In this issue:

• Never trust "verified" accounts

• Threat of the week: External attack possible in 700+ Brother printer models

• Safety tip my mom sent me

Never trust "verified" accounts

I knew it was a criminal's phishing email. I could tell because the email was a picture instead of actual text.

But my Yahoo email program said "This message is verified & sent securely by a trusted sender."

That part was true. The email shows it was from [email protected]. I checked Facebook and the domain "facebookmail.com" is a real domain they own even though it seems fake.

So I did something I never expect you to have to do. I looked at the raw email message.

I wanted to see if there was a way that I could show you how to spot the criminal lurking behind the message.

I found it, but it wasn't easy. I'm not an email expert so I don't know how the criminals bypassed the technical security in the Yahoo email platform, but I know they did it. I can see the real email server the criminals used. And I can see the location that the picture was going to send me to which was a domain created a month before.

I forwarded the email to my gmail account, but unfortunately the criminal's information was stripped from the email, including the link which would have directed me to the criminal's website.

Which means if you have a possible scam message and forward it to me, I may not be able to see some of the criminal behavior.

Let me be clear, the criminal did not hack Facebook's email. The criminal used a technical way to pretend they were Facebook's email. That's also why it didn't send the email to my spam folder.

So I've updated my previous article about spotting fake emails because in that article I said to make sure the email was from a trusted source. Well this criminal destroyed any hope I had of even trusted account emails being safe.

However, I can tell you again that I spotted it because the email itself was a fuzzy picture. When you receive an email that looks like it's a picture, either because it is fuzzy on the screen or because you can't highlight the text in it, then it's definitely a scam.

Please forward this article to your family and friends. We all need to be watching out for criminals and keeping each other safe.

External attack possible in 700+ Brother printer models

Remember the puzzles in a newspaper or puzzle book where you figure out the letters that correspond with the code, as in A=1, B=2, and Z=26? Of course the number and letter combinations were more complicated, but you would look through the puzzle to find the numbers that might be E's, I's, and S's. This technique is a simple form of code breaking and is one of the foundations for cybersecurity.

Now imagine a printer has the serial number 12345 and the password for that printer is ABCDE. You could easily guess that the serial number 23456 would have a password of BCDEF.

The reason I mention this code breaking technique is because that is what happened to Brother printers. The software to create a default password for each printer is based on the printer's serial number. Thus the secret to figure out a printer's password is now as easy as the code breaker puzzle above.

Why does it matter to you if you have a Brother printer? Because if your printer is connected directly to the internet, the criminal can get into your home network through the printer. They can then get into your computer to steal files or install malicious software on your computer or devices like your smart TV. Please read my article about an FBI warning on criminals taking over IoT (Internet of Things) devices in your home.

Brother has updated the software in 700+ models of printers, scanners, and label makers, but if you have an older printer or the "auto-update software/firmware" feature has been turned off, AND you have a feature turned on that allows access to the printer from the internet, your printer and network can be attacked.

That's a lot of IF's and special circumstances. I'll simplify it by saying, if you have a Brother printer, please do these three things:

1. Change the default password.

2. Turn on the "auto-update software/firmware" if it's available or update the software/firmware. (Firmware is another name for software that is installed on the chips inside.)

3. Turn off the "web services" if your printer has that capability. This feature allows you to access your printer when you are away from home but it also allows criminals to access your printer.

I can't provide exact steps on how to do this because there are so many different models of Brother printers. The security notice from Brother is difficult for a non-cybersecurity expert to understand. The best way to start is by searching for your Brother printer on their support page by typing in the model number to locate the user manual.

Your printer could be vulnerable to attacks, potentially leading to data leaks, printer crashes, or even access to your network. I know it's painful to do this extra work, but you shouldn't skip this if you have a Brother printer.

My mom sent me this safety tip that I hadn’t thought of before. If you are stranded somewhere or the power is out, and your phone battery is almost dead, change the voicemail message to give your location, date/time, the situation details, and any special instructions or help you need. Thanks, mom!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com