Information Technology

Cyber criminals are stealing millions by luring victims into investment scams and then using remote screen-sharing software to steal money, bank details and other personal information. According to research by the Financial Conduct Authority (FCA), the number of screen-sharing scams has almost doubled over the course of a year – and almost half of investors wouldn’t be able to identify that they’re being duped by one. That’s resulted in over £25 million in losses in the UK alone. Many of the attacks target potential investors – including those looking to invest in Bitcoin and other cryptocurrency – because if cyber criminals can successfully trick these high-value targets into falling for scams, they can steal significant amounts of money in one go.

ZDNet Recommends

Of those surveyed by the FCA, 91% said they would never share their PIN with a stranger, but 85% wouldn’t think a request by a website to use or download software could be a warning sign that someone was seeking to gain illegal access to personal information on their computer or smartphone. That’s providing scammers with opportunities.  SEE: How to keep your bank details and finances more secure onlineIn one case, a victim clicked on an online advertisement for Bitcoin and then later received a phone call from someone claiming to be a financial advisor who offered to help her through making her first investment in cryptocurrency. The ‘advisor’ asked her to download remote desktop screen-sharing software, which provided the scammers with the ability to access financial details and other sensitive information on her computer. The victim lost more than £48,000 after scammers raided her bank account, her pension and used her stolen details to fraudulently apply for loans. The FCA says this is just one of thousands of cases that have been reported to its Consumer Helpline, where cyber criminals have used screen-sharing platforms such as Teams, TeamViewer and Zoom to trick users into handing over remote control of their computers. Not only is this a financial risk due to loss of money, it’s also a privacy risk as scammers could also use that access to steal usernames and passwords for a variety of online accounts. “Once scammers gain [access] to your screen, they have complete control. That means access to your sensitive banking and investment information, the freedom to browse at their leisure, and the ability to take whatever details they want,” said Mark Steward, executive director of enforcement and market oversight at the FCA. “It can affect any investor, no matter how experienced. It’s incredibly difficult to get money back once lost in this way,” he added. The best way to avoid falling victim to screen-sharing scams is to not share your screen with any ‘investment’ advisors who ask you to, because it’s a big indicator that they’re a scammer. “Legitimate firms will not ask you to do this,” said Steward. The FCA also runs a warning list that people can check to see if the firm they’re dealing with isn’t authorised or registered by the FCA, while it also lists firms that are known to be running scams.  MORE ON CYBERSECURITY More

It’s time for another installment of Ask ZDNet. In the mailbag this week: A crash course on TPM technology, the fastest way to get to Inbox Zero, and the best way to move large files from one PC to another. Got a question for us? Send it to ask@zdnet.com. Questions can cover just about any topic that’s related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice… well, you get the idea. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think will be of interest to other readers. Please include your real email address, so we can ask follow-up questions, if necessary. We promise not to use your email address for any other purpose.  Ask away. 

I have more than 100,000 unread messages in my Gmail inbox. That’s not good, is it?

Sometimes I just stare at the number of unread messages in my inbox and wonder how it’s even possible to get to this place. Other times, I feel overwhelmed. How do I take back control?

We feel your pain. In fact, we can quantify it. If you were determined to work through a stack of 100,000 Inbox messages, processing each one in less than 10 seconds, it would take you more than 30 eight-hour days in which you would not get any other work done. That dreary task would make an assignment at the Lumon Corp. look like bliss. (Note: Severance is a dark, dystopian fantasy, not a career goal.) And, of course, during those days while you were processing that enormous backlog, you would receive thousands more messages.

The answer is simple: Declare email bankruptcy. You will feel so much better when you simply make those unread, unprocessed, mostly irrelevant emails just vanish into thin air so you can start fresh. On Gmail, that means going to your inbox in a web browser and clicking the Select All checkbox at the far left of the toolbar, just below the Gmail logo; then click the link just above the message that says “Select all nnn conversations in Inbox,” where nnn is the number that is making you feel discomfort. (That last step is crucial; you don’t want to be processing messages 50 or 100 at a time.)

ZDNet Recommends

The best email hosting services

Are you ready to use a professional address and exert control over your business communications? Then you’ll want to sign up with an email hosting provider.

Now click the Archive button, just to the right of the Select All checkbox. It might take a while, but eventually you’ll end up with Inbox Zero.And now that you’ve reached Inbox Zero, you can begin learning how to filter out unwanted messages and train Gmail to recognize which messages are Important. (That’s what the little yellow flag to the left of a message means. Use it to train Gmail to recognize which messages you consider important.) Use the Important view to make sure you’re responding to high-priority messages from your boss or co-workers or (ahem) editor. Also, get in the habit of archiving important messages you’ve already dealt with and deleting unimportant messages after reading — instead of allowing them to pile up.If you use Outlook, you have a similar feature called Focused Inbox, which automatically sorts important messages into the Focused tab and displays less important ones on the Other tab.For more ideas, we recommend a highly entertaining article called “Declare Email Bankruptcy and Get a Fresh Start” by productivity guru Michael Hyatt.Also: How to back up your Gmail: The ultimate guide

What’s a Trusted Platform Module, and why does my PC need one?

I’ve read the specs for Windows 11 and I know that it requires a TPM. But I have no idea what a TPM is or what it can do for me. Can you explain how it works? Do I need to do anything to set it up?

The simple answer is that a Trusted Platform Module is a secure cryptoprocessor, a dedicated microcontroller designed to handle security-related tasks in a way that minimizes the ability of attackers to break into a system. The complete answer is, as with anything related to computer security, slightly more complicated.The TPM architecture is defined by an international standard (formally known as ISO/IEC 11889) created by the Trusted Computing Group. The standard deals with how different cryptographic operations are implemented, with an emphasis on “integrity protection, isolation and confidentially.”

A TPM can be implemented as a discrete chip soldered onto a computer motherboard, or it can be implemented within the firmware of a PC chipset, as Intel, AMD, and Qualcomm have done. If you use a virtual machine, you can even build a virtual TPM chip into it. The overwhelming majority of PCs built in the last 10 years include TPM technology, and most PCs designed in 2015 or later include the TPM 2.0 version that is required by Windows 11.

must read

Windows 11 security guide

The best time to start thinking about security is right now. Here’s how to protect your home and small business PCs.

The point of that technology is to be a super-secure location for processing cryptographic operations and storing the private keys that make strong encryption possible. The TPM works with the Secure Boot feature, which verifies that only signed, trusted code runs when the computer starts up. If someone tries to tamper with the operating system (to add a rootkit, say), Secure Boot prevents the changed code from executing. The TPM also holds the BitLocker keys that encrypt the contents of a Windows system disk, making it nearly impossible for an attacker to break that encryption and access your data without authorization. (For a detailed technical explanation, see “How Windows uses the Trusted Platform Module.”)Windows 10 and Windows 11 initialize and take ownership of the TPM as part of the installation process. You don’t need to do anything special to set up or use a TPM beyond making sure it’s enabled for use by the PC. And it’s not just a Windows feature. Linux PCs and IoT devices can initialize and use a TPM as well.Having that extra level of security enforced in tamper-resistant hardware is a Very Good Thing.

What’s the best way to transfer large files between my laptop and my desktop PC?

I do a lot of video editing work, and I often need to move those files from my laptop to my PC and back again. They’re huge! What’s the best way to transfer them from one machine to another?

Here at Ask ZDNet, we’re old enough to remember the term sneakernet. For the young’uns in the audience, that was how your elders referred to the incredibly tedious process of swapping files between PCs using floppy disks.

In the modern era, you can do pretty much the same thing, although you have much faster and more capacious options. For those huge video files, your best transfer vehicle is an external SSD that uses the Thunderbolt 3 or 4 standard or USB 3.2 Gen 2 (aka USB 3.1). Plug one of those drives into a USB Type-C port, and you’ll be astonished at how fast the bits fly from Point A to Point B. If that’s not an option, an external drive using USB 3.0 or later will probably be fast enough to get the job done.

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

If both devices are running the same operating system, you can use wireless options (Wi-Fi and Bluetooth) to transfer the files. On Windows PCs, the feature is called Nearby Sharing; on a Mac, it’s called AirDrop.The trouble with sneakernet, even the wireless version, is that it requires manual labor on your part — copying files from one PC and then physically restoring them to the other device. If you make changes on one device and forget to copy it to the other, you could end up with files that are out of sync, where you’ve made changes to two different versions with no easy way to reconcile them.The best way to avoid this possibility is to store those files using a cloud storage platform (OneDrive, Google Drive, Adobe Creative Cloud, Dropbox, etc.) and let a software agent on each device take care of keeping them in sync. If your work is mainly asynchronous — that is, if you do most of your edits on one machine and only need to transfer your files when everything’s complete, this option is ideal. Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.  

ZDNet Recommends

  More

Image: CCDCOE
South Korea’s intelligence agency said on Thursday that the country has joined a cyber defense group under the North Atlantic Treaty Organization (NATO), becoming its first Asian member country. The National Intelligence Service (NIS) said that South Korea, along with Canada and Luxembourg, have been admitted into the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think-tank based in Tallinn, Estonia, that supports member nations and NATO with interdisciplinary cyber defense research, training, and exercises. The think-tank was established in 2008 by NATO members, on the initiative of Estonia, in response to the country suffering crippling cyberattacks allegedly committed by Russia. With the addition of the three new member nations, CCDCOE now has a total of 32 members — 27 sponsoring members of NATO and five contributing participants, including South Korea, that are not part of NATO. South Korea’s NIS said it has been working to become a member of CCDCOE since 2019 to gain cyberattack response expertise in order to protect the country’s backbone infrastructure, and to formulate a global strategy. The intelligence agency said it plans to send more staff to the centre and expand the scope of joint training. Cyber threats were causing enormous damage to individuals and countries which require close global cooperation to respond to, NIS noted, adding that it will work closely with CCDCOE members going forward. Even prior to becoming an official member of the centre, South Korea had taken part in CCDCOE’s large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks. South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups. Meanwhile, earlier in March, the 27 sponsoring nations of the CCDCOE voted to accept Ukraine into the centre as a contributing participant. Related Coverage More

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. “[Our investigation] revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts,” the company said in its incident notification. “For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed. We have rotated internal Heroku credentials and put additional detections in place. We are continuing to investigate the source of the token compromise.” The company also said an attacker first gained access on April 7, two days before the previous earliest date of the attack made public by either Heroku or GitHub. “On April 7, 2022, a threat actor obtained access to a Heroku database and downloaded stored customer GitHub integration OAuth tokens. Access to the environment was gained by leveraging a compromised token for a Heroku machine account,” it said.”According to GitHub, the threat actor began enumerating metadata about customer repositories with the downloaded OAuth tokens on April 8, 2022. On April 9, 2022, the attacker downloaded a subset of the Heroku private GitHub repositories from GitHub, containing some Heroku source code.” GitHub noticed the activity on April 12, with a notification from GitHub landing on April 13, and Heroku revoking all GitHub integration OAuth tokens three days later. “We value transparency and understand our customers are seeking a deeper understanding of the impact of this incident and our response to date,” the company said at the top of the incident notification page that has been running since April 15. Heroku has previously said it would not be reconnecting to GitHub until it was certain it was safe to do so. This week, GitHub said it would be mandating the use of multi-factor authentication by end of 2023. Related Coverage More

Image: WhatsApp
WhatsApp, the messaging platform owned by Meta, has announced new features in line with last month’s communities announcement that includes larger file sharing, a new emoji reactions feature to respond to messages, and eventually larger chat groups.  WhatsApp claimed in a blog post that the new features will “make it easier” for its app to facilitate internal conversations within small business groups, school groups, and community organisations. The announcement detailed that users can now send files, protected by end-to-end encryption, of up to 2GB in size, an increase from the previous limit of 100MB.  “We recommend using Wi-Fi for larger files and we’ll display a counter while uploading or downloading to let you know how long your transfer will take,” the company added. WhatsApp also confirmed that it will begin to roll out the option for larger group chats of up to 512 people, up from the previous number of 256. Additionally, the company announced WhatsApp Reactions, a new feature that will be available on the latest version of the app. “Reactions are fun, fast, and they reduce overload in groups too. We’ll continue improving them be adding an even broader range of expressions in the future,” it said.”Building private, safe, and secure communities takes work and we think this series of improvements will help people and groups stay close to one another.” Earlier this year, Meta announced that it would delay the launch of WhatsApp’s Communities feature in Brazil as part of plans to tackle the spread of false information ahead of the presidential elections. According to the company, the feature will only be launched in Brazil after the presidential elections, set to take place in October. Related Coverage More

Written by

Eileen Yu, Contributor

Eileen Yu
Contributor

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Full Bio

If applied inappropriately, artificial intelligence (AI) can bring more harm than good. But, it can offer a much-needed helping hand when humans are unable to find comfort from their own kind.  AI hasn’t always gotten a good rep. It has been accused of replacing human roles, taking away a person’s livelihood, and threatening human rights. With the right checks and balances in place, though, few can deny the potential for AI to enhance business operations and improve lives.  Others have tapped AI to help save lives. The Chopra Foundation in September 2020 introduced a chatbot, dubbed Piwi, to provide a “community-driven solution” that aims to prevent suicide. The AI-powered platform is trained by “experts” and, based on the online interactions, will connect users to 5,000 counsellors who are on standby. 

The foundation’s CEO Poonacha Machaiah said: “With Piwi, we are giving people access to emotional AI to learn, interpret, and respond to human emotions. By recognising signs for anxiety and mood changes, we can improve self-awareness and increase coping skills, including steps to reduce stress and prevent suicide by timely real-time assistance and intervention.” Piwi has deescalated more than 6,000 suicide attempts and handled 11 million conversations through text, according to The Chopra Foundation’s founder, Deepak Chopra, an Indian-American author famed for his advocacy of alternative medicine. He described Piwi as an “ethical AI” platform trained with safeguards built into the system, adding that there were always humans in the backend to provide support where necessary.  Young individuals, in particular, were drawn to the chatbot, Chopra said. Noting that suicide was the second-most common cause of deaths amongst teenagers, he said youths loved talking to Piwi because they didn’t feel judged. “They are more comfortable talking to a machine than humans,” he said in a March 2022 interview on The Daily Show.  in Singapore, suicide is the leading cause of death for those aged between 10 and 29. It also was five times more deadly than road accidents in 2020, when the highest number of suicide cases were recorded in the city-state since 2012. The cause of death accounted for 8.88 per 100,000 residents that year, compared to 8 in 2019. Increases also were seen across all age groups, in particular those aged 60 and above, where the number who died by suicide hit a new-high of 154, up 26% from 2019. Industry observers attributed the spike in numbers to the COVID-19 pandemic, during which more likely had faced social isolation and financial woes. It is estimated that every one suicide in Singapore affects at least six loved ones. I, too, have lost loved ones to mental illness. In the years since, I’ve often wondered what else could have been done to prevent their loss. They all had access to healthcare professionals, but clearly that proved insufficient or ineffective.  Did they fail to reach help when they needed it most in their final hour because, unlike chatbots, human healthcare professionals weren’t always available 24 by 7? Or were they unable to fully express how they felt to another human because they felt judged?  Would an AI-powered platform like Piwi have convinced them to reconsider their options during that fateful moment before they made their final decision? I’ve had strong reservations about the use of AI in some areas, particularly law enforcement and autonomous vehicles, but I think its application in solutions such as Piwi is promising.  While it certainly cannot replace human healthcare specialists, it can prove vital where humans aren’t deemed viable options. Just look at the 6,000 suicide attempts Piwi is said to have deescalated. How many lives amongst these might otherwise have been lost? And there is so much more room to leverage AI innovation to improve the provision of healthcare. Almost a decade ago, I posed the possibility of a web-connected pill dispenser that could automatically dispense a patient’s prescribed medication. This would be especially useful for older folks who had difficulty remembering the numerous pills and supplements they required on a daily or weekly basis. It also could mitigate the risk of accidental overdose or wrongful consumption.There have been significant technological advancements since I wrote that post that can further improve the accuracy, and safety, of the pill dispenser. AI-powered visual recognition tools can be integrated to identify and ensure the correct medication is dispensed. The machine also can contain the updated profile of each medication, such as how much each pill weighs and its unique features, to further determine the right drugs have been dispensed. Clinics and pharmacies can issue each patient’s prescribed medication in a cartridge, refillable every few months, and protected with the necessary security features. Relevant medical data is stored in the cartridge, including dispensing instructions that can be accessed when it is inserted into the machine at home. The cartridge also can trigger an alert when a refill is needed and automatically send an order to the clinic for a new cartridge to be delivered to the home, if the patient is unable to make the trip.  The pill dispenser can be further integrated with other healthcare functions, such as the ability to analyse blood for diabetic patients, as well as telemedicine capabilities so doctors can dial in to check on patients should the data sent across indicate an anomaly. AI-powered solutions such as the pill dispenser will be essential in countries with an ageing population, such as Singapore and Japan. They can support a more distributed healthcare system, in which the central core network of hospitals and clinics isn’t overly taxed.  With the right innovation and safeguards, AI surely can help where humans cannot. For instance, 66% of respondents in Asia-Pacific believe bots will achieve success where humans have failed with regards to sustainability and social progress, according to a study released by Oracle, which polled 4,000 respondents in this region including Singapore, China, India, Japan, and Australia. In addition, 89% think AI will help businesses make more progress towards sustainability and social goals. Some 75% express frustration over the lack of progress, to date, by businesses and 91% want concrete action from organisations on how they’re prioritising ESG (environmental, social, and governance) issues, rather than delivering mere words of support. Like The Chopra Foundation, CallCabinet also believes AI can help customer service agents cope with the mental stress of dealing with cases. The UK-based speech analytics software vendor argues that AI-powered tools with advanced acoustic algorithms can process key phrases and assess voice pace as well as volume and tonality. These enable organisations to ascertain emotions behind words and evaluate the sentiment of every interaction. CallCabinet suggests that these can allow managers to monitor service calls and identify patterns that signal potential mental health issues, such as negative customer interactions, raised voices, and profanity directed at agents.  Because when humans cannot provide solace to those who need it, then maybe AI can?RELATED COVERAGE More

Written by

Adrian Kingsley-Hughes, Contributor

Adrian Kingsley-Hughes
Contributor

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over two decades to helping users get the most from technology — whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera. Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs.

Full Bio

It’s May 5, the first Thursday in May, which means that it’s World Password Day. The day was created by security researcher Mark Burnett to raise awareness of the importance of having secure passwords.Well, how secure are your passwords?

There are a lot of hints and tips and tricks out there for creating and maintaining secure passwords. I’m pretty comfortable with tech and keeping my accounts secure, but I find most of these tips too complicated to follow. It’s better to keep things simple. And I’m going to simplify things for you.This is the 21st century, and people don’t need to create and remember their passwords.My advice is simple — use a password manager.What is a password manager? A password manager is an app, usually tied to an online service, that safely and securely stores your passwords. It’s also used to securely distributes these passwords to all your devices, no matter whether you are on a desktop, laptop, tablet, or smartphone.Good password managers not only store your passwords and securely transfer them to your browser or apps as needed, but they can also help you generate strong passwords, and even search the internet for any of your passwords that might be leaked on the internet.Some password managers also allow you to secure your passwords with high-security features such as hardware authentication, making it almost impossible for hackers to get access to your data and informing you if you try to use duplicate passwords.So, what are the best password managers?My ZDNet colleague Ed Bott has a list of the best password managers, and it’s a good list. Of the services there, Bitwarden, 1Password, and LastPass are my top choices. They’re fully featured, offer solid security, and encompass a broad range of platforms and operating systems.If you’re looking for a no-cost solution, the Bitwarden offers a free option, and even the paid option ($10 per year for a single user, $40 annually for a family of up to six users) is great.But you might already have a password manager and not know about it. For example, if you use a Mac or iPhone, or iPad, then you can use Apple’s Keychain password manager. The only downside here is that you have to be on an Apple device to access your passwords, but it’s a superb solution for those in the Apple ecosystem.If you use Google Chrome, then there’s a password manager built right into that. The downside here is that it’s quite basic, and you can only access your passwords from the browser.Both these are great options. But they have their limitations.So, my advice for World Password Day is that you make sure to use a password manager, not only to store your passwords but also to generate secure passwords when needed. And secure your password manager with a good, unique password.Also, a bonus tip — if your password manager tells you that you’re using duplicate passwords on different websites, or that one of your passwords has been leaked in a company data breach, then pay attention to this and take the actions that your password manager recommends, because using duplicate passwords or passwords that have leaked into the wild is a surefire way to get your online accounts compromised.

ZDNet Recommends More

The FBI has warned that business email compromise (BEC) fraud has cost businesses around the world $43 billion in losses in the period between June 2016 and December 2021. The FBI’s Internet Crime Center (IC3) has logged a whopping 241,206 complaints in the four and half year period with losses totaling $43 billion, according to a new public service announcement. BEC fraud was the biggest category of cybercrime by financial losses in 2021, according to IC3. BEC cost businesses $2.4 billion in 2021, up from $1.8 billion in 2020. US losses recorded by the FBI are much larger than losses reported by victims in non-US jurisdictions. Between October 2013 and December 2021, 116,401 victims reported total losses of $14.8 billion. In that period, 5,260 non-US victims reported losses of $1.27 billion.       BEC is a global problem. The scam has been reported in all 50 US states and by victims in 177 countries. Meanwhile, over 140 countries have received fraudulent transfers, according to IC3, however banks located in Thailand and Hong Kong were the primary destination for the funds, followed by China, Mexico and Singapore. BEC scams are considered a sophisticated ruse that targets business and individuals who are duped into transferring funds to the scammer’s account under the belief they are performing a legitimate transaction. The FBI believes the pandemic and the shift to everything online spurred a 65% growth in BEC fraud losses between July 2019 and December 2021.”Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars,” IC3 notes. “This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.”It also reports an uptick in complaints involving cryptocurrency transfers. The value of cryptocurrency today had a market cap of $3 trillion in November, up from just $14 billion five years ago, the US secretary of the Treasury recently noted.     The two main forms of BEC involving cryptocurrency were direct transfers, just like traditional BEC fraud, while the second involves a “second hop”, usually to a cryptocurrency exchange. In both situations, the victim is unaware that the funds are being sent to be converted to a cryptocurrency, says IC3. Second hop transfers often involves tricking the victim into providing identity documents such as a drivers license or passport, which the attacker uses to open cryptocurrency wallets in the victim’s name. In 2020, IC3 received reports of $10 million in losses from victims involving cryptocurrency. By 2021, the value of cryptocurrency-related losses ballooned to $40 million. FBI advice for protecting yourself includes:Use two-factor authentication to verify requests for changes in account information.Ensure the URL in emails is associated with the business or individual it claims to be from.Be alert to fake hyperlinks that may contain misspellings of the actual domain name.Avoid supplying login credentials or personal information via email. Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.Ensure the settings in employees’ computers allow full email extensions to be viewed.Monitor your personal financial accounts on a regular basis for irregularities More