Email Productivity Applications Collect Users’ Personal Information to Sell to Third Parties

There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.

These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information. 

A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy. 

Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source. 

Beware: TrickBot Malware Is on the Rise for Tax Day

Tax Day is coming up on April 15th, and cyber criminals are out to seek profit at many victims’ expense. A tax theme malware called TrickBot is being sent to inboxes, the hackers impersonating payroll providers like Paychex and ADP and sending malware infected Excel documents to their recipients.

TrickBot works by exploiting network vulnerabilities to essentially enter and steal sensitive information such as passwords and bank account details in order to file fraudulent Tax forms to receive returns. Scams caused by TrickBot have cost the IRS over a million in losses back in 2016.

Researchers from IBM X-Force noted how cyber criminals are using domains that look highly similar to actual payroll providers in order to deceive recipients into thinking the email is from a legitimate source.

IBM global executive security advisor Limor Kessem stated how “this campaign [is] highly targeted in its efforts to infiltrate US organizations,” and the threat from TrickBot doesn’t look like it’ll cease. Kessem continues on by explaining that “TrickBot [is] one of the most prominent organized crime gangs in the bank fraud arena, [so] we…expect to see it maintain its position on the global malware chart, unless it is interrupted by law enforcement in 2019.”

Before clicking on any email link, it is highly advised to double check the legitimacy of the email by looking closely at the sender information. Hovering over an email link also allows you to check on where the URL leads before you actually click on it; just check the small window that pops up above the link to make sure the site is safe.

Email Account Compromise Losses Reach a New High of $12 Billion According to FBI Report

Between the dates of October 2013 and May 2018, more than 78,000 business email accounts (BEC) and email account compromise (EAC) scam incidents occurred. According to recent FBI data findings, both BEC and EAC scam losses significantly increased by 136% worldwide during the time frame of December 2016 to May 2018.

With the 78,617 BEC and EAC incidents reported, financial losses totaled a whopping $12 billion. Of those reported, 41,058 occurred within the U.S., as the nation took a great loss of $2.9 billion in finances. According to further statistical data provided, Asian banks from both China and Hong Kong are the primary targets for fraudulent fund transfers; Meanwhile, other emerging targets for fraudulent transfers also include the UK, Mexico, and Turkey.  

As the FBI explains in their PSA statement:

“The scam may not always be associated with a request for transfer of funds. A variation of the scam involves compromising legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees.”

Even the real estate industry has been greatly impacted, as collected statistics show an increase of 1,100% in BEC/EAC victims between the years 2015 to 2017.

With such cyber-security threats on the rise, it is most definitely encouraged to practice good cyber-hygiene to make sure your business stays safe from fraudulent email scams. With Inverselogic’s cyber-security service of simulated phishing tests, employees are trained and well prepared to identify cyber scams before clicking on an actual malware infested email link that could potentially harm your business.

Below is one example of a phishing email simulation test we created as part of our cyber-security services:

Once the link is clicked, employees are directed to an educational page that provides information on how to identify scam emails in the future.

Our business understands that network security is of utmost importance. That is why Inverselogic is here to help you every step of the way in ensuring your information is always protected from new and emerging email scam threats.  

To read more about our wide range of cyber-security services offered, please click here.

Protecting Your Email

Everyone uses email for personal use and for work. It is the number one channel of communication for most office settings, so it’s no surprise that scammers commonly target inboxes to steal information.

As a reminder, you should never send sensitive information like passwords, social security numbers, or account numbers via email. For more ways to protect yourself from information theft via email, check out our infographic: