Apr 10, 2019
Craig is on the WGAN Morning News. This morning they talked about the dangers of spam, spear phishing, and sextortion emails. They also talked about the Supreme Court taxing the online stores.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
The US Has Stepped Up Its Tax Game. You Will Want To Read This If Youโre Selling Online
Latest Tactics Used
By Cybercriminals To Bypass Traditional Email Security
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 04/10/2019
Internet Sales About To Be Taxed - Dangers Of Spam
Craig Peterson 0:00
Hey, good morning, everybody. Sorry, yesterday, I was not able to
record a little intro to my Jim podcast. But anyhow, I am today.
And we're planning on doing a security thing this week to on
Thursday and Friday. So keep an ear out for that. I got a couple of
real interesting cases that we're going to be talking about. Some
major companies and some small companies and what happened to them
this week with leaking sensitive data. So this morning, I was on
with Ken and Matt. And we talked about two different things. We
talked about something I did not talk with Jim about yesterday. And
that is how the US has stepped up its tax game. And what is
happening with the tax jurisdictions, the Supreme Court decision
last fall, that really is going to change everything. So I talked
to them about that. And then also, of course course about email,
and the email problems we're having right now, the switch, frankly,
that's been occurring in spearphishing that I saw starting in about
six weeks ago, but now it's starting to reach epidemic levels a lot
higher than the measles right now. Anyhow, take care. And here we
go. be back tomorrow
Matt Gagnon 1:21
7:38 WGAN Morning News on a Wednesday, which means that it's time
to talk to Craig Peterson, our tech guru who joins us now as he
always does at this time, except for last week when he didn't join
us. So he's back. Ladies and gentlemen, Craig, how are you?
Craig 1:34
I am. I was at a conference last weekend in Phoenix, Arizona.
Matt 1:41
Excuses, excuses.
Ken Altshuler 1:41
So let's see probably the same kind of whether you're experiencing
this week here in town.
Craig 1:46
Pretty much the you know, it was about 70 degrees inside the
conference room for five days. And then I heard rumors that it was
in the 90s outside. Yeah, I was a good little boy and stayed in
there. The whole time learned and contributed.
Matt 1:59
Soldiered on.
Ken 2:02
So well. Why don't we start off with email security. This is very
safe as I know. We don't have to worry about anything about email
security now do we?
Craig 2:12
Yeah. Well there are some changes in this. I don't know if you guys
noticed some of the changes in the emails that are coming in, these
these spear phishing attacks?
Ken 2:21
Spear phishing attacks.
Matt 2:24
I don't really like fish.
Ken 2:25
I don't really mind spearfishing, sounds kind of...
Craig 2:27
You can't connect, you know, normally when you're spearfishing, you
can't you don't get a whole bunch of fish or better with a big net.
And for years, that's what they did, what they would do is send out
emails, the exact same emails to as many email addresses as they
could get their hands on. And some people would respond. And
there's some interesting science behind this, you know, the
Nigerian prince scams that are still going on, but not at the rate
they used to. They would have spelling mistakes and grammatical,
you guys must have noticed that right?
Matt 3:00
Yeah. A little bit, yeah.
Craig 3:02
Yeah. And did you realize that the intention of them putting in,
the intent behind putting in the grammatical grammatical errors, as
well as the spelling mistakes, was to catch people that weren't
terribly smart, because they were thinking, well, if they don't
notice, if they can get past all of the grammar errors and things,
then maybe we can convince them to send us some money, so that we
can rescue the Nigerian prince. And that worked and it worked with
a quite a few people over a lot of years. And unfortunately, it
really hit the senior community because they, this is all new, they
weren't paying that type of close attention. Well, now we've gotten
smarter. So rather than casting these huge nets out there, what the
bad guys have been doing is they're still phishing but now they're
phishing individuals. And this is a problem that comes from all of
the data breaches over the years, it seems like almost every week
now we hear about another massive data breach. So on the dark web,
there are databases of hundreds of millions. We just found one this
year already that had 2 billion records in it, of people's email
addresses their passwords, etc. So the bad guys are get a little
smarter. They've been doing business email compromise attack that
we kind of talked about before, FBI has been warning about them for
quite a while, over $12 billion in cash stolen over the last few
years to the business email compromise attacks. But what I want to
talk about now is a new type of email attacks that's been
happening, because they have so much data. They've been doing spear
phishing attacks in the realm of what's called nowadays,
sextortion. And they'll send an email out, the emails look like
it's just a regular warning email, it'll say, so the subject might
be warning, your end, it'll give your email address ken@gmail.com,
for instance, account has been compromised. And then you go into
the email because it looks like a warning. And it may look like
it's from Google. In fact, right now, the majority, the number one
source for these emails is Gmail. So you'll get an email is coming
from Gmail. So Google, right you have using, so you open it up,
look inside it says, Ken, this is a warning that your ken@gmail.com
account has been compromised. And they give you some other
information like your password. So with the sextortion email, what
they're doing is they're saying, Ken we have a video of you on and
they'll name some pornographic website, and your password on that
site is this. Now remember what we keep warning people about week
after week, and that is don't use the same email address on
multiple sites, right? People are still using the same email
address on multiple sites. And so the problem that's arisen from
all of this is that people are getting the email, it says, we
caught you, we have you on video at this porn site. Here's your
password for that porn site, pay up now, or we are going to release
this information. And right now, which of course is a former
blackmail, and it's about 10% of all of the spear phishing attacks,
it is increasing. If you are, if you have a business email address
that's been compromised in a breach, you're twice as likely to be
the target of blackmail now, than business email compromise. So
this is a very, very big deal. I've had listeners who have reached
out to me and said, Oh, I got this email and they tell me what it
is. They say Should I get a lawyer involved? And you know, bottom
line? It obviously it's up to you. But this is now the fastest
growing type of attack. So advice for everybody how to stop this.
Change all your email passwords and addresses. Matt, you said you
use LastPass right?
Matt 7:26
Yes I do.
Craig 7:28
Yeah, LastPass is great. You know, I prefer 1Password. It's a lot
better for businesses group account sharing, you know, accounts
that you might have to share inside of business with different
vaults and things. But both of them are excellent. And what I'll do
is everybody that's on my text list, I'll send out this thing later
today. And I'll give out the phone number. So you can text me and
I'll send it to this, I'm not selling anything, I'm going to send
you my report that compares the password services so you can change
your password and get that stuff all straight. I'll send that out
after we get off the air here. But this is huge. And it's been
successful, because people are still using the same email and the
same password on multiple websites I live. There's the biggest tip
of the day right there.
Matt 8:22
Were talking to Craig Peterson, our tech guru, he joins us on
Wednesdays at this time to go over what's happening in the world of
technology, let's say for the sake of argument, Mr. Peterson that I
sell stuff online. And and you know what i tax is kind of an open
question sometimes. The United States seems to have recently paid a
little bit more attention to this and trying to figure out how to
actually extract more blood from the stone. So tell us a little bit
about what you should be aware of if you're a retailer that sells
stuff online.
Craig 8:52
Yeah, if you're selling stuff online, there's a US Supreme Court
case last year that was heard. And it's between Wayfair, which is
this big online furniture and home goods company. Have you, I've
seen it online.
Matt 9:07
Oh yeah sure, absolutely.
Craig 9:08
And Wayfai'r's online and the State of South Dakota, said people in
South Dakota who are buying from Wayfair should be paying our state
sales tax. Which makes sense, right? I can see that. But the
question is Wayfair, who has no presence in South Dakota, no
physical presence, know nexus at all, says, Hey, listen, we're not
there. And we know that Congress has really protected the internet
from sales taxes, and having to pay it because they kind of wanted
it to grow. And it's just a nightmare if they had to collect sales
tax. So the US Supreme Court overturned the law on not taxing
companies that had no state nexus. So now, things are going to get
very messy, because companies that are selling online, are going to
end up having to collect sales tax for every sales tax jurisdiction
in the United States. And it's estimated that there are some 9000
different sales taxes across the United States, because they're not
just talking about the state taxes, which range from 4.7 to 13.5%.
Right now, but we're including local sir taxes, like, if you live
in New York City, you've got New York state tax, you've got the
county tax, you've got the city tax, it gets kind of crazy. So
they're trying to be kind of reasonable in the ruling. So they're
saying there are going to be thresholds. So most, and this is state
by state, by the way, which makes it even more of a nightmare. So
some states are saying if you sell 100,000 dollars of product in
our state, you now have to pay and withhold the sales taxes. And
the threshold varies as I said. Now, big companies like our friends
over at Amazon, I love this, because they can easily take care of
all of us state sales tax and messes and county and the city and
everything else. But the little guys can't. And so amazon for quite
a while has been saying yeah, yeah, we we are we sure have internet
sales tax. If this is going to hurt some companies, obviously
$100,000 is quite a few sales. But depending on what you're doing,
keep an eye out. Now there are a couple of companies that have
popped up in the last little while. Paddle is one of them. But
there's others that are able to do this for you. But I think what's
going to happen is this is going to help Amazon in another way. And
that is if you're selling things online, you're just going to sell
them through Amazon, or through eBay, and let them worry about all
of the red tape of filing with some 9000 different taxes in, you
know hundreds of jurisdictions throughout the country. So you're
right about that Matt. And if I could text out the links, I also
have something this is a free service that Google has, I'll send
you a link to this as well. And what it does is it gives you on
your screen, it doesn't send you emails or anything it asks you for
your name and email. And it what it does, it doesn't use it other
than to try and fool you on the web page. So it'll run you through
eight different emails will show them to you on the web page. You
can hover over the links and things and it'll help you understand
better whether or not you are, you know, educated enough, if you
will, about these types of attacks to protect yourself. So we'll
give you a little quiz and help you out and answer your questions.
So I'll text that out as well. So if you just text either Ken or
Matt to me at 855-385-5553. I will send you links to both of those
things on the password managers, a big article I wrote on that. And
then also a link to Google's really cool little training thing you
can use for yourself and people in your company to help your spear
phishing. So just Ken or Matt just text either to me 855-385-5553
and I'll send that out to you later on today. I'm not going to spam
you. I don't sell these things. I just want to get the information
out there because I can't believe these things are working.
Ken 13:53
Craig Peterson our tech guru joins us every Wednesday at 7:38. Get
all of his information directly from him. Thank you, Craig we'll
talk to you next week.
Craig 14:05
Hey gentlemen, take care. Bye bye.
Craig 14:10
Alright guys have a great day. It is going to be a busy one today
for me because I had my last coaching call from the Cybersecurity
Do It Yourself course this afternoon so I gotta get ready for that.
Off I go. Take care everybody. Bye bye.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553