From: james I personal genius To: Subject: Fwd: Email Security Recommendations Date: Fri, 31 Aug 2018 18:49:02 +0000 HI, forwarding to you as an FYI, so you know... suggesting enhanced security for your (and ) google account(s). If the bosses decide to go this route I'll make sure everything is setup for you and easy to use. Thank you, James Ce your own Personal Genius K Certified Support Professional 10.6 littyliversonalgenius.co Begin forwarded message: From: James I personal genius •cl Subject: Email Security Recommendations Date: August 31, 2018 at 2:46:21 PM EDT To: "Jeffrey E." [email protected]> Cc: Darren Indyke c>, Richard Kahn Hello, I recently had a discussion with another client about email security that I thought would be relevant to you. Threat Landscape. There are two man risk vectors to emails: the compromise of account credentials through phishing or spear-phishing campaigns and man-in-middle eavesdropping attacks. Phishing. These attacks attempt to trick people into entering their personal information, passwords and/or credit cards numbers into fake websites. Spear-phishing is the targeted use of phishing attacks to compromise a particular group or organization. Famously, it was a spear-phishing campaign that allowed the DNC's 2016 entails to be compromised and published online. These usually show-up as emails claiming someone has "shared a Google document with you". When you click the link, you're presented with a Google login page that captures the credentials you enter for the attacker. These fraudulent emails have gotten harder to spot and they're now nearly impossible to distinguish from the valid messages. This problem was so widespread that Google implemented an anti-phishing, mandatory security key policy for all of their employees. They distributed little keychain fobs to exchange super secure secondary keys with your paired devices whenever you need to log into your Google account. Google claims tha