former client) and get a pro rata refund.  At $36 per year for a sponsored client, that’s less than 10 cents per day.  And once your clients use SafelyFiled, you’ve got a great excuse for a yearly call or account review.

More To Come

Thanks for helping us grow.  We hope that we can return the favor and help you grow your practice by using SafelyFiled.  Towards that end, please keep giving us your suggestions.  You help us make SafelyFiled even better.

Friday, July 19, 2013

Member Testimonials about SafelyFiled - New Insurance Quote

Occasionally we'll have one of our members tell us how SafelyFiled has been very useful to them.  We thought we'd share those periodically.  Here is one such story.


"I wanted to share the experience I had yesterday about how SafelyFiled helped me with getting a new home and auto insurance quote.

"I was searching online for new insurance, filling in information at various insurance sites to compare quotes.  I got a quote that I was really interested in so I proceeded to fill out more information and requested that an agent contact me as soon as possible.  Shortly thereafter I got the call so I could complete filling out the information to get a specific quote on my house and automobiles.  I haven't changed insurance in quite some time and in doing research, found that I was paying too much.   Also, since I hadn't changed in so long, I had forgotten all of the information that I needed to have available for the agent to give me a real quote on my property.

"He asked me questions such as, have you had a claim on home or automobiles in the last 5 years?  Have you had any speeding tickets or any other moving violations in the past 5 years?  What was the VIN numbers of each vehicle?  What was the driver's license number of each authorized driver in the house?

"I had a moment of panic because I wasn't prepared to answer these questions but really didn't want to have to start over with the quote later after gathering this info together.

I saved time and money!
"But then I remembered!  I had taken the time a few months ago to scan the car titles, mine and my husband's driver's licenses and the insurance claim that was paid for hail damage to our roof and uploaded all of that into our SafelyFiled account!  I also had the current insurance policies scanned so I could easily find those numbers for cancellation.  Since I was at the computer (but I could have also used my smart phone),  I simply logged in, input key words I knew I had included on those documents or within the title of the document, and bingo---I had all the information I needed right in front of me to give to the agent.

"So thank you SafelyFiled for saving me money (the switch to the new insurance company was worth it!) and time by providing such a quick and secure place for me to access these important sensitive documents at the moment I needed them!"


Do you have a story?

 

We love to hear the different practical ways that SafelyFiled is being used by our members.  Share your story with us and you may see it in the next blog!  Email us your story today.






Wednesday, July 10, 2013

Scanning Services Needed - New Business Idea?


We are often asked if we could recommend businesses or professionals who might be available to assist other SafelyFiled members with scanning documents.


Because of our affiliation with NAPO (National Association of Professional Organizers) we do have professional members who provide these services but it's been difficult getting them connected to the people looking for them - until now.

With our latest release we have a new Affiliations page on our website where members of SafelyFiled who are looking for these services can search our list of professional members and find one to hire.  Our list is short at this time but our members can also click the link to NAPO.net and look there for a longer list of organizing professionals.  When our list grows, we'll have another search feature available on our page where our members can input their State and find businesses or professional organizers closest to them.

In addition to finding information regarding business professionals on our Affiliations page, we've added information about our other business affiliates who offer SafelyFiled members discounts on their products and services.  Again, this list will be growing as we enter into more and more partnerships with products and services that complement SafelyFiled nicely.  You can access our Affiliations page from our main website by clicking on "Affiliations" at the top center of the page.

Want to become an Affiliate of SafelyFiled?

The demand for services to organize, scan and turn paper into digital documents is growing.  There are many people out there who don't have a scanner, don't know how to use a scanner or just don't want to spend their time scanning their documents but want to take advantage of the convenience of having their files available from anywhere.  They are looking for trustworthy people to provide this service for them.

If you provide scanning services or are starting a business to do this and want to be added to our list of professionals, send us an email to find out how.  (You don't have to be a member of NAPO to get on our list.) If you've thought about adding scanning services to your current business, or are looking to start a new business from scratch but not sure where to start, this eHow.com article regarding how to start a scanning business may help you.

Finally, if you are looking for even more help setting up or running a business, you may want to check out the National Association of Professional Organizers and the National Association of Senior Move Managers.  These professional associations provide advice and help to their members. 

Monday, July 1, 2013

Happy Birthday and Thanks

As a married man and a father who raised three children past their teenage years, I have been reminded on many occasions that I’m not perfect.  But my wife and the kids love me anyway.

It’s the same with our country.  We’re not perfect, but I and millions of others love the United States in spite of its flaws and failures.  I don’t know where else in the world a couple of guys in their 60s, along with a staff and other owners, the youngest of whom is 46, could put together an Internet company, have the freedom to build it the way they want and have an incredible infrastructure to tap into to make all this possible.

There is a lot to be thankful for, but for this blog, I’ll just touch briefly on freedom and infrastructure.

Freedom


Thanks to the men and women of the armed forces, including our intelligence agencies, from the time of the Revolutionary War to today, for their bravery, willingness to endure months of boredom and moments of terror, for the years of their lives and in too many cases, their lives themselves.   We would not have the freedom to create our business without them.

Happy Birthday U.S.A.
Thanks to Abigail Adams and other wives of the signers of the Declaration of Independence.  Can you imagine what must have gone through their minds when their husbands told them they signed the Declaration?  These were all pretty much well-off men, who came home after that July convention in Philadelphia and told their wives that they had committed treason against the King of England.  They willingly put themselves, and possibly their wives, at risk for torture, the death penalty and abject poverty.  All they had to do was win a war against the most powerful nation on the planet.  So thanks to those wives for the bravery they showed by not giving into their well-founded fears and beating their husbands to death with a broom.

Thanks to Winston Churchill.  He recognized the Nazi threat, endured years of ridicule, and simply refused to give up.  I shudder to think what the world would have been like had he not been so stubborn – and so right.

Infrastructure


Thanks to Steve Wozniak and Steve Jobs, for listening to their passions and creating computers that are easy enough for the rest of us to use. 

Thanks to Jeff Bezos for creating Amazon.com and building Amazon Web Services, an incredibly reliable, secure and reasonably priced data storage service.  Without AWS, we probably could never have raised enough capital to get SafelyFiled started.

Thanks to Robert Kahn, Vinton Cerf and Al Gore (yes, that Al Gore – seriously). Kahn and Cerf were brilliant engineers who developed Internet protocols, so computers could talk to each other.  And Al Gore, who as a Representative, Senator and then Vice President saw the future value of what became known as the Internet, drafted and sponsored legislation to create the digital communications backbone we use today and got it out of the government’s control, into the private industry where it could be further developed into the best communication tool ever.

This List Deserves to be Longer


This list could go on and on.  There are plenty more individuals who deserve our thanks so feel free to add them in the comments section below.

A nation is not the land inside the borders that show up on a map.  It’s the people - the individuals who by their work, creativity and persistence continually build the foundation for the rest of us to build upon.  May we be worthy of the efforts and sacrifices of those who came before us and may our own contributions be a solid foundation for those who come after us.

I love this country.  Happy Birthday.