How Scammers Forge Email Addresses, and How You can tell

Consider this a public service announcement: Scammers can forge email addresses. Your email program may say a message is from a certain email address, but it may be from another address entirely.

Email protocols don’t verify addresses are legitimate — scammers, phishers, and other malicious individuals exploit this weakness in the system. You can examine a suspicious email’s headers to see if its address was forged.

How Email Works

Your email software displays who an email is from in the “From” field. However, no verification is actually performed – your email software has no way of knowing if an email is actually from who it says it’s from. Each email includes a “From” header, which can be forged – for example, any scammer could send you an email that appears to be from bill@microsoft.com. Your email client would tell you this is an email from Bill Gates, but it has no way of actually checking.

Emails with forged addresses may appear to be from your bank or another legitimate business. They’ll often ask you for sensitive information such as your credit card information or social security number, perhaps after clicking a link that leads to a phishing site designed to look like a legitimate website.

Think of an email’s “From” field as the digital equivalent of the return address printed on envelopes you receive in the mail. Generally, people put an accurate return address on mail. However, anyone can write anything they like in the return address field – the postal service doesn’t verify that a letter is actually from the return address printed on it.

When SMTP (simple mail transfer protocol) was designed in the 1980s for use by academia and government agencies, verification of senders was not a concern.

How to Investigate an Email’s Headers

You can see more details about an email by digging into the email’s headers. This information is located in different areas in different email clients – it may be known as the email’s “source” or “headers.”

(Of course, it’s generally a good idea to disregard suspicious emails entirely – if you’re at all unsure about an email, it’s probably a scam.)

In Gmail, you can examine this information by clicking the arrow at the top right corner of an email and selecting Show original. This displays the email’s raw contents.

Below you’ll find the contents of an actual spam email with a forged email address. We’ll explain how to decode this information.

Delivered-To: [MY EMAIL ADDRESS]
Received: by 10.182.3.66 with SMTP id a2csp104490oba;
Sat, 11 Aug 2012 15:32:15 -0700 (PDT)
Received: by 10.14.212.72 with SMTP id x48mr8232338eeo.40.1344724334578;
Sat, 11 Aug 2012 15:32:14 -0700 (PDT)
Return-Path: <e.vwidxus@yahoo.com>
Received: from 72-255-12-30.client.stsn.net (72-255-12-30.client.stsn.net. [72.255.12.30])
by mx.google.com with ESMTP id c41si1698069eem.38.2012.08.11.15.32.13;
Sat, 11 Aug 2012 15:32:14 -0700 (PDT)
Received-SPF: neutral (google.com: 72.255.12.30 is neither permitted nor denied by best guess record for domain of e.vwidxus@yahoo.com) client-ip=72.255.12.30;
Authentication-Results: mx.google.com; spf=neutral (google.com: 72.255.12.30 is neither permitted nor denied by best guess record for domain of e.vwidxus@yahoo.com) smtp.mail=e.vwidxus@yahoo.com
Received: by vwidxus.net id hnt67m0ce87b for <[MY EMAIL ADDRESS]>; Sun, 12 Aug 2012 10:01:06 -0500 (envelope-from <e.vwidxus@yahoo.com>)
Received: from vwidxus.net by web.vwidxus.net with local (Mailing Server 4.69)
id 34597139-886586-27/./PV3Xa/WiSKhnO+7kCTI+xNiKJsH/rC/
for root@vwidxus.net; Sun, 12 Aug 2012 10:01:06 –0500

…

From: “Canadian Pharmacy” e.vwidxus@yahoo.com

There are more headers, but these are the important ones – they appear at the top of the email’s raw text. To understand these headers, start from the bottom – these headers trace the email’s route from its sender to you. Each server that receives the email adds more headers to the top — the oldest headers from the servers where the email started out are located at the bottom.

The “From” header at the bottom claims the email is from an @yahoo.com address – this is just a piece of information included with the email; it could be anything at all. However, above it we can see that the email was first received by “vwidxus.net”  (below) before being received by Google’s email servers (above). This is a red flag – we’d expect the see the lowest “Received:” header on the list as one of Yahoo!’s email servers.

The IP addresses involved may also clue you in – if you receive a suspicious email from an American bank but the IP address it was received from resolves to Nigeria or Russia, that’s likely a forged email address.

In this case, the spammers have access to the address “e.vwidxus@yahoo.com”, where they want to receive replies to their spam, but they’re forging the “From:” field anyway. Why? Likely because they can’t send massive amounts of spam via Yahoo!’s servers – they’d get noticed and be shut down. Instead, they’re sending spam from their own servers and forging its address.

The logo on this phone case is what powers its suite of accessories

At first glance, this just looks like a regular iPhone case, but in fact that logo is composed of some pretty cool tech. 

The Case By Case Kickstarter page bills itself as "the best phone case ever," which is a pretty bold claim. I don't know if it's the best, but it's certainly pretty versatile, with a suite of interchangeable attachments that cover a range of activities. The logo itself is what makes the attachments work, which is both a cool idea and a smart branding move. 

The double Cs on the Case by Case fold out to create a kickstand, but that's only the beginning. The X is indented and magnetic, so you can attach and remove accessories easily. Case by Case makes an external battery pack, card holder, folio wallet, arm band, handlebar mount, and GoPro compatible mount that all attach via magnets. The fold out C loops also serve as tension locks for the mounts.

In addition to the various accessories, theCase by Case does provide the basic function of a phone case—protection. They make tempered glass screen protectors, a slim bumper for everyday use and a "buoyant" bumper which appears to be waterproof or at least floats on water. 

Check out their campaign video below:

The Case by Case is currently available for iPhones 6 through 8+ and Galaxy S8 and Note8. If you've got another phone (or just really like your current case) you can buy a "Back Plate" that sticks to your current case via 3M adhesive.

Backing the project gets you 39% off retail and your backer level determines how many accessories you can add-on. For the "case + one accessory" option you can donate $49 but if you want all nine attachments you'll need to drop $209.

The Kickstarter campaign wraps up on December 1. They need $50,000 to get funded and are less than $9,000 away at the time of writing. 

Case by Case is working on an iPhone X case and more accessories, so if you're on the fence because you don't see exactly what you're looking for, it's coming.

Stop Judging Android Phones by Their Specs!

As flagship Android phones become more competitive, and the differences between them seem to narrow, marketing teams throw more numbers and jargon at us to convince us of their products’ worth.

But it’s a mistake to judge phones purely by their specs. It’s no longer true to say that the best specs always mean the best device. Flagships might give you the nicest design, built from the most premium materials, but that’s all you can guarantee.

Here’s how to cut through the marketing hype, and discover why some phones are better (or worse) than they look on paper.

Processor

Processor specs are crammed with numbers, like the number of cores or the clock speed, that show off how fast and powerful it is. In fact, putting an identical processor in two different phones will not result in identical performance.

There are too many other factors at play. The quality of the other components used, how well optimized the operating system is (each phone has its own build of Android), and how the manufacturer has chosen to set up the processor. Some might prefer to tune it more for battery life at the expense of raw power, or vice versa.

And while it’s safe to say that a high-end processor is better than a mid-range one, that’s only guaranteed for models from the same generation. In some cases, a modern mid-range processor may outperform the flagship processor from a previous generation.

Let’s also consider the elephant in the room.

If you’ve ever compared your flagship Android phone to your friend’s iPhone and felt that the iPhone seemed faster, that’s because it is. Benchmark tests show that while the two are somewhat comparable in multi-core performance (for power hungry tasks like gaming and shooting high frame rate video), the iPhone is in a different league for single core performance. This covers everyday tasks like swiping, scrolling, and opening apps.

RAM

The amount of RAM in a current flagship phone ranges from 4GB to 8GB. Does that mean the 8GB model is twice as good? No.

Here’s the thing about RAM: it’s only of value when it’s being used. Free RAM is a waste of RAM.

If you’re using apps and games that require huge amounts of memory, then, yes, the performance will better than on the 4GB device. But those apps and games don’t exist on Android, so assuming you’re going to get better performance just because your phone has more RAM couldn’t be more wrong. It’ll futureproof your phone, but nothing more.

Even on phones with the same amount of memory, performance will not always be the same. The speed and responsiveness of a device is dictated to a large extent by how well optimized the operating system is. Very few devices run a stock version of Android. Instead, manufacturers use their own heavily customized versions with extra features and apps.

Some are more efficient than others. Even after a factory reset, the amount of RAM available will differ from one model of phone to another. And either way, Android is very good at managing memory. So unless you’re using a very budget device with limited RAM, you won’t have to worry about it at all.

Screen

Screen specs are always packed with jargon designed to impress.

There’s OLED and LCD, resolution, pixel density, and so on. And now refresh rate, too. The 120Hz display on the new Razer Phone should deliver a smoother scrolling effect, which could result in improvements to the perceived speed of the phone. Expect more phones to have this in future.

OLED is often regarded as the best display technology due to its greater contrast, dynamic range, and better power efficiency. It’s also a must if you want to use Google’s Daydream VR system. But at the flagship level, the difference between OLED and LCD might not be as great as you’d expect.

Unfortunately, whatever type you’re using, not all displays are made equal.

First, there are potential quality issues. Just recently, we’ve seen the LG V30 screen exhibiting uneven brightness across the entirety of the display on some units.

And on Google’s Pixel 2 XL there has been issues with screen burn in. This is where images that remain on screen for an extended period of time become permanently burnt into the display, and remain visible at all times. Android’s status and navigation bars are prime candidates for causing burn in, but it should take many months or even longer to happen.

And then there are the ways that manufacturers set up their screens. Some choose very bright displays with vivid colors, while others prefer a more natural look. There’s no right or wrong here, it’s all about personal taste. But once you get used to one, the other can be quite off putting.

Battery

When it comes to the battery, bigger is normally better. But as always, it’s not quite that simple. A smaller battery doesn’t automatically mean poor battery life if it’s coupled with well optimized software and an energy efficient processor.

But there are so many factors that affect battery life that it’s impossible judge how well a battery will perform from its specs alone. Maybe you’re running one of these power-sapping apps. Or maybe you’re in an area with poor network coverage, so your phone needs to use more power to maintain a connection.

If your battery is underperforming, there are lots of things you can try to improve it. And don’t forget that a battery’s capacity diminishes over time. If you find you’re getting an hour less screen time than you were a year ago, that may be completely natural.

Storage

The main thing to remember when looking at headline storage specs is that the actual amount of space available to you will always be a lot lower.

Internal storage contains the operating system and pre-installed apps as well, and it’ll often account for a good 10GB (or more). That 32GB phone with no SD card slot might be creaking at the seams after six months of use.

One other overlooked detail about storage is its speed. It’s rarely mentioned on the spec sheets but can have a dramatic effect on the overall performance of your phone. If you wonder why your phone seems slower after several months of use, one factor could be that the performance of yourinternal storage is degrading.

The only way to get the lowdown on read/write speeds of phone storage is to check the benchmarks in online reviews.

Camera

Specs have always been used to try and sell cameras, and smartphone cameras are not immune to this. Fortunately, smartphones were spared the “megapixel race” — the mistaken belief that more megapixels means better pictures — but there are still plenty of other areas they compete on.

All but the cheapest phone cameras nowtake decent pictures in good light conditions, so most of the attention falls on their ability to shoot in low light. There are numerous hardware factors that can affect this, but they aren’t always as important as they might seem.

The main one is the aperture. This is the size of the hole between the lens and the sensor, and it controls how much light the camera can draw in (it’s measured as an f-number, and a smaller number represents a larger aperture).

The LG V30 has the largest aperture on a phone at f/1.6. It captures a third more light than the f/1.7 lens on the Galaxy S8. But that doesn’t automatically mean it’s better.

A larger sensor also captures more light. So do larger pixels on the sensor. And so does optical image stabilization, which enables the camera to use slower shutter speeds. It’s very hard to compare these in a meaningful way, so reducing them to numbers on a spec sheet tells you nothing.

Camera Software

But the hardware isn’t even the most important thing in a phone camera. More than ever, it’s the software that is responsible for producing images. The HDR+ mode on Google’s Pixel phones, for example, takes a rapid burst of shots and blends them together into a single image with high dynamic range and low noise.

The effect is so good that it is able to overcome many of the limitations of the hardware, and surpass those cameras that should be better (based on their specs). Most major phones have similar features, although they don’t always work quite so well.

How the software processes images is also important. Some manufacturers produce pictures that are ultra-sharp with vibrant colors that are punchy but not realistic. Others prefers softer, more natural images. The worst cameras have software that delivers flat, digital looking photos that are uninspiring. In these cases, choosing abetter camera app might help.

Ultimately, the best way to judge a camera is by looking at sample images and deciding for yourself.

Choosing a Phone

Not so long ago, specs were an important indicator of the quality of an Android phone. Each generation of devices was better than the last, and each bump in specs brought tangible benefits.

But that’s no longer true. Smartphone development has largely plateaued. Most phones from $300 upwards will give you an HD display, fast processor, and decent camera. But it’s impossible to discern how these details will translate to real world performance. Some mid-range devices far exceed expectations, some flagships disappoint. The Android specs race is over.

WARNING! New Facebook virus being sent via Messenger

Copyright: gilc / 123RF Stock Photo

(First published on Goodthingsguy.com)

Everything you need to know about a new Facebook virus that has started doing the rounds in South Africa…

Another Facebook virus has been released, unlike any other and it has just reached South African shores. This malware has a botnet-like capability and can post your profile picture along with a URL and a video on your Facebook timeline making it look like your friend has made a video of you.

Users of the social media site are receiving a seemingly innocent message from people on their friends list with a video link attached, which claims to be about the receiver.

But when opened, the video redirects to afalse YouTube page where the user is prompted to download a file to view the video.

However, there is no video.

This malware can post your profile picture along with a URL and a video in a message making it look like your friend has spotted a video of you.

“Instead those who do follow the instructions and complete the request unwittingly download a virus which in turn spams the user’s friends list with the same link.”

This type of Facebook Trojan operates on the botnet principle. Its primary purpose is to steal your information including:

• IP and other System Info
• Facebook account information
• Browsing history
• E-mail accounts and other passwords

There have been reports that some users have been unable to log out of their accounts after mistakenly downloading the virus.

But there are steps you can take to avoid being compromised

• If you receive one of these messages, DO NOT OPEN it and inform the friend who “sent” the video that their account has been hacked.
• If you do find that your Facebook profile has been compromised by the scam, you need to secure your account as soon as possible.
• Be sure to change your password and run an activity check to spot any suspicious activity on your page.
• You can also remove any downloaded malware by going into Facebook Settings & Apps, Websites and Plugins & Select Disable to protect your account from unauthorized access of third party apps.
• It is also recommended to run any anti-virus or malware programs to rid your device of any bugs that may have been downloaded to your system as a result of the download.

Great!!! WhatsApp Finally Ready To Have “Admin Super Powers” Feature On Its Next Updates

Those who use Telegram app would be familiar with this feature called “Admin Super Powers“. WhatsApp has brought a lot of features recently and another most wanted feature is coming soon.

These are the functions of the Admin Super Power:

The Power: The feature will allow the main administrator to have control over other admins. WhatsApp will prevent the group creator from being deleted by other administrators.

Subject Subject Modifications: Most-wanted, administrators will be able to choose if participants or other admins will be able to modify the group’s description, icon, and subject. Once enabled that only admin can edit the subject, icon and description, a notification would appear notifying that only admins are eligible to change the settings.

Restriction in Groups: This feature will allow admin to disable the chat. That means, users will only read messages but won’t be able to send group text messages, images, videos, GIfs, documents, voice messages or even starting a new live location. Meanwhile, while the group chat is disabled, a message will appear telling that “only admin can send messages in this group”. The settings of this feature can only be altered after 72 hours.

However, the feature roll out date has no specific time frame but was reported to come out around 2018.

What do you think about this new feature, cool or not?

Amazon Key hacked: Tech-savvy couriers could exploit cameras and sneak into homes

"Amazon Key" smart lock system could be exploited by tech-savvy delivery drivers.

The Amazon Key was always going to be a tough sell - is there a security risk?

Amazon has pledged to release a security patch after a team of cybersecurity researchers showed its delivery service, which lets couriers inside homes, could be hacked.

Security wise, the proposition of dropping off packages inside houses was always going to be a tough sell. And according to US firm Rhino Security Labs, issues in camera software linked to the "Amazon Key" smart lock system could be exploited by tech-savvy delivery drivers.

The new approach to drop-offs, announced on 25 October, is built upon a mobile application and a camera known as the Cloud Cam, which lets users watch the delivery as it's happening in real-time.

Upon arrival, couriers scan a barcode to confirm their identity and the details of the order, after which the camera automatically starts recording.

The smart lock opens the door and, while under the watchful eye of the home-owner, the application will later ping when the entrance is closed again.

Updates and notifications are provided at every step.

But according to Rhino Security Labs, a Wi-Fi cyberattack could disable the camera – essentially freezing the image on the application to make it look like the front door is shut, and locked. It does this with a technique known as "deauthorisation".

"The camera is very much something Amazon is relying on in pitching the security of this as a safe solution," Ben Caudill, the founder Rhino Security Labs,told Wired.

"Disabling that camera on command is a pretty powerful capability when you're talking about environments, where you're relying heavily on that being a critical safety mechanism."

The company has also uploaded the proof-of-concept demo of the hack in action to YouTube.

In response, Amazon has confirmed a fix is on the way "later this week" that will give users a notification if the camera is tampered with or offline for an extended period of time. It stressed that all of its drivers go through "comprehensive" background checks.

"Safety and security are built into every aspect of the service," a spokesperson said, adding: "The service will not unlock the door if the Wi-Fi is disabled and the camera is not online."

Hackers Beat iPhone X’s Face ID Security In Just One Week

PA

Hackers claim to have beaten Apple’s facial recognition security technology just one week after the iPhone X went on sale.

Apple has previously claimed their FaceID system on the new iPhone X cannot be fooled by photos, impersonators and masks but cyber security firm Bkav said a 3D-printed mask which costs $150 (£115) to make has already fooled the new software.

FaceID is used to unlock the new iPhone X, as well as allowing users to authorise payments and log in to apps. Apple has been using fingerprint sensor embedded in the home button for several years, but completely removed the home button on the newest iPhone model.

Watch the video here:

The researchers said their findings proved that Face ID is ‘not an effective security measure’, although making the mask did require a detailed facial scan, and would be difficult for normal users to replicate.

When the iPhone X was unveiled in September, Apple claimed there was a ‘one in a million chance of another person being able to unlock the phone’ and said they’d ‘stress-tested the technology using silicone masks made by Hollywood studios’, writesthe Telegraph.

Bkav constructed the mask using a combination of 3D printing, a silicone nose and printed images of the eyes.

In a video released by the company you can appears see Face ID supposedly being fooled when a cloth covering the mask is taken away.

PA

The Telegraph states because the video ‘does not show Face ID being set up’, it cannot be confirmed Bkav’s technique actually works.

When asked who’d be targeted by the hack, they said:

Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID’s issue. Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our PoC.

FaceID caused some embarrassment for Apple back when it was being unveiled ahead of its release.

Things obviously didn’t go according to plan when Craig Federighi, Apple senior vice president, attempted to demo the feature in front of the audience in the room and no doubt the millions of people watching at home.

Federighi was extolling the virtues of Face ID, telling the audience how easy it would be to operate and how secure the phone would be as a result.

PA

And then he was left completely embarrassed when he tried to lift the phone to his face, only to be told to enter the code for the phone because it had failed. A classic.

Before the fiasco, Federighi said:

With iPhone X, your iPhone is locked until you look at it, and it recognises you. Nothing has ever been more simple, natural and effortless.

We call this Face ID. Face ID is the future of how we unlock our smartphones and protect our sensitive information.

Apple said their Face ID technology is unsuitable for children under the age of 13 or for twins, suggesting these users set up a passcode instead.

The company did not respond to a request by The Telegraph for comment on Bkav’s findings.