Over 2.7 Billion Data Records with Social Security numbers hacked and now online for free

On August 24, 2024 a Hacker dumped 2.7 Billion data records, including Social Security Numbers

The data is alleged to be taken from the background-checking service National Public Data in April, 2024. Each one of the records has a person’s name, physical address, mailing address, and SSN, but many (approximately 1/2) also contain other sensitive information, such as names of relatives as well as their personal identifying information; including SSN’s according to many sources.

A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names and even social security numbers of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.

The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was first reported by Bloomberg Law.

The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company based in Florida, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a few hacking forums as well as other sites.

Background & Context:

This breach is related to an incident from April 8, 2024, when a known cyber-criminal group named USDoD claimed to have access to the personal data of 2.9 billion people from the U.S., U.K., and Canada and was selling the information for $3.5 million, according to a class action complaint. USDoD is thought to have obtained the database from another threat actor using the alias “SXUL.”

This data was supposedly stolen from National Public Data, also known as Jerico Pictures, and the criminal claimed it contained records for every person in the three countries. At the time, the malware website VX-Underground said this data dump does not contain information on people who use manual data opt-out services. “Every person who used some sort of data opt-out service was not present,” it posted on X.

A number of cyber criminals then posted different samples of this data, often with different entries and containing phone numbers and email addresses. But it wasn’t until earlier this month that a user named “Fenice” leaked 2.7 billion unencrypted records on the dark web site known as “Breached,” in the form of two .CSV files totaling 277GB. These did not contain phone numbers and email addresses, and Fenice said that the data originated from SXUL.

Furthermore, according to GeeksByTheHour, approximately 1/4 of the impacted individuals we have spoken to have confirmed that the SSN associated with their info in the data dump is actually ONE OF THEIR CLOSE RELATIVES, probably because of the way background check data providers such as this one gather any and all data not just from the person being investigated, but also close relatives.

GeeksByTheHour also found that some of the records do not contain the associated individual’s current address, suggesting that at least a portion of the information is out of date. But it is important to note that documentation has been found that these records include THIRTY (30) YEARS of data (January, 1994 – April, 2024). However, others that GeeksByTheHour have reached out to have confirmed that the data contained their and family members’ legitimate information, including those who are deceased.

The class action complaint added that National Public Data scrapes the personally identifying information of billions of individuals from non-public sources to create their profiles. This means that those impacted may not have knowingly provided their data. Those living in the U.S. are particularly likely to be impacted by this breach in some way. Why? Because of the culture of huge data revealing practices that the U.S. takes for granted. One of these is one’s sharing their SSN to any and all “merchants” and hospitals and companies for, as an example, a Credit Check.

AT & T (most recently in 2024) is far from being the only company that have had significant breaches of personal identifying information.But we can start with that one due to it being the most recent: AT & T determined the data was from 2019 or earlier and impacted 7.6 million current account holders and 65.4 million former account holders. In that case, personal information of users, such as Social Security numbers, email addresses, mailing addresses, AT&T account numbers, phone numbers and more were obtained in the beach, AT&T said.

T-Mobile was a victim: T-Mobile has disclosed eight hacks since 2018, with previous breaches exposing customer call records in January 2021, credit application data in August 2021, and an “unknown actor” accessing customer info and executing SIM-swapping attacks in December 2021. In April, 2023, the hacking group Lapsus$ stole T-Mobile’s source code after purchasing employees’ credentials online.

Equifax, one of the big 4 credit bureaus and several other companies that have your most identifying information have all publicly come forward revealing they, along with one’s most personal and private data; have been significantly compromised.

2017 Equifax data breach: The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft.

Experts who GeeksByTheHour spoke to suggest that individuals impacted by the breach should consider monitoring or freezing their credit reports and remain on high alert for phishing campaigns targeting their email or phone number.

Businesses should ensure any personal data they hold is encrypted and safely stored. They should also implement other security measures such as multi-factor authentication, password managers, security audits, employee training, and threat-detection tools.

GeeksByTheHour has reached out to Florida-based National Public Data for a response five separate times since the rumors began on the internet (July, 2024). This includes physically visiting their publicly listed office building, where no one answered the buzzer at the front door after several attempts at different times this week. However, it has yet to acknowledge the breach or inform impacted individuals. The existing details about the incident have been extracted from the lawsuit materials, and the company is currently under investigation by Schubert Jonckheer & Kolbe LLP.

GeeksByTheHour Analysis:

So how does a firm like National Public Data obtain the personal data of almost 3 billion people? The answer is through scraping – which is a technique used by companies to collect data from government sources (such as DMV leaked records), web sites and other sources online.

What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.

Why are the National Public Data records so valuable to cyber criminals? The true core value of the National Public Data records from a criminal’s perspective comes from the fact that they have been vetted, verified to be accurate, collected and organized along with “legitimate” data and PII (Personal Identifying Information).

“While the information is largely already available to attackers, they would have had to go to great lengths at great expense to put together a similar collection of data, so essentially NPD just did them a favor by making it easier.”

“With this ‘starting point,’ an individual can try to create birth certificates, voting certificates, driver licenses, ID cards, etc., that will be valid due to the fact they have some of the info they need, with the most important one being the social security number.”

How can data aggregator breaches be stopped?

Paul Bischoff, consumer privacy advocate at tech research firm Comparitech, told Dr. Sky in an email, “Background check companies like National Public Data are essentially data brokers who collect as much identifiable information as possible about everyone they can, then sell it to whomever will pay for it. It collects much of the data without the knowledge or consent of data subjects, most of whom have no idea what National Public Data is or does”.

“We need stronger regulations and more transparency for data brokers that require them to inform data subjects when their info is added to a database, limit web scraping, and allow data subjects to see, modify, and delete data. National Public Data and other data brokers should be required to show data subjects where their info originally came from so that people can take proactive steps to secure their privacy at the source. Furthermore, there is no reason the compromised data should not have been encrypted.”

The monetization of our personal information — including the information we choose to expose about ourselves publicly — is far ahead of legal protections that govern who can collect what, how it can be used, and most importantly, what their responsibility is in protecting it.

Can businesses and individuals prevent themselves from becoming victims of a data breach?

Many of the cyber security principles that are available for businesses and individuals would not have helped much in this instance. As of 2024, data brokers such as this one are pretty much immune unfortunately.

“We are reaching the limits of what individuals can reasonably do to protect themselves in this environment, and the real solutions need to come at the corporate and regulatory level, up through and including a normalization of data privacy regulation via international treaty. Right now, there are very little to no regulations or laws for these Data Brokers.” (August, 2024).

Alert: Dell’s 49 Million Records Breached For Sale (May, 2024)

Dell logo

Dell notifies customers about data breach

Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:

“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

It is up to date information registered at Dell servers.

Feel free to contact me to discuss use cases and opportunities.

I am the only person who has the data.”

Data Breach forums post by Menelik
Screenshot taken from the Breach Forums

According to the poster Menelik the data includes:
  • The full name of the buyer or company name
  • Address including postal code and country
  • Unique seven digit service tag of the system
  • Shipping date of the system
  • Warranty plan
  • Serial number
  • Dell customer number
  • Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

“At this time, our investigation indicates limited types of customer information was accessed, including:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order and related warranty information.

The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

Attention All Crypto Investors & Holders: Mandatory Form 1099-DA Is Coming In 2025!

What Is Form 1099-DA and What Does It Mean for Crypto Holders / Investors?

Form 1099-DA is the new IRS form required to be filed by brokers dealing with digital assets like cryptocurrency and NFTs (non-fungible tokens).

Brokers, digital trading platforms, payment processors, and hosted wallet providers have to issue this form for all digital asset sales or exchanges starting from January 1, 2025.
  • Real estate reporting entities also have to report digital assets used by purchasers as payment for property transactions beginning with the same date.
  • Current methods of reporting crypto transactions present challenges such as inconsistent reporting, incomplete information, and lack of third-party verification which can lead to tax reporting errors and tax evasion.
  • In theory, Form 1099-DA provides a more accurate, standardized, and streamlined process for reporting crypto transactions which may help improve tax accuracy and compliance.

OVERVIEW

Crypto - IRS Form 1099-DA for 2025
                                    Crypto – IRS Form 1099-DA for 2025
Starting in 2025, the IRS will introduce Form 1099-DA dedicated to reporting crypto and digital assets.

Valuable updates posted from a reputable attorney are found here: https://gordonlaw.com/form-1099-da/

What is Form 1099-DA and what does it mean for crypto investors?

If you’re a crypto investor, you’ll want to pay attention to Form 1099-Digital Assets (1099-DA).

Starting with the 2025 tax year, the IRS will require digital asset brokers to send this form to investors who have engaged in certain transactions involving digital assets, such as cryptocurrency and non-fungible tokens (NFTs).

Why is the IRS launching Form 1099-DA?

The IRS is launching Form 1099-DA to address the growing need for accurate reporting of crypto transactions. As the popularity of crypto and NFT trading continues to rise, the IRS aims to ensure that investors are properly reporting their crypto-related transactions.

Key highlights of the new requirements include:
  • Form 1099-DA: Brokers, including digital asset trading platforms, digital asset payment processors, and certain digital asset hosted wallet providers, will be required to issue Form 1099-DA to investors for sales or exchanges of digital assets that take place on or after January 1, 2025. This form will report gross proceeds and, in certain circumstances, gain, loss and cost-basis information.
  • Real Estate Reporting: Real estate reporting entities, such as title companies, closing attorneys, mortgage lenders, and real estate brokers, will have to report the fair market value of digital assets paid as consideration by real estate purchasers to acquire real estate in real estate transactions that close on or after January 1, 2025.
  • They will also be required to include the fair market value of digital assets paid to sellers of real estate on Form 1099-S.
  • Computation and Basis Rules: The proposed regulations set forth rules for gain (or loss) computation, cost-basis determination, and backup withholding applicable to digital asset transactions.
  • These proposed regulations are designed to provide taxpayers, tax professionals, and others with clear information, reporting certainty, and closing all lack of transparency issues in the current system regarding digital assets.
  • They aim to improve compliance and ensure that digital assets are not used to hide taxable income.
  • How is crypto currently reported? Currently, payment platforms, like Coinbase and PayPal, issue 1099-K forms to individuals who receive payments for goods or services in cryptocurrency. Form 1099-K reports the gross amount of crypto payments received during the tax year. Taxpayers then are expected to report the income from these payments on their Form 1040. In essence, this 1099-DA form and process replaces any and all expectation to an automatic reporting structure.

The existing methods of reporting cryptocurrency transactions to the IRS present several challenges:

  • Inconsistent Reporting: There is no standardized format for reporting cryptocurrency transactions, which can lead to inconsistencies in the way taxpayers report their income involving digital assets.
  • Incomplete Information: Taxpayers are responsible for calculating their cost basis and determining the fair market value of their cryptocurrency, which can be complex, time-consuming and error prone.
  • Lack of Third-Party Verification: The IRS relies on taxpayers to accurately report their crypto transactions, without any third-party verification. There is also a lack of accountability for companies in reporting crypto transactions. This can make it difficult for the IRS to detect and prevent tax evasion.
How will Form 1099-DA help?

The introduction of Form 1099-DA is set to address these challenges by providing a standardized and streamlined process for reporting cryptocurrency transactions with very few, if any, exceptions or exemptions.

By requiring digital asset brokers, and those treated as brokers for digital asset exchanges, to issue Form 1099-DA, the IRS can obtain more accurate and complete information about cryptocurrency transactions, which can help improve tax compliance and reduce the risk of tax evasion.
What’s included in Form 1099-DA?

The final version Form 1099-DA is being finalized in June, 2024. As it stands, it will be including very detailed and specific information about your crypto transactions, including:

  • Digital Asset Broker (DAB) identification and full name(s), address(es), and social security number(s) / TIN / EIN / etc. dependent upon the DAB.
  • Account number(s)
  • Transaction dates
  • Transaction type (e.g., buy, sell, trade/transfer, exchange)
  • Transaction amount
  • Fair market value of the digital assets for each transaction
Who is affected by the new tax form?

Form 1099-DA will affect any individual or entity in the US that engages in certain transactions involving virtual assets including:

  • Individuals who buy, sell, or trade cryptocurrency
  • Businesses that accept cryptocurrency as payment
  • Miners who receive cryptocurrency as a reward for their work
  • Stakers who receive cryptocurrency as a reward for locking-up their assets

Until Form 1099-DA is available for the 2025 tax year, investors should still report their taxable crypto income. For this, they need to document gains and losses from crypto activities and file Form 1040, Schedule D as well as Form 8949 with transaction details.

Who will issue Form 1099-DA and who will receive one?

Digital asset brokers, and those who are treated as brokers for digital asset exchanges, will be required to issue Form 1099-DA to investors who have engaged in certain transactions involving digital assets. This includes, among other things, transactions that result in a gain or loss, as well as transactions that involve the exchange of one digital asset for another.

Investors who receive Form 1099-DA will need to report the information on their tax return. This includes reporting any gains or losses from digital asset transactions, as well as any other income that is reported on the form.

IMPORTANT 1099-DA Updates Found Here:

https://taxnews.ey.com/news/2024-0854-draft-form-1099-da-for-reporting-digital-assets-from-broker-transactions-leaves-questions-unanswered

OFFICIAL IRS Form In Progress Here:

https://www.irs.gov/pub/irs-dft/f1099da–dft.pdf

How do I file my cryptocurrency taxes now in 2024 BEFORE 2025 and this article’s updated 2024 Tax Filing Year for Crypto Holders?

Even though Form 1099-DA won’t be available until after January 1, 2025, you still need to file taxes on any taxable income from your crypto investments for the current tax year. To do this, you’ll need to gather documentation showing the details of your crypto transactions. Then, you should file the following forms:

  • Form 1040, Schedule D: This form is used to report capital gains or losses from the sale or exchange of assets including digital assets.
  • Taxpayers can calculate their gains or losses by subtracting the cost basis (purchase price plus expenses such as commissions) of the cryptocurrency from the proceeds of the sale.
  • Short-term capital gains (held for one year or less) are typically taxed at ordinary income tax rates, while long-term capital gains (held for more than one year) are typically taxed at preferential tax rates.
  • Form 8949: This form is used to report the details of each cryptocurrency transaction, including the date, description, proceeds, and cost basis.
  • Details and Instructions can be found here: https://www.irs.gov/forms-pubs/about-form-8949
  • Taxpayers should include Form 8949 with their Form 1040 if they have any capital gains or losses from cryptocurrency transactions. If the cost basis of your asset sales on your 1099-B, or future 1099-DA, show basis was reported to the IRS and no correction or adjustment is needed, you may not need to file Form 8949 found here: https://www.irs.gov/pub/irs-pdf/f8949.pdf
  • It is wise to use a reputable Crypto Tax Calculator to get an idea of how much tax you might owe from your capital gains or losses from crypto activities. Here is one that I recommend:

https://www.keepertax.com/crypto-tax-calculator

Frequently Asked Questions

Does 1099-DA simplify crypto tax filing?

Yes, that is the goal. Form 1099-DA is designed to simplify crypto tax filing by providing a centralized record of digital asset transactions. This can help investors avoid mistakes and omissions when reporting their crypto income.

What value of NFTs or crypto do I have to sell to get a 1099-DA form?

There is no specific threshold for the value of NFTs or crypto that triggers the issuance of a 1099-DA. Digital asset brokers are required to issue Form 1099-DA for any transactions that result in a gain or loss, regardless of the value of the assets involved.

How are crypto bankruptcies taxed?

Crypto bankruptcies are generally treated as taxable events. If you experience a loss due to a crypto bankruptcy, you may be able to claim a capital loss on your tax return. However, the specific tax implications of a crypto bankruptcy can vary depending on your individual circumstances.

How are crypto donations taxed?

If you donate cryptocurrency to a qualified charity, you may be eligible for a charitable deduction. The specific tax implications of crypto gifts and donations can vary depending on your individual circumstances.

Like This Article? Please Leave Us A Coffee Tip!

Service Call (Remote)

Service Call (Remote)

$40.00

Why People Are Leaving Gmail for Protonmail More Than Ever Before

Why I ditched Gmail for Proton Mail

Chris Thomas

Google is the most popular email provider (Gmail) contributes  about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.

As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is

While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.

Should I, or should I not be popular?

Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?

We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.

I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.

But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.

Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive

Google’s always innocent until it’s not

Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:

  • It had likely been happening since Gmail’s launch
  • Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
  • Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
  • Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
  • What else is Google doing that we haven’t learned about?

I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.

Google paid over $26 billion in 2021 to remain the default search engine in various browsers

The surprisingly easy switch to Proton Mail

Why Proton Mail is my new favorite email provider

My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.

I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).

I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.

Among Proton’s consumer-friendly practices:

  • It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
  • It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
  • Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
  • Support for end-to-end encryption between Proton users and password protection for external emails
  • complete, constantly improving feature set, including cross-platform apps, cloud storage, and a calendar
  • Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards

A few clicks, and I never have to access my Gmail page again

Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.

They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to pm.me (because @protonmail.com is, admittedly, a bit of a mouthful).

It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!

Proton offers diverse Subscription Plans (including Free!)

You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.

Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.

The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.

But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.

Proton Mail: Encrypted Email

Proton AG

COMMUNICATION

Price: Free

4.4

Download

Sky@GeeksByTheHour.com

The New YouTube Ruling: Protect Your Viewing Privacy with Nordman VPN


In an unprecedented move, a recent court order has now mandated YouTube to disclose the identities of individuals who have viewed certain videos. This decision, stemming from legal proceedings that scrutinized specific content on the platform, marks a significant shift in online privacy dynamics, raising concerns among digital rights advocates and everyday users alike.

What Does This Mean for You?

The ruling necessitates YouTube to reveal viewer details, potentially exposing individuals’ viewing habits and preferences. In an era where digital privacy is already under siege, this development adds another layer of vulnerability, highlighting the necessity for robust measures to safeguard online anonymity.

Safeguard Your YouTube Browsing with Nordman VPN

In response to these growing privacy concerns, turning to reliable security solutions like Nordman VPN becomes paramount. Nordman VPN stands out as a beacon of digital privacy, offering top-tier encryption and IP masking features that ensure your YouTube activities remain confidential and untraceable.

Why Choose Nordman?

  • Enhanced Privacy: Nordman VPN encrypts your internet connection, keeping your online activities private and secure from prying eyes.
  • IP Anonymity: It masks your real IP address, making your YouTube viewing habits invisible to outsiders, including ISPs and third parties.
  • Ease of Use: With user-friendly interfaces and seamless integration, Nordman ensures that your online privacy protection is hassle-free and efficient.

Embrace Your Digital Freedom

While the digital realm continues to evolve, often bringing complex challenges to the fore, tools like Nordman VPN empower you to take control of your online privacy. In light of the recent YouTube ruling, adopting Nordman VPN isn’t just a choice—it’s a necessity for those who value their digital freedom and wish to maintain a private, secure online presence.

Stay Informed, Stay Secure

As advocates for digital rights and privacy, we must stay informed and proactive in protecting our online spaces. By choosing robust security solutions like Nordman VPN, you can safeguard your digital footprint and continue to enjoy the vast world of YouTube without compromising your privacy.


Geobox: A $700 Anonymous Wi-Fi Device

Geobox: A Hacking Device That Is Basically Untraceable

In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!

Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:

1. Spoof location

2. Mimic Wi-Fi access points

3. Manipulate DNS and network parameters while providing anonymity.

4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).

Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!

After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”

OR

They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.

It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!

Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.

However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.

The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!

These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!

With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.

Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.

The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes

“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”

*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*

The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!

Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.

It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!

Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.

“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.

New Password Reset attack targets Apple device users

Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024

New password reset attack targets Apple device users

Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.

woman using phone in the dark
d3sign/Getty Images

Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.

Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.

Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.

Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.

After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.

Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.

Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.

In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.

It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.

One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.

However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.

For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.

Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.

Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.

featured

 

How to Hide Your IP Address and Change Location on Coinbase

Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?

If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.

 

Quick Guide: Hide Your IP Address and Change Your Location

  • Mask Your IP Address
  • Flush DNS and Renew Your IP Address
  • Change Your Coinbase Location Settings
  • Other Methods to Hide Your IP Address and Location on Coinbase

Why Hide Your IP Address?

There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.

How to Hide Your IP Address and Location from Coinbase

  1. Mask Your IP Address
    • Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
    • We recommend using NordVPN for its ease of use and reliability.
    • Follow these steps to install and configure NordVPN:
      1. Visit NordVPN’s website and create an account.
      2. Download and install NordVPN on your devices.
      3. Connect to a VPN server from your preferred location.
  2. Flush DNS and Renew Your IP Address
    • Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
    • Renew your IP address through your device’s settings or command prompt.
    • Follow these steps for PC (Any Windows OS Computer) (please contact me directly at https://www.t.me/DigitalFoundation for one on one Consultation):

Step-by-Step Guide: Flush DNS and Renew Your IP Address

Step 1: Open Command Prompt

      • On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
      • On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.

Step 2: Run Command Prompt as Administrator

      • Right-click on Command Prompt in the search results.
      • Select “Run as administrator” from the context menu.

Step 3: Enter Commands

      • In the Command Prompt window, type the following commands one by one, pressing Enter after each:
        • ipconfig /flushdns (This command clears the DNS resolver cache.)
        • ipconfig /release (This command releases your current IP address.)
        • ipconfig /renew (This command requests a new IP address from your DHCP server.)

Step 4: Confirm Success

      • Look for confirmation messages after each command.
      • You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.

Step 5: Close Command Prompt

      • Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.

Note:

      • Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
      • These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.

Mac/Apple Flushing DNS:

 

  1. Change Your Coinbase Location Settings
    • Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
    • Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
    • Save the changes and you’re all set.

Can’t Change Your Coinbase Location Settings? Here’s What to Do

If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:

  • Connect to NordVPN and your preferred server.
  • Find the “Contact Us” or “Get in touch” page on Coinbase’s website here: https://help.coinbase.com/en-gb
  • Send a message to Coinbase support requesting a manual update of your physical location.
  • Wait for 24-48 hours for their response.

Other Methods to Hide Your IP Address and Location on Coinbase

In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan: https://browserleaks.com/webrtc

 

VPN vs. Proxy vs. Public Wi-Fi: A Comparison

Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:

 

Features/Attributes VPN Proxy Server Public Wi-Fi
IP Address Masking Yes Yes Yes
Encryption Yes (High-level) No No
Geolocation Spoofing Yes Yes Partial
Ease of Setup Easy Moderate Easy
Speed Fast (depends on service) Moderate Varies (often slow)
Security High Low Very Low
Privacy High Low to Moderate Very Low
Access to Restricted Content Yes Yes Maybe
Consistency High Moderate Low
Cost Subscription Subscription or one-time fee Free
Legality & Compliance Generally Legal, some restrictions apply Generally Legal, some restrictions apply Legal

In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.

By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.

Disclaimer:

The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.

By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.

It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.

How To Track Anyone In The World Simply Using Any File!

How to Track Anyone’s IP using Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & any file can be a “digital mouse trap”..

Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, and many more…

Follow DigitalFoundation on Telegram for more..

Greetings, World!

Today I’ll teach you how to track anyone’s IP using Transparent Images! Yeah..

We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..

Understanding Canarytokens

Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.

The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house where anything someone does can set off an “alarm” – or at least a notification.

Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems disappointing!!

Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.

  1. Web bug / URL token — Alert when a URL is visited
  2. DNS token — Alert when a hostname is requested
  3. AWS keys — Alert when AWS key is used
  4. Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
  5. Sensitive command token — Alert when a suspicious Windows command is run
  6. Microsoft Word document — Get alerted when a document is opened in Microsoft Word
  7. Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
  8. Kubeconfig token — Alert when a Kubeconfig is used
  9. WireGuard VPN — Alert when a WireGuard VPN client config is used
  10. Cloned website — Trigger an alert when your website is cloned
  11. QR code — Generate a QR code for physical tokens
  12. MySQL dump — Get alerted when a MySQL dump is loaded
  13. Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
  14. Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
  15. Fast redirect — Alert when a URL is visited, User is redirected
  16. Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
  17. Custom image web bug — Alert when an image you uploaded is viewed
  18. Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
  19. Custom exe / binary — Fire an alert when an EXE or DLL is executed
  20. Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
  21. SVN — Alert when someone checks out an SVN repository
  22. Unique email address — Alert when an email is sent to a unique address

Step-by-Step Usage

Go to canarytokens.org & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.

https://canarytokens.org/generate#

Generate a Canarytoken, which is a unique URL or Fast redirect or anything else – it is all your choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.

EXAMPLE

Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If a target arrives upon it, you’ll receive an email notification, alerting you that something is off – just like a mouse activating a mouse trap :–)

Clicked..Your Digital Mouse Trap Is Set!

Fast Redirect was really super fast.. Later I tried using URL shortener and surprisingly, our main URL was not even noticeable in real time..

If your target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:

You can also rename the generated PDF/Excel/Word document without affecting its operation!

DMARC: What Is It & Why Is February 1, 2024 Important?

DMARC

For 2024, Google and Yahoo are rolling out updated guidelines for bulk email senders, aimed at boosting deliverability and fighting the good fight against spam. This is good news: not only will it positively impact your deliverability, it’s easy to implement.

Why the update?

It’s simple: to create a cleaner, more secure environment for both senders and recipients. The new requirements fall into three key categories:

  • Authentication: Email authentication verifies you’re a legitimate sender, not a spammer. If you’re sending emails already, you’ve probably already taken the first step by setting up SPF (sender policy framework) and DKIM (domainkeys identified mail) records, even if you weren’t sure what they did. Now, the next crucial step is publishing a DMARC policy.

  • Simple unsubscribes: No more requiring users to authenticate or navigate labyrinthine unsubscribe processes. One-click unsubscribe provides a better user experience. Luckily, if you’ve already been offering this option, you’re already ahead of the curve!

  • Spam complaints: If you’re diligently collecting opt-ins with proper consent, spam complaints likely won’t be a concern. But it’s always good practice to maintain a healthy email list and engage your audience thoughtfully.

So what is DMARC?

  • The DMARC policy (Domain-based Message Authentication, Reporting & Conformance) acts as your email’s official security document, telling the world how to handle messages claiming to be from your domain.
  • Setting it up properly is essential today because many Email List Providers (such as small businesses) are already being surprised that their E-Mail Success % Rates Are Decreasing Just This Week (Google and Yahoo Domain Emails Began Enforcement On February 2nd, 2024).By February 1, 2024, publish your DMARC policy with your domain provider. Ensure this TXT record is added to your DNS settings with “yourdomain.com” replaced with your actual company domain:

    Hostname: _dmarc.yourdomain.com          Value: v=DMARC1; p=none;

    It is actually straight-forward for most technical savvy folks whether you manage DNS yourself or need to put in a ticket so that your IT team can handle the DNS settings. (You can learn even more about DMARC records, including other options like adding a “rua” value to designate an email address that will receive DMARC reports, in Google’s documentation here.

    These new email requirements might seem like extra hurdles, but they’re ultimately a positive step towards a more reliable and enjoyable email experience for everyone. By taking the small steps outlined above, you can ensure your business thrives under the new rules, reaching your target audience effectively and building lasting relationships.
    TECHNICAL DETAILS ABOUT DMARC IF YOU WANT TO DIVE DEEPER:

  1. Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.
  2. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.
  3. WHY SHOULD ORGANIZATIONS LIKE YOURS BE INTERESTED IN DMARC?
    Phishing and Spearphishing are among the top attack vectors for any organization dealing with PII (Personal Identifying Information), which can lead to identity impact, financial fraud, or even protected health information (PHI) breaches and Health Insurance Portability and Accountability Act (HIPAA) fines --> why? Because many individuals in the "black market" underground will access, buy, and sell that PII for non-Citizens/those who do not have health insurance-->they will be using it for their own "services" with fake ID presented as the same name and person that your company revealed their PII.                  
                    
    Summary: Your/Your Company liability can be far more reaching than you could ever imagine. It happens every day in the United States where "Joe" walks up to the urgent care or hospital needing emergency care with someone else's ID/SSN/healthcare insurance information all for the right price!
  4. Fraudulent emails are easy to design and cheap to send, which gives threat actors incentive to use repeated email attacks. DMARC provides an automated approach to reducing fraudulent email, before it ever reaches an employee’s inbox. In addition, DMARC helps prevent adversaries sending email to your organization or others purportedly from your staff.
  5. HOW DOES DMARC WORK? 
    DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques. DMARC also provides instructions on how the receiver should handle emails that fail to pass SPF or DKIM authentication. Options include sending the email to quarantine or rejecting it entirely.
  6. DMARC provides the receiver with an email address to provide feedback to the sender. 
    Potential feedback can include that the sender’s email was rejected/quarantined by the receiver or that a threat actor is attempting to imitate the sender’s domain.
  7. HOW CAN I ADOPT DMARC ON MY DOMAIN?                                                                                        
    Savvy organizations that adopt DMARC do so in strategic stages, with feedback loops between IT departments and their staff (depending on the size of the organization of course!). Because DMARC can block third parties delivering mail on the purported sender’s behalf, some intended messages may be flagged as illegitimate in some cases - which is a very small price to pay (risk vs. reward) in cybersecurity honestly.
Below Are A Few Steps Organizations Can Take To Ease Into DMARC Over Time:
1. Deploy DKIM & SPF in reporting-only mode first, listing known authorized email servers (such as vendors and trusted internal/external Partners).
2. Collect and review reports to identify unknown email servers.
3. Work with business units and IT staff to identify servers and determine their legitimacy.
4. Update DMARC policy flags to “quarantine” then to “reject” as confidence increases that most or all legitimate
servers have been accounted for.