Coleman Technologies Blog

Spam Inundation

If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.

Don't Open Attachments from Unsolicited Emails

This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.

Keep your Computer Safe

Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.

Don't Rely on Email for Storage

Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.

Encrypt Sensitive Data

If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Coleman Technologies a call at (604) 513-9428.

The holidays are fast approaching and that means people are going to miss work for one reason or another. If you can get away from the office for a little bit, you’ll want to set up an out-of-office message to ensure that others know you will get back to them when you get back to the office. Here’s how you can set up an autoresponder for an out-of-office message in Microsoft Outlook.

How to Set Up Your Out-of-Office Message

Setting up an autoresponder in Outlook is simple. To get started, open up Outlook and select File.

Under the Info section—the one with the Home icon—make sure you have your account selected. You should see an option underneath it for Automatic Replies.

In the box that appears, you will see an option for Send Automatic Replies. You can configure your auto replies to send only during a specific timeframe using the drop-down boxes and date ranges. Once you have the dates determined, you can use the textbox beneath to enter your auto reply message. This will be sent to anyone who sends you an email while you have your autoreply active.

It’s also worth noting that you have a lot of control over the text that appears in this box. You can include links to resources, contact information for who they might want to contact while you are out of the office, and so on. We recommend that you don’t just leave your contacts with a simple “I’ll get back to you.” If you do leave the office for an extended period of time, be sure to give your contacts some direction, as it could make all the difference for a prospective client, annoyed customer, or other disgruntled auto reply recipient.

We hope you found this tip helpful! If you have any suggestions for future tip blogs, be sure to sound off in the comments below.

We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.

Meet The Most Trusted Fictitious Online Retailer in the World

Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.

Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.

Our motto is simple: TallMart: Why Go Anywhere Else?

Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.

When Users Feel Secure, Cybercriminals Gain an Advantage

TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.

Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.

How to Verify the Destination of a Link in Emails, Chats, or Correspondence

While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.

The Key: Punctuation in the URL

While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:

Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru

The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.

You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source. 

If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.

Please share this with others because the more people know about how to stay safe online, the safer we all are. 

Make Your Inbox Do the Work for You

You’ve got better things to do than organizing and prioritizing your emails manually. Granted, you’ll still need to respond to important emails, but most email clients have everything you need to set up a system that automatically parses and sorts emails based on a whole slew of different factors. It will take a little time, and likely a few rounds of adjustments to get your inbox to work the way you want it to, but we’re going to show you the tools that will help get you there.

Most businesses either use Microsoft Outlook, or Google’s Gmail, so we’re going to cover these two email platforms.

Gmail’s Labels and Filters

If you use Gmail, there are two tools that you’ll want to get familiar with: Labels and Filters.

A label is exactly what it sounds like. Applying a label to an email will essentially categorize it. If you used to use Outlook in the past, think of these as Folders (we’ll get to Outlook next).

You can organize labels based on a wide variety of topics—maybe you have a label for each project you are working on, or a label for different types of correspondence (invoices, reports, employee evals, etc.). Organizing your email into labels makes it easier to pull up specific emails later without having to rely on searching for them. More than one label can be applied to any particular email.

To create a label, just select Create new label in the sidebar (hidden under the More link) in Gmail or select the Tag Icon Box that appears when an email is selected. You’ll be able to select any labels you already have or create a new one. You’ll also be able to color-code each label.

But remember, we want to save time, so instead of having to manually move emails to a label, you can create filters to automatically apply labels to certain types of messages. Once you have some labels created, go to Settings, and click the Filters and Blocked Addresses tab. Once there, select Create a new filter.

You can also start this process by doing a Search from the top of your Gmail. Click the little dropdown arrow in the search box at the top of your email, and you can fill out the form to search for specific emails. You can create filters based on who the email is from, what email address the email is sent to, the subject line, words within the email, and more. 

If I wanted to send all correspondence from Bob to a certain label, I’d just put his email in the To: line and click Create Filter. Then Gmail will allow me to choose what to do to all emails from Bob. I could star it to make it stand out, apply a label, or a variety of other options.

Microsoft Outlook’s Rules and Folders

Microsoft Outlook’s process is pretty similar. Instead of filters and labels, Microsoft calls them rules and folders. Here are the steps to set up new rules:

• Right-click the message and select Rules, then, select Create Rule.
• Then you need to select the conditions that activate the rule, and what that means. 
• Make sure you select Run this new rule now on messages already in the current folder (if you wish) and click OK to finalize your rule.

This means that you will need to have a folder to file these messages in. While the option will be presented to you as you create a rule, you can also set up your folders separately in advance.

• In the Mail pane, right-click where you want to add your folder and select New Folder… from the menu that appears.
• Name your folder, and press Enter.

It takes time to build all of the rules (or filters) you need to streamline your inbox, but it will ultimately save you hours of time that would otherwise be wasted sifting through your inbox by hand. It’s all about becoming more efficient!

For more tips and tricks, bookmark our blog, and if you need help with your technology, give us a call at (604) 513-9428.

Email groups are remarkably useful. Instead of sending a copy of an email to each individual recipient, you can effectively create a simple forum post that everyone can participate in—a feature that certainly helps when collaboration is a priority. Let’s go over how you can quickly and easily create a group in Gmail.

Step 1: Access Google Apps and Select Contacts

That’s right—this process isn’t even completed in Gmail. However, since you’re likely in the Gmail app, click into the App Launcher icon (colloquially, and arguably more correctly, known as the “waffle” icon) and access Google Contacts. A new window will open to the Google Contacts page.

In this new window, you’ll see the Google Contacts page, and if you click the three-bar menu, you’ll see a selection of tools and options.

Step 2: Create a Label

In these tools, you’ll see a Label option, and underneath that, the option to Create Label. Give it a name you will remember it by, and click Save. You now have a label, and it’s time to add some contacts to it.

Step 3: Add Some Contacts

You’ll see lists of your email contacts by selecting Frequently Contacted or Directory. Select whomever you want to include in a group, finally clicking the label icon at the top of the window. Confirm that the right label is selected, and select Apply. 

That’s it! Now, from Gmail, you can put the name you gave your label into the To field of any email you’re writing to send it to that group.

Hopefully, this will come in handy for you moving forward. Keep checking back for more handy IT tips, and if you want assistance in managing it all, give Coleman Technologies a call at (604) 513-9428 to learn a bit more about what we do.

Microsoft’s Dedication to Security

Microsoft has as good of a handle on the nature of cybersecurity as any other major software company. The sustainability of their business and the effectiveness of their products are dependent on it. If their security software didn’t work well, there is no way they could sustain their place as the world’s most important software company, right?

One problem they are running into is that their security is SO effective, that hackers had to shift the ways they tried to infiltrate networks and steal data. The establishment of phishing is a social engineering term for duping a victim into downloading software that’s only purpose is to gain access to their personal data, which leads to data and identity theft, and in the case of business computing, access to much more.

Businesses Have Trouble with Security

Today’s business has to deal with a lot of different security issues. First, they are responsible for having the technology protections connected to each part of their computing infrastructure. This can be as simple as having the router-supplied firewall and an antimalware program loaded on their server. It’s likely, however, that the average business will need more coverage over their network to secure it, and the data stored behind those security platforms.

Next, and maybe most crucially, it is the business’ responsibility to train its staff on what kind of issues to look out for. Today, most malware infections and other infiltrations are the result of a mistake made by a person that has credentials and access to data. If your organization doesn’t properly train your staff on how to eliminate these threats, there is a fair chance that your network will be inundated with some type of malware at some point.

Microsoft 365 Security and Compliance

Microsoft, acknowledging the need for an enterprise product that combines the power of their Windows 10 operating system, the productivity options presented from Office 365, and powerful security and compliance controls, has launched Microsoft Office 365. The cloud-based solution presents the core computing resources that any business could use in a product that is available right now from Coleman Technologies.

Our knowledgeable technicians can help you find the right security platform for any of your business’ computing needs. Call us today at (604) 513-9428.

All businesses use email to communicate, but too many organizations haven’t jumped on the encrypted email bandwagon yet. Encryption is incredibly helpful to keep networks and infrastructure secure, and it can do the same for your email solution. In fact, it is likely required to ensure the secure transfer of critical and sensitive information.

Encryption secures data by scrambling it into unreadable form. The data must be decrypted using a key, which reassembles it into a readable format. The key is found on approved devices or accounts, granting your team access to the data, but only when they are allowed access. It doesn’t take a genius to connect the dots and see the value of encryption for email.

Compliance with Regulations

Depending on your industry, you might need encryption to comply with regulations and laws. These include HIPAA, GDPR, and PCI. It’s important to note that this compliance extends beyond the simple transfer of data and also includes storage. If you fail to stick to these guidelines, you could be subject to fines that break your budget. It’s really just a best practice, anyway, so you should be securing your communications to be a good business partner and provider.

Security for Sensitive Information

Your business shares sensitive information with customers and clients through email all the time, even if it’s not personally identifiable information. If this information is stolen by way of an intercepted email address, that’s a serious problem. You should encrypt email messages so that any onlookers or thieves cannot do anything with what they steal.

Preserve Trust with Customers

Encryption with your mail sends a message to your customers and clients that you respect their privacy and care about the security of their information. It means they can rely on you to do what needs to be done to protect their information. This, in turn, creates a culture where you can get maximum earning potential from them.

Encrypt Your Email Today

Encrypted email is a valid way to show your customers that you are the most trustworthy business in British Columbia. To learn more about how to protect your business’ assets, contact us at (604) 513-9428.

There are multiple add-ons and browser extensions available to help boost your email templates with more dynamic options, but today, we’ll be focusing on the baked-in capabilities that Gmail comes with.

What is a Gmail Template?

A template is Gmail’s digitized version of a form letter—a stock piece of correspondence that doesn’t change much (if at all) each time it is sent. Naturally, by eliminating the time it takes to repeatedly re-type what is essentially the same message over and over, a template can make your more routine correspondences much more efficient.

As a result, you can spend more time on your more important tasks, without short-changing your communications.

Activating Gmail Templates

In Gmail, access your Settings by clicking on the gear-shaped icon. From there, select See All Settings, and then Advanced. On the page that appears, you should find an option for Templates. Enable it and Save Changes.

Now, you’ll have the capability to create whatever template you need for your usual correspondence.

Creating a Gmail Template

Generating a new template is very simple. All you must do is start a new email and write it out the way that your template should replicate. Once your template is written to your liking, click the message’s three-dot menu and navigate to the Templates option. In the sub-menu that appears, you can Save draft as template (which also gives you the option to overwrite your old templates if they need an update). The Templates sub-menu is also where you’ll find all the templates you have saved in the past, when you’re ready to use them, as well as the option to Delete template if one is no longer applicable.

Hopefully, this will help you make much faster use of Gmail in the future. To learn more time-saving technology tricks, make sure you subscribe to our blog!

Consolidate Your Email with the Clean Up Tool

Businesses will often use email to communicate between groups of people, which is a really useful practice for keeping people apprised and in-the-know of what’s going on. However, these messages can quickly become repetitive, incoherent messes--especially in chains made up of larger groups--as participants reply to them, duplicating the thread within itself. Outlook includes a utility known as the Clean Up tool to fix these problems in your email conversations, and even in entire email folders.

By finding the Clean Up icon in the ribbon at the top of your Outlook window, you can access a drop-down menu. This menu offers to Clean Up Conversation, Clean Up Folder, or Clean Up Folder & Subfolders. Once you’ve confirmed your choice, you can access Clean Up settings, which allow you more granular control over how the tool sorts through your existing conversations.

Schedule Out a Message with Future Delivery

Sometimes you’ll have an opportune moment to send an email, but it isn’t the right time for this email to be received. For instance, if you want to share something with your employees to keep in mind throughout the next day, it doesn’t make sense to distribute it at the end of the day before for it to be forgotten. Outlook allows you to use your opportunity to your full advantage with Future Delivery.

Once you’ve written an email, click on Options, and then Delay Delivery. This opens a Properties box for that specific message, including Delivery Options that include a checkbox labeled “Do not deliver before.” Selecting this option and specifying a time and date will prevent your recipient from receiving your message before that point. Once you’re satisfied, close the Properties box and send the message just like any other.

Taking Advantage of Shortcuts

Keyboard shortcuts are used to simplify access to commonly-used functions in many computer programs and applications, and Outlook is no exception. For instance, Outlook features shortcuts for a wide range of its functionality - covering the basics (like composing a new message by pressing Ctrl+Shift+M), organizational tools (like moving a message with Ctrl+Shift+V) or annotating your messages (like adding flags to important ones with Ctrl+Shift+G).

This is really just the start of Outlook’s capabilities to help your operations. Subscribe to our blog to find out whenever we post other tips or IT blogs.

Have you ever suspected that a hacker could silently observe your email interactions with your clients and your staff? If you manage your own email infrastructure, we want to highlight the importance of email encryption. Encryption keeps your business’ email communications secure and compliant so you can worry less about security and privacy to focus more on running your business.

Here are three potential consequences of failing to encrypt your email communications.

Regulatory Fines

The big one to consider is that you’ll be charged out the wazoo in regulatory and compliance fines for failing to protect sensitive information.

Think about it; how much sensitive information is exchanged by email at your business? Even if it’s not directly included in the body of the email, how many attachments are sent that contain personal or sensitive information? Without encryption, any onlooker could easily pluck this data out of your inbox and use it for nefarious purposes.

And whenever you breach the security and privacy of others, you’re sure to get slapped with serious fines that can break your budget and jeopardize your business for the foreseeable future.

Negative Public Relations

What would your customers and clients think if they found out you don’t encrypt your email?

Never underestimate the power of a bad review or a local op-ed in the paper about how you don’t take security seriously. If potential clients are informed of a reason not to work with you—especially one related to security and privacy—they will consider other options, period. Worse yet, your current customers could jump ship and go work with one of your competitors, which directly impacts your bottom line and profits.

Seriously, who wants to work with a business that doesn’t take security seriously? Not me; that’s for sure.

Loss of Intellectual Property

What would you do if your biggest competitors had access to the tech and strategies that make your business what it is?

If your business has industry secrets or intellectual property to maintain, you really do need email encryption to ensure communications pertaining to those secrets are not leaked to competitors. Otherwise, you run the risk of ideas, thoughts, patents, and other IP falling into the hands of people who will steal your clientele. Worse yet, you might end up fighting prolonged legal battles and paying exorbitant fines due to these legal battles over your IP, which nobody wants.

Protect what’s yours with email encryption before it inevitably is no longer yours.

Coleman Technologies can work with your business to encrypt your email communications and keep your company’s messages safe. Learn more by calling us today at (604) 513-9428.

Properly Managing Your Email Like a Professional

Let’s not split hairs here: checking your email throughout the day can be a major waste of time. In order to avoid sinking time you could otherwise spend productively on reading (and re-reading) emails, there are a few habits you could develop.

Impose Rules on Your Email Habits

As we’ve said, repeatedly checking your email throughout the day can very quickly become a waste of your time. To avoid this, schedule times throughout your day to commit to checking your email. Once your time is up, stop until your next scheduled time.

We’ve all also accumulated emails that we simply don’t need to read. As harsh as it may seem, archive these emails, or unsubscribe as they come in to keep your inbox clean based on the subject line or the sender.

Managing Important Emails

Admittedly, not every email that comes in will be a waste of time. However, an overstuffed inbox can make it easy to miss something important. To avoid this issue, utilize folders to file your emails so that your inbox doesn’t become overfilled.

If Time is Left, Return to Your Inbox

If you finish your other tasks, return to your inbox and review your messages in order of importance. If you happen to run out of time, stop your review until your next opportunity. As you review your emails, don’t be afraid to unsubscribe to emails that aren’t important to your tasks.

Don’t Be Afraid to Leverage Filters and Labels

Filters and labels can help you to keep your emails more automatically organized. Your filters/labels should be relevant to their content. One can contain messages from a certain sender or pertain to a certain topic. As a result, you will be able to more easily keep your emails organized.

Rules like these can also keep you from having to deal with automatic replies, like out-of-office autoresponders and similar replies that you don’t need to receive.

What other emails have gotten in the way of your productivity? Let us know… we might cover them in a future blog! For more information, subscribe to our blog!

One Account, Two Accounts, Three Accounts, Four…
Based on your work responsibilities and how your office is structured, it is quite possible that you need regular access to multiple email accounts. You could have one you use internally, one for communicating with clients, one to reach out to vendors, one to use to sign up for resources… you get the point. When all is said and done, that’s a lot of email messages.

However, you presumably have other work responsibilities beyond just checking your email, so switching between all of them just isn’t a practical option. Well, it just so happens that you won’t need to switch, as the email client you choose will be able to consolidate these multiple accounts for you. Before we get into how, we need to make sure that we’re speaking the same language here.

- An email account is the individual address used to send or receive a message. In your organization, you might have This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.. Likewise, each employee may have a different account for their different responsibilities - for instance, This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it..

- An email client is the program that allows you to send and receive emails. Gmail and Microsoft Outlook are two perfect examples. If you have multiple clients stored on the same server, they can be used pretty much interchangeably, each client presenting all emails. An email client also has a few features that enable you to better keep track of multiple email accounts, provided you have set it up to do so.

Let’s go over your options now.

Multiple Inboxes
The people who developed the email clients that we use weren’t naive. They understood that a given user isn’t going to be tied down to a single email provider, and certainly not a single account. This is why email clients can support multiple inboxes, assuming they are configured correctly. Multiple inboxes allow a user to access a single client to manage multiple email accounts, streamlining the process greatly and enabling customized organization.

Multiple Email Personalities
On the other hand, some users don’t mind leveraging one inbox, but might still need to utilize more than one address in their correspondence. There is also a method that enables the use of a single, catch-all inbox, but enables the user to select which email address (in this case, known as personalities) their response is sent from.

To do so, you will first need to set up an email account that you do not give out, as it will serve as the catch-all address that all of your emails ultimately accumulate within. Once it has been set up, you need to set all of your other accounts to forward their contents to that mailbox - your internal IT resource should be able to help.

Once your messages are all being sent to the catch-all account, you will be able to respond to these emails from the address that they were originally sent to.

Setting Up Inboxes and Personalities
In order to accomplish either of these tasks for your client of choice, you will need to adjust a few settings.

Gmail
To add another account to your Gmail client, you’ll need to access your Settings, which means you have to click on the gear icon. Once you’re in your Settings, you should see a tab labeled Accounts and Import. Under that tab, there is a Check mail from other accounts section. Click on Add a mail account, and follow the instructions provided.

To add additional personalities to your Gmail account, you’ll need to again navigate to the Accounts and Import tab. There, you will find a section labeled Send Mail As, with the option to Add another email address. This will also allow you to choose your default email address.

Outlook
As it happens, there are too many different versions of Microsoft Outlook and too many variables to allow us to provide a walk-through. Fortunately, Microsoft does offer some documentation that instructs users how to manage their "connected accounts.” Of course, you can also call (604) 513-9428 for our assistance, as well.

Are there any solutions that you frequently use that you’d like some extra tips for? Tell us which ones in the comments section, and don’t forget to subscribe!

#1: Interact with it less.

As we established from the very start, email can very rapidly shift from an asset to a considerable time commitment, often multiple times throughout the workday. If possible, avoid getting drawn in by reducing the total amount of time you spend in your mailbox. There are a few ways to accomplish this:

• Check your emails in batches, allowing them to accumulate throughout the day and attending to all of them at once. This will help you to remain focused on your actual responsibilities, rather than having your concentration broken each time a message comes in.
  
  
• Create a browser shortcut that takes you directly to your message composer and bypasses the inbox:
  
  
  
  • For Gmail, use: https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1.
    
    
  • For Outlook, use: https://outlook.office365.com/mail/deeplink/compose?version=2020042702.13&popoutv2=1&leanbootstrap=1

#2: Organize yourself, by organizing it.

Without the proper maintenance, your inbox can quickly become bogged down with messages and make it impossible to find important messages later. Therefore, it is useful to add additional rules and features to your email client, such as:

• When you’re dealing with a ton of emails, it can be annoying to have to bounce back to your inbox each time you delete, move, or act on one of your incoming messages. Fortunately, there is a way to mitigate this issue through a simple change in your settings.
  
  
  
  • In Gmail, there is a feature called Auto Advance. With it activated, deleting, moving, or archiving a message will no longer send you back to your inbox, and will instead move you to your next message. You can also activate the Send & Archive button, which will give you the option to do both things in one click.
    
    
  • When using Outlook, you can change your settings to also advance you to your next message after acting upon its predecessor. Call up your Options (under the File menu option) and select Mail. On that page, you’ll find a section labelled Other, and the specification to complete an action “After moving or deleting an open item.” Select open the next item from the dropdown.
    
    
• Whether you’re dealing with communications referencing different projects or simply receive many kinds of correspondence, it can be difficult to keep them all straight. Sorting these messages out automatically can save quite a bit of time and frustration.
  
  
  
  • In Gmail, you can create Labels, which effectively help you manage different emails from different senders or that reference different topics. By creating Filters via the drop-down option in the Search bar, you can also set certain emails to have these labels applied based on preset criteria. These can even be used to sort through different email addresses you receive in the Gmail client.
    
    
  • Outlook also offers a similar function with its capability to create Folders and generate Rules to direct certain messages to them automatically, once again. When an existing inbox message is right-clicked, suggested rules will display, along with the opportunity to create one or to manage the ones you have already created.

#3: Prepare Ahead of Time

We all have those messages that we find ourselves sending time and time again, with minimal details changed between them. Shave the time you spend drafting these messages down by creating a template to start off with.

• In Gmail, as your message composer is open, click the triple-dot menu at the bottom and navigate to Templates. From there, you have the option to either insert a template you have already created or save what you have drafted as a new template to use later. If you no longer need a template, you can also delete it from this menu.
  
  
• In Outlook, you can create a new template from a message by navigating to File and Save As, then switching the file type to Outlook Template. To use them, select New Items as you are drafting your email and from there, More Items and then Choose Form. From there, select User Templates in File System in the Look In box. Find your template, and select Open.

What other ways do you know to speed up your use of your email? Share them in the comments! For more handy tips, make sure you subscribe to our blog.

Email is a great communication tool. However, certain things are just unsafe to communicate via email.

Let’s go through a list of such things. Better safe than sorry, after all.

What Should Never Appear in Your Inbox?

Passwords/Other Authentication Credentials

The advice is simple enough: don’t share credentials you use through email. While email is relatively safe, and you can delete messages on your end, you cannot ensure that the message is appropriately deleted and the recipient adequately protects the data. Plus, emails can be hijacked if either account is compromised, and you won’t know if that is the case until it’s too late.

Payment Card Numbers and Financial Details

Similarly, you should avoid sharing any payment or card details via email. It doesn’t matter how diligent you are about keeping your email cleansed of sensitive information… it is all about how diligent the person on the other end is. Unfortunately, you can’t assume they’ll respect your data security as they should.

Documents Under Attorney-Client Privilege

Are you starting to see a pattern here?

Privileged information should never be sent via email simply because—again—you have no way of guaranteeing that someone without privilege will not view it. These kinds of documents need to be handled much more carefully than to send them through any email platform.

Social Security Numbers

Considering how much official business a Social Security number is used for, it has been drummed into most of our heads how important it is to keep it secure. However, many people won’t think twice before sending this critical number in an email… a communication method that isn’t secure enough for all the same reasons we’ve already discussed. Unfortunately, this is too often overlooked, and an email’s security is overestimated.

Financial Account Numbers

This is extremely similar to the payment card situation we already addressed, except that access to a financial account would allow someone to take the funds and disappear with their ill-gotten prize. Therefore, sharing any financial information—such as account numbers—via email is also a bad idea, and any messages that contain it should be encrypted first.

Protected Health Information

Protected health information is extremely personal and private, not just because it reveals an individual’s most intimate details but also because these details can be used to a cybercriminal’s advantage in numerous ways… not to mention interfere with medical care.

State ID Numbers

This one—a state employer ID or state EIN—is used to help identify businesses for tax purposes and other governmental interactions. As such, it is extremely important for your business to protect, as scammers could use it to pose as a business representative and cause no shortage of headaches and confusion. This number could allow a cybercriminal to steal any tax returns due to your business, order goods as your business and stick you with the bill, or apply for unwanted loans that you would be on the hook for.

Long story short: don’t send these numbers in an email.

Driver’s License Numbers

If a cybercriminal were to gain possession of a driver's license number via one of your emails, they would have a key factor in perpetrating various crimes, posing as whoever’s license they had a number for. As such, a scammer could use this stolen identity to do a variety of things, from opening new financial accounts to filing for assorted benefits to claiming prescription medications to running more scams in your name (and everything in between). Again, the risks are not worth it.

Passport Numbers

Much like the aforementioned driver’s license number, a passport number in the wrong hands can accomplish many of the same scams and criminal activities. Lines of credit, government benefits, and more can all be claimed using a passport number as identification. As such, it is important to protect this number, and sharing or storing it in an email is not the way to do so.

It is Important to Be Vigilant When Composing an Email

Don’t let a fundamental mode of business communication be what makes your business vulnerable. Coleman Technologies can help you keep your business email secure. Give us a call at (604) 513-9428 to learn more.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from This email address is being protected from spambots. You need JavaScript enabled to view it., or does the email address actually read This email address is being protected from spambots. You need JavaScript enabled to view it.? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

In fact, the National Cyber Security Center released a report that outlined the attack that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also endorses.

This report describes the use of various exploits in conjunction with spear phishing attacks by APT29. Both tactics give APT29 access to carry out the rest of their attacks, which often involves deploying malware known as WellMess or WellMail.

On a side note, some of these exploits have been patched, so make sure you’re also up to date on your patches as well.

Many experts also share the opinion that Cozy Bear has struck before, and that the current threat needs to be taken very seriously as a result. It is believed that APT29 was responsible for the 2016 intrusion into the Democratic National Committee’s systems, as reported by CNN. The group has also been linked to assorted attacks on healthcare, energy, governmental and diplomatic organizations, and think tanks in the past.

What is Spear Phishing?

Phishing is a form of hacking that targets the end user, rather than using software vulnerabilities, to gain access to a system. Spear phishing is a more direct form of phishing. Instead of sending a generic message to massive groups of potential targets to see who takes the bait, spear phishing is specifically directed to an individual with access to key data and resources.

While APT29 may not target your organization as a part of these efforts to steal research, it is nevertheless critical that you and your team can recognize a potential phishing attack and mitigate it before it causes significant problems. While the following is by no means a comprehensive list of warning signs, it is a good place to start educating your team:

• Always check the details. Many phishing attacks can be identified by close-but-no-cigar “From” addresses. When in doubt, try looking up the email address that sent an email.
• Proofread the message. While legitimate messages can contain terrible spelling and grammar mistakes, and attackers can more and more effectively mimic professional communications, many phishing messages can be rife with errors.
• Double-check. If possible, don’t be afraid to confirm that the email is legitimate by reaching out to the supposed sender (through some non-email form of communication) to confirm that they sent the message.

For more assistance in dealing with phishing attacks, reach out to us! At Coleman Technologies, we’re motivated to help prevent a phishing attack from impacting your operations. Give us a call at (604) 513-9428 to learn more.

All it takes is one oversight to potentially undo any benefits your cybersecurity protections and other best practices may deliver. For instance, even if you have things like multifactor authentication in place, a phishing scam or even some malware varieties could potentially give an attacker access to your email… and all the data your messages contain, just sitting in your inbox.

This is where these kinds of attacks can get really, really bad, especially if there’s sensitive data being shared via email messages. Once a hacker gets access, they can see it all.

Let’s talk about the kind of data that should never be shared in an email for this exact reason.

What Kinds of Information Should Never Just Sit in an Email?

There are various types of data that you don’t want to include in an email, for numerous reasons. First of all, they’re unprotected there, and we’ve already discussed how simple it could be for the contents of a user’s email to be illegitimately accessed. 

Plus, you only have control over your own inbox. Who knows how long an email you’ve sent will sit in someone else’s, just waiting for someone to come and steal the information it holds.

This is why it is so important that the following types of information are only shared through secure means, and that all emails you receive containing them should be deleted immediately. We can implement rules (based on your Microsoft 365 license) to your email platform that periodically scan for such information and try to delete the messages containing any. That said, you and everyone working at your place of business should still be vigilant about not sending or storing these types of data in the body of an email, or even an attachment.

State/Nationally-Issued ID Numbers

From a driver’s license, Social Security number, passport number, or any other government-issued form of identification, this kind of data could be used by a cybercriminal to open many doors and give them considerable power. 

Bank/Financial Account Numbers

Similarly, if an attacker were to gain access to an email with the numbers identifying a user’s financial accounts, they are suddenly halfway to accessing them. This kind of information could easily be used to make a phishing attack that much more convincing and therefore effective.

Credit/Debit Card Numbers

Are you sensing a pattern yet? If cybercriminals access these numbers, they can make fraudulent purchases using them… and why wouldn’t they? They aren’t the ones who will be stuck with the bill.

Protected Health Information

This is where things get particularly dicey. Access to this kind of data is a clear violation of a person’s privacy and could be used to make their life more difficult. Plus, a lot of other personally identifiable information is often contained in these records, making their theft a double whammy.

Documents Protected by Attorney-Client Privilege

Similarly, these documents often contain a massive amount of the aforementioned information and data, meaning their privacy is paramount by inclusion. There are only so many reasons that an exception is made to this kind of privilege, and no, a cybersecurity incident is not one of them.

Passwords or Authentication Credentials

This list wouldn’t be complete without the passwords or other authentication credentials that are too often shared via email. These are not things you want a cybercriminal to have access to, only partially because they can easily give them access to all of the above resources.

Make Sure You and Your Team Keep This List in Mind While Using Email

This also isn’t enough. You also need to ensure that all cybersecurity protections are actively being used, from those you implement into your technology to the behaviors the entire team turns into habits. We can help with that. Reach out to us to learn more about our business cybersecurity services. Give us a call at (604) 513-9428.

Can you tell the difference between your colleagues and a scammer with access to their email account? This is essentially what a business email compromise attack involves—a scammer initiates a phishing scheme using an internal mode of communication. These scams are also observed in schools, making them dangerous in the education sector.

Today, we’re exploring how to navigate these attacks safely and what’s at stake if you don’t.

How BEC Works

Most employees won’t think twice if they receive a request for information—especially if it comes from a trusted company entity.

Business email compromise is an attack that uses an essential business communication tool to fool the victim into handing over the information directly. In some cases, the attacker might even receive direct access to the information they seek. There are no two ways about it—this situation is bad, full stop.

Here’s how it works:

1. A scammer will select a target, research it, and potentially even craft a fraudulent website to make their efforts that much more effective.
2. The scammer then breaches the company’s email systems and identifies the most effective targets based on the emails they send and conversations they hold.
3. Spoofing an email domain, the scammer prepares to impersonate the right person to influence their target.
4. The scammer then contacts the target, working to build up enough trust to make the ask—whether for money (often in the form of gift cards) or data.

These attacks are increasingly becoming more significant problems for schools and educational institutions.

Public Sector Organizations Are At Risk

Schools and public institutions find themselves the target of these attacks for a couple of reasons:

• Many such organizations have only a limited budget for cybersecurity, making them more likely to be targets of a cyberattack.
• These organizations also commonly exchange large amounts of capital regularly, giving an attacker more opportunities to strike.
• Many of these organizations also rely on complex administrative structuring and processes, making them even more vulnerable as issues are missed and the right people are required to sign off on any action.
• The public sector also typically collects a lot of data throughout its operations, which means that a cybercriminal would be interested in obtaining these stores.

It makes sense that schools in California and Tennessee have been targeted by these attacks, given how much hackers stand to gain from a successful strike. These institutions can sustain damages of up to six or even seven figures. But those are just the direct costs, not to mention the other damages to reputations and penalties.

All of these are reasons to consider your own approach to securing your business from BEC attacks.

What You Can Do to Mitigate Business Email Compromise

We recommend that all British Columbia businesses take the following security precautions for BEC:

• Adequately protect financial data and other sensitive information. A precautionary audit can help you determine what is at risk and where your vulnerabilities lie.
• Consider a cyber insurance policy. Cyberattacks are more commonplace than natural disasters these days, so you should have plans in place to protect you against the financial costs that could result (just make sure you know what’s covered and what limits exist).
• Prioritize compliance. All businesses are subject to certain compliance requirements, and failing to maintain the standards required by government or industry could result in hefty fines should your business fall victim to a scam.
• Monitor your infrastructure at all times. There are tools out there that can help you detect BEC attacks before they become a problem—like, say, a compromised account before it can be leveraged against your staff.

With these measures in place, we’re confident you’ll be in a much better position to identify and prevent BEC attacks.

If you’re worried about your business’ security, you can rely on Coleman Technologies to keep you safe. Learn more today by calling us at (604) 513-9428.

Those familiar with the online version of Gmail will find all of this quite familiar, as Smart Compose has been predicting their next words for some time now. It will seem newer to those more familiar with the Gmail application in macOS and Windows, as it hasn’t been available there until now. 

Using Smart Compose on Android Devices

The first thing you’ll have to have in order to use Smart Compose is an active Google account, with the latest version of the Gmail application installed on your chosen device. As you type, Smart Compose will present its predictive text suggestions that a user can either accept, or just keep typing to ignore. While this form of machine learning is pretty basic, it does demonstrate how a device can “learn” how a user is most likely to use it - in this case, what word is likely to come next in the user’s sentence.

Turning Smart Compose Off (and On Again)

Of course, some users may find these suggestions inconvenient or distracting. That’s totally fair, and means that these users should deactivate the Smart Compose feature. Access the Gmail app’s menu by pressing the hamburger icon at the top left. You should see your Settings from there. You will be asked to choose from the accounts that have access to your device. Once you’ve selected the appropriate account, look under General settings to find Smart Compose. Use the toggle switch to activate it or deactivate it as you please.

While Smart Compose may not be quite as impressive as the artificial intelligence that appears in feature films, it has one major advantage over them: it can actually be used to benefit your business. For other ways that you can give your business operations a boost through technology solutions and tips, subscribe to our blog! You can also reach out to us directly by calling (604) 513-9428.