Client Story 01 – Bank Fraud

This week, a client (Company MM) called me because of fraudulent banking activity.

The Synopsis

The client is a matchmaker between their clients (Company C) and their service providers (Company SP). In this case, there was a pressing time element – payment needed to happen within five days in order to make a certain deadline. Company SP sent the invoice for their services to Company MM who forwarded it immediately to Company C. Shortly thereafter came a second email correcting a mistake with the original invoice. Same letterhead, same writing style, same bank, etc. But a different bank account. This invoice was also immediately forwarded to Company C, who proceeded to make the payment.

Company MM clicked “reply to all” on the second invoice, sending proof of payment, so that things could keep moving, even if payment wouldn’t be received for another day or two. Emails came from all sides during the next few days, during which time it became clear that the second “correct” invoice had been a fraudulent one and the payment had been made to some criminal’s account. Five figures stolen. Yikes.

Still collecting all the details, but the criminal somehow got hold of the email conversation and created email addresses that were similar to the real ones. The real ones were, say, person1@client.com, person2@matchmaker.com and person3@serviceprovider.com. The fake addresses were person1@cliennt.com, person2@matchmakerr.com and person3@serviccprovider.com. Just one letter different. Barely noticeable. So, devious person sent the “corrected” invoice from the fake service provider email address, which was sent on to the client. It took a day or two before the three realized they’d been duped.

The Phone Call

As soon as MM realized that money had been stolen, they called me. They thought that their email had been hacked. I assured them that it hadn’t been hacked. I know this because last time I did some work for them, we turned on two-factor authentication after having changed their email passwords. Even if someone guessed / figured out their email password, any attempt to use it on the computer or smartphone would generate an SMS to my client’s phone with a code.

“How can we prevent this in the future?”

After getting the details over the phone, after assuring them that their email hadn’t been hacked – at least as far as being able to say, no one got into their account to read/send emails using their account, inevitably the question came: “How can we prevent this in the future?” It’s not something I’ve come across before, but there were two things that I thought of immediately.

Option 1 – Save the relevant email addresses to the Address Book

First, I suggested creating an Address Book entry for every business contact. Instead of just seeing newcontact@newcompany.com in the From: field of your emails, you’ll instead see something like: John Smith <newcontact@newcompany.com> or maybe just John Smith. In any case, if someone sends an email from anything that’s not exactly that address, it will (possibly) be different than John Smith.

This is not fool-proof, but is a first step.

Option 2 – certificates

This is really the way to go. By creating a free certificate with an issuing authority like Comodo, you encrypt your emails. When you send an email to some one, it’s encrypted and the certificate is saved on the recipients computer. And the email client shows that the email has been encrypted.

For this to work, both parties must have their own certificate.

I just created a certificate for both of my primary email addresses – business and personal. Took about 2 minutes to create it, receive it, install it, and test it with by sending an email and then getting a reply. It’s worth it.

Security is up to you

A few years ago, these levels of security were a bit technical and you could be excused for not having the confidence to delve into it, instead thinking the risk was not that great or indeed not even being aware of the risk. But, these days, it’s just too easy and ignorance is no longer a reasonable excuse.

If you’d like help with this or any other matter, please feel free to contact me directly. I’d be happy to help.

 

Advertisements

Windows 8, Wireless Networking, Livebox (France)

Yesterday, I got a call from someone who had purchased a new Samsung laptop with Windows 8. They were having trouble connecting wirelessly to their Livebox (Orange, France) even though all other devices in the house (Mac and Windows laptops, Apple TV, several smartphones, etc.) were connected.

First, for those who don’t know or remember, the Livebox has a security feature for wireless clients. You are required to push a button on the Livebox prior to connecting with a new device. When you do, the wireless LED will blink for about 60-120 seconds, providing a limited time to connect. While it’s flashing, you can connect a new device.

It seems however, that this was not the problem, and so I was called in to troubleshoot. I was certain that I’d be able to connect them quickly. When I got there, I used my own (Apple) laptop and a cable. Success. Then, I tried to connect wirelessly – no luck, until I realized that the password printed on the Livebox was not the correct one. Once I used the correct password, which I found from the Livebox configuration page (http://192.168.1.1), connecting was immediate.

OK, so time to trouble shoot this new operating system. I was able to see the network, provide the password while the LED was blinking, but it would either not connect at all or report only a “Limited” network connection. The times that it didn’t connect, there was nothing to do but try again. I disabled/re-enabled the Wireless device. I looked at (but didn’t change any) of the devices properties.

Finally, one time when I was able to “connect” in a “Limited” fashion, I was able to right-click and get the properties of the connection. And there was the answer.

Windows 8 and the Livebox tried to negotiate a connection and agreed on WPA2-Personal and AES encryption. In my experience, I’ve usually seen/used WPA-Personal and TKIP. I selected those settings, saved and tried again. Success!

Summary

1. Push the Wireless button on the Livebox before connecting a new device wirelessly.

2. Connect to the Livebox using the correct password.

3. If connection is listed as “Limited,” right-click the connection and view the Properties.

4. Change the Properties to list: WPA-Personal and TKIP.

5. Apply, Save and try again.

6. Reboot and verify still connect, for good measure.

Mac OS X Mountain Lion (10.8): Are you ready to upgrade?

Last month, Apple announced that the next version of its operating system, Mac OS X 10.8 (or “Mountain Lion”) would be released in July. Last night, a version was released to developers which, barring last minute tweaks, will be the final version. Also, some sources remember that last year’s update was released the day after their quarterly financials conference call and that there will be another such phone call next week on Wednesday.

Regardless of whether the new version is released in the next two weeks or not, is not terribly important. The fact is that it will be released and will be the current version for the next year or so. So, are you ready to upgrade?

Recent Purchases

According to Apple’s Up-to-Date Program, “The OS X Mountain Lion Up-to-Date upgrade will be available at no additional charge from the Mac App Store to all customers who purchase a qualifying new Mac system from Apple or an Apple Authorized Reseller on or after June 11, 2012.” However, you will need to make your request for the free upgrade within 30 days of the date Mac OS X Mountain Lion is available on the Mac App Store (which you can find in your  menu in the top right corner). If you purchase an Apple computer after Mac OS X Mountain Lion is released and for some reason it still has Mac OS X Lion, you’ll have 30 days from the date of purchase to qualify for the 30 day free upgrade.

But, hey, if you miss the window, it only costs $20 anyway, so it’s no big deal, right? It used to cost between $100-130 for each new version of Mac OS X, but last year it was $30, this year $20, where I think it will stay until there is another major change in the OS.

System Requirements

Basically, you need an Intel-based Mac. For more specific information, go to Apple’s Mac OS X Technical Specs page, but the short version is, if you’re Mac was bought in 2008 or later, you should be fine, although you will want to be sure you have enough memory (RAM) and hard disk space to accommodate it. You can check RAM and Hard Disk by clicking on  > About This Mac and then “More Info….” If you don’t have enough RAM, usually it’s pretty easy and cheap to upgrade. These days, a 2 GB RAM module goes for prices between 20-40 CHF, depending on whether you have a desktop or a notebook and how old it is. I got a 4 GB chip for my Mac laptop (2009) for about 35 CHF just a week ago.

You also need to have Mac OS X 10.6.8 (Snow Leopard) installed already. If you do not, then you need to upgrade first. Check “About this Mac” as above. If you have Version 10.6, then just do a Software Update which will bring you to 10.6.8. If you have anything earlier than 10.6, you’ll need to upgrade first. Find someone with Snow Leopard disks, borrow them, install it and then you can go to Mountain Lion.

Time Machine – You are backing up daily, right?

I can’t emphasize this enough, no matter what version you currently have….Please Make Sure  You Have a Current Backup. That means, completed in the last 5 minutes. If you are not using Time Machine, you really should be and this is the perfect opportunity to do so. If you have a single Mac desktop, then get yourself an external hard disk that is at least as big as your internal, plug it in, wait for Time Machine to ask you if you want to use it for backups and click “Yes.” Then wait for the backup to happen. If you have more than one Mac or you have a single laptop, consider buying the Apple Time Capsule. It’s a great investment and will back up your computer(s) wirelessly whenever you are using them! It doesn’t get much better than that, honestly.

I repeat, if you are not actively using Time Machine, do so now. Before you upgrade.

Upgrading to Mac OS X Mountain Lion

In most cases, like 999 times out of 1000, the upgrade is really simple, if lengthy. Open Mac App Store, purchase Mac OS X Mountain Lion, wait for the download (could take 30-90 minutes, depending on your internet connection), and then click the icon in the Dock (that long line of icons that shows you which programs are running) to start the installation and then wait again for it to complete, again possibly 30-45 minutes.

Most times, that’s all. But, inevitably it will go wrong for someone. Maybe a power outage at the wrong time screws something up. Maybe the internet connection is interrupted and corrupts the download. Any number of stupid things could happen and leave you with a system that no longer works.

That’s why you need/want a current Time Machine backup. Because even if something happens, you’ll be able to recover easily. Really easily.

UPDATE: On 24 July 2012, Apple confirmed that Mountain Lion will be released on 25 July 2012. Expect it around 10:00am Pacific Daylight Time, or early evening here in Europe.