Have you ever heard of the term “idiot box?” Maybe they are not that dumb? Smart TV’s are able to watch you watch TV and learn about the devices on the same network in your home. By the way, even if you had never heard of the idiot box term, I am sure you can easily guess that it is the North American word for a television set. At least, that is what Google seems to believe.
In fact, search of “define idiot box” yielded the definition “a television set.” Marriam-Webster seems to agree as well.
Back to our point, though. Your Smart TV has been reported to spying on you with your consent but, if you are like the majority of Smart TV owners, without your knowledge. So, go ahead and read up on these stories about what Samba TV does with your data and what bad hackers could trick your device into doing. Armed with this knowledge, you will at least be able to understand how in the world did that company know to advertise this or the other product to you.
Word just go out that the marketing firm EXACTIS has in its possession a database with close to 340 million individual records available until recently ( as of June 2018) on a publicly accessible server. The balk of the database comprises “close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses,” claims the magazine WIRED. In their article on the subject, WIRED provides further details:
While the precise number of individuals included in the data isn’t clear—and the leak doesn’t seem to contain credit card information or Social Security numbers—it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person’s children. “It seems like this is a database with pretty much every US citizen in it,” says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he’s searched for in the database, he’s found.
You may need to go check https://haveibeenpwned.com/ by Troy Hunt to see if your email address was among the leaked data and to sign up for a notification should your email address appear in such a leak and become available to ‘;–have i been pwned? (HIBP).
As HIBP suggests in one of their recent emails, monitoring Have I Been Pwned for data breaches is a great start, you should take two more steps to protect all your accounts:
- Protect yourself with strong, unique passwords for each website with a password manager like 1Password or LastPass or any of good one of your choice.
- Enable 2 factor authentication and store the codes inside your password manager.
Further recommendation would be that you keep an eye out on your credit records and any other possible social engineering attacks against you or your family.
Here is little warning and reminder not to get too comfortable thinking that scammers are gone or that your email spam filter is so good they will never get to you. Here is your wake up call: These people never get tired of trying. They use all sorts of means to disguise themselves including shortening their links by means of “short url” machines like in the case of the above picture.
Example of an email that hides a dangerous link behind a tinyurl link under the UPGRADE NOW button.
In fact, I just got right in my inbox one of those messages with a malicious link to some phishing scam hosted on https:// [some_malicious_place] .us.archive.org. But the link that was actually in the big blue button was not pointing there directly. It was disguised behind a https:// tinyurl.com/ [some_extension_goes_here]. It took running the link through Google’s online virus scanner virustotal.com to detect that the final destination of the link is an archive.org-hosted malicious content and site.
So, when you get an email that makes you uncomfortable as to why you are getting it or one that it looks suspicious, you probably are right. It is probably suspicious and dangerous. Get your IT friend look at it or just do not click on any links or attachments in it until you can get it verified by someone who has the tools. If you know how to extract the links without activating them, then do that and report the links if malicious to places like virustotal.com or to your antivirus software so they can include it in their next update. Please note that sometimes the email may come from an address of a person you actually know (after their mailbox was hijacked or is being spoofed).
Google is full of resources on how to tell if the email you are looking at is Spam. Seriously. Just type such a question and you will find a plethora of reputable sites with good examples. Emphasis on reputable. Do not fall for more phishing while trying to detect some.
This screenshot from virustotal.com details page shows us the final URL the tinyurl link or Shortened URL that was in the phishing email would have led to.
Yes, an extra dot in the username part of the email address does not change who gets the email address at Gmail.com. Please be careful to notice that this might not be true of all other email service providers.
For example: firstname.lastname@example.org is the same as email@example.com or any variation of the position or number of dots before the @ sign. If someone tries to open a new Gmail account with just a dot as a difference between their address and yours, Google will tell them the username already exists.
Caution: if you used Gmail through an organization like school, business, or company, your dots do matter.
More on this in this Gmail help article.
Have you experienced anything that contradicts the above? Please share here in comment.