Archive for Uncategorized

Stop Phishing Emails in Their Tracks: Four Tips to Spot Phishing Emails

lockIf you’ve been on the Internet over the past decade you’ve likely been on the receiving end of at least one phishing email. Phishing is when a hacker tries to disguise themselves as a trustworthy source in order to obtain sensitive information from you; be it your social security number, credit card number, usernames, passwords or other personal information. Every day, as hackers become more and more sophisticated, people fall victim to these scams. Here are four tips you can use to spot and avoid a phishing scam.

  1. Check the sender’s email address. If you receive an email from ABC Company, you should expect the sender’s email address to come from the same address as the company’s website. For example, let’s say you receive an email from ABC Company, and you know ABC Company owns www.abccompany.com. If the sender’s email address is abccompany@yahoo.com, it is likely a fake as it is from a Yahoo domain. That said, it is also possible for hackers to spoof an email address to make it look legitimate. If you’ve never had contact with the person emailing you before you should always be cautious. As a general rule, unless an email is digitally signed, it is possible it was spoofed. A digital signature includes a unique signature from the certificate, along with a public key proving to the recipient that you are not an imposter.

    2. Always be suspicious of emails with generic greetings. Hackers send thousands of phishing emails in the hopes they’ll get a few fish to take the bait. They don’t always have the time, or likely the knowledge, to personalize each individual email and often send in large batched with generic greetings. As such, always be cautious with opening any email which starts with a generic greeting like, “Dear Customer” or “Dear Friend”.

    3. Always be suspicious of any email requesting “urgent” personal or financial information from you or your company. If you receive an email with words and phrases like “Urgent” or “Action Required” make sure you are diligent in checking its legitimacy. Be sure to check the sender’s email address if you receive this type of email. If the email is from a government agency (has a .gov email address) such as the IRS it is likely a phishing scam. In our experience, no government agency, especially with their initial contact, will request your personal information via email.

    4. Avoid clicking on any links in the email. Hackers may include links in the email taking you to fake websites to try and get information from you. The fake website may look like a real business website, or a website for a legitimate company, but the URL will be slightly different. For example, paypal.com is a real site, but www.paypal.somebusiness.com may be a phishing site Hackers tend to also mix in links to real websites along with links to fake phishing sites for a more sophisticated attack. As such, it is best to manually type in the URL or use a search engine to try and find the real link.

Hackers are getting more and more sophisticated each day. Always keep your guard up when opening strange emails and going to new websites. Be sure to keep these tips in mind when you open your inbox to avoid being reeled in to a phishing scam.

About Matt:

As a senior in BlumShapiro’s Technology Consulting Group, Matt has over 7 years of experience with Microsoft .NET software application development, including solutions for web, client/server and mobile platforms.

Matt’s past experience includes freelance web development, and running his own business in web application design and development. Matt joined BlumShapiro in 2012 as a staff consultant, and won the Rookie of the Year award his first year at BlumShapiro.

 

Phishing Post CTA (1)

Fun with Machine Learning

All my blog articles over the years have been technical in nature. I decided to break out of that mold today. I almost titled this article “It’s not a train robbery, it’s a science experiment” (Doc Brown, in Back to the Future III). I hope you enjoy reading it as much as I did writing it.

The title is not meant to imply that machine learning isn’t inherently fun (I personally happen to think it’s a cool use of aggregated technologies). Rather it’s to say that we’re going to have some fun with machine learning in a way you wouldn’t have otherwise considered. But in order to do so, the reader must understand at least the fundamental concepts of machine learning. Don’t worry, we’re not going to be diving into data mining algorithms or the R language or python code or anything remotely technical. Instead, a real life analogy is best, and we’ll dumb this one right down to the level of a two-year-old toddler! Kids between the ages of about one and six are GREAT at ‘machine learning,’ but NOT in the LEARNING side of machine learning. No, they’re on the TEACHING side of machine learning, the ‘writing of the algorithms’, the ‘Python and R code’, that the ‘machines’ (their parents) use to learn. Let’s take a look at how this works.

Ever try to get a two-year-old to eat something he or she just does NOT want to eat? Like broccoli or cauliflower? Even adults are split about evenly on the likes and dislikes of vegetables. Two-year-olds, on the other hand, tend to swing to the dislike side on just about all varieties. So what happens? The child absolutely will not eat said vegetables. Babies and toddlers being spoon-fed from a jar tend to take a different and sometimes visually humorous approach: they let you spoon it into their mouth, but it quickly comes back out like toothpaste accompanied by a grimace. Having wasted an entire jar of baby food on the bib, the father (as a new father I had to take my turn feeding the kids!) turns to his wife and says, “Honey, he doesn’t like the green beans, but he loves the applesauce.” “OK,” comes the reply, “I won’t buy the beans again.”

What just happened here? Believe it or not, that was “machine learning” on a micro scale. The ‘machine’, the parents, just ‘learned’ something. Two data points, in fact. Green beans are icky, while applesauce gets a ‘thumbs up.’ Now if all the toddlers in the town were to teach those various bits of knowledge to their respective parents, you have just built yourself a ‘reference dataset.’ Suppose now a bunch of those mothers interact at the weekly “Mommy and Me”. Just now joining their group is a new mother whose daughter is ready to switch from the bottle to semi-solid food. The discussion is likely to descend around what each child likes and dislikes in that area. The new mother listens intently and comes away with knowledge of what her daughter is MOST LIKELY to prefer, but WITHOUT actually having to experience a bib full of pureed sweet potatoes! This is machine learning in action. The machine has applied an algorithm to a reference dataset to predict a probable outcome.

Now, no child dislikes ALL foods, even three and four-year-olds, as much as some parents tend to perceive. (My six-year-old son wouldn’t eat a peanut butter and honey sandwich unless it was cut diagonally! Go figure!) If you think your child dislikes ALL foods, it’s more likely he or she only dislikes all the foods YOU like. Since you’re not likely to buy stuff you personally wouldn’t eat, the child has no chance to find what he or she actually enjoys. The parents will then broaden their variety to find something acceptable.

Let’s take a look at another real world scenario, this time closer to the topic at hand.

Many on-line retailers use machine learning and data mining to present to the consumer things they are MOST LIKELY to purchase based on any number of information points and reference datasets. These include your past purchases, your demographics, and the things other consumers have purchase together. The algorithms employed can be ‘market basket analyses’, ‘clustering’, or others (and I promise that’s as technical as we’ll get in this article). We’ve all seen it in action at Amazon and Netflix. “Based on your viewing history…” or “People who bought X also bought…” Even grocery stores learned that beer was often purchased in conjunction with diapers. Seems that young mothers often sent their husbands to the store in times of diaper needs, hence the beer.

I decided to try an experiment this morning, and this is where the fun comes in. I wanted to take a finicky two-year-old’s stance on my internet steaming audio. Pandora, Rhapsody, iHeartRadio and the like often apply machine learning type of logic to decide the next song to queue to your personal listening stream based on your likes and dislikes. What would happen if I started a new ‘radio station’, then flagged every song it presented to me as ‘thumbs down?’ Would it just keep letting me spit out the offerings until it found something I actually liked? What if I didn’t like ANYTHING? Would it cut me off and kick me out for being impossible to please? I decided I just had to find out.

I started by naming my new station “Billy Joel.” (Hey, if the experiment were to fail, I figured why not fail with something decent!) Within 5 seconds starting the first song, I had hit the ‘Thumbs down’ button. OK, no, problem, it moved on to the next. Six more songs were dispatched in similar fashion. “Hey, this is fun” I thought. On the next song, however, it allowed me to dislike it, but I was forced to listen to the entire song while a banner displayed the message about not being fed that particular vegetable variety again. Five more disliked songs all brought up the same message while still playing the song to completion. Oh, well, at least I had some good music to listen to. After a dozen similar results, and realizing I wasn’t getting anywhere trying to fool the machine, I threw it a curve and hit the ‘Thumbs up’ on the next few tracks. (I think I smelled smoke coming from my router.) The next six tracks were all skipped by flagging as disliked in similar fashion to the first batch. I settled into a back-and-forth of liking and disliking bunches of songs in groups. In the end, I had to like at least a couple of songs it presented to me before I could dislike AND SKIP a bunch of other tracks.

After two hours the machine won as I had to produce some useful work at the office. There was a practical limit to how much it could ‘learn’ from this picky two-year-old music consumer. Likewise, parents all think they win in the end, too, or do they? They will tell you they eventually ‘got their child to like’ certain foods when in fact they simply settled on a repertoire of foods that their child wouldn’t reject, kind of like…wait for it…machine learning.