Kim Komando Daily Tech Update
Kim Komando Daily Tech Update

3 moves to protect your inbox

7 min
Mar 31, 202618 days ago
Listen to Episode
Summary

Kim Komando discusses three critical email and account security moves to protect your inbox from fraud and scams. The episode covers two-factor authentication, account takeover fraud prevention, and solutions for unwanted emails and unauthorized OneDrive sharing.

Insights
  • Account takeover fraud exploits email as the master key to all linked accounts; securing email with 2FA is the single most effective defense
  • Authenticator apps provide superior security to SMS-based 2FA by generating codes that exist only on your phone, making them immune to SIM swapping
  • Cloud storage platforms like OneDrive and Google Drive have sharing notification vulnerabilities that scammers exploit; users must proactively disable all sharing alerts
  • Scammers are evolving tactics beyond email to exploit calendar and document sharing features, requiring multi-layered account security approaches
  • Even tech-savvy users struggle with persistent unwanted emails and sharing exploits, indicating a systemic platform design issue rather than user error
Trends
Account takeover fraud becoming mainstream attack vector targeting email as central identity hubShift from SMS-based 2FA to authenticator app adoption as security best practiceExploitation of cloud storage sharing features as emerging scam delivery mechanismCalendar injection scams using email-to-calendar integrations for phishing and solicitationGrowing disconnect between platform security features and actual user protection from social engineeringScammers targeting family-shared devices and multi-generational account accessMicrosoft and Google struggling with platform-level abuse of sharing notification systems
Companies
Microsoft
OneDrive sharing vulnerability discussed; users must disable sharing notifications to prevent scammer exploitation
Google
Google Drive and Google Calendar experiencing similar sharing notification vulnerabilities as Microsoft platforms
PayPal
Referenced as example account compromised in account takeover fraud scenario affecting listener's friend
Amazon
Referenced as account compromised in account takeover fraud scenario affecting listener's friend
FBI
Official source for terminology and classification of account takeover fraud as criminal activity
People
Kim Komando
Host providing security advice and taking listener calls about email and account security issues
Jane
Long Island caller reporting persistent unwanted sexual solicitation emails and unauthorized OneDrive sharing
Quotes
"A criminal gets into your email, finds every account tied to that address, requests a password reset link. That link goes straight to your inbox. One click and just like that, your bank account belongs to a stranger."
Kim KomandoAccount takeover fraud explanation
"These apps generate a fresh code every 30 seconds. And it only lives on your phone. So even if they have your password, they're locked out cold."
Kim KomandoAuthenticator app security explanation
"See, these hackers and scammers, they are getting so creative. I mean, there's a calendar scam that's going on right now, where they, you get an email and then all of a sudden it pops up on your calendar."
Kim KomandoEmerging scam tactics discussion
"It's so weird that Microsoft hasn't been able to truly stop this, because you're not the only one that this is going to."
Kim KomandoOneDrive vulnerability discussion
Full Transcript
Managing money used to take up a lot of my time. I'd spend hours tracking bills, subscriptions, and upcoming payments. Well, thanks to RocketMoney, everything is now organized in one place. It's so much simpler. The app shows every subscription you're paying for and lets you cancel the ones you don't need with only a few taps. Together, RocketMoney users have canceled subscriptions and saved over $880 million. RocketMoney also keeps track of where your money's going and gives you a heads up before your bills are due, or if your account balance is getting low. On average, RocketMoney users save more than $70 in their first month using the app. And here's what I really like about RocketMoney. It can move money into your savings automatically. So you put money aside without even thinking about it. It makes managing your money a whole lot easier. Let RocketMoney help you reach your financial goals faster. Join at rocketmoney.com.com. That's rocketmoney.com.com. RocketMoney.com.com.com. My friend Lisa called me the other night. Her voice was shaking. Someone drained her PayPal account. Then her Amazon tried her bank too. All of it in one night. Here's how they pulled it off. The FBI calls it account takeover fraud. A criminal gets into your email, finds every account tied to that address, requests a password reset link. That link goes straight to your inbox. One click and just like that, your bank account belongs to a stranger. So here's your move. Turn on two-factor authentication right now. Better yet, grab an authenticator app, Google authenticator, or Microsoft authenticator. These apps generate a fresh code every 30 seconds. And it only lives on your phone. So even if they have your password, they're locked out cold. And no code, no access, it's done. I got tired of all the AI hype, so I created a brand new free newsletter. You can sign up right now at splashofai.com. Next up, a call from my weekend show. The Kim Kumando Show. Enjoy. Every business is asking the same question. How do we make AI work for us? The possibilities are endless and guessing is way too risky. Sitting on the sidelines is not an option. Your competitors are already making their move. This is exactly the solution I turned to. With NetSuite by Oracle, you can put AI to work today. As the number one AI cloud ERP, trusted by over 43,000 businesses, it brings your financials, inventory, commerce, HR and CRM together into one single source of truth. Making your AI smarter. It doesn't guess, it knows. It automates routine tasks, delivers insights, cuts costs and powers fast AI decisions. Now with NetSuite's AI connector, you can take the AI you already trust and connect it straight to your business. This is not another add-on tool. It's built into the system that runs your business. NetSuite helps you stay ahead. If your revenues are at least seven figures, get their free business guide, demystifying AI at netsuite.com. The guide is free to you at netsuite.com slash cam. That's netsuite.com slash cam. Okay, oh, this is where I get to talk to my people. I just looked over the phone and it says sexy emails. Well, from Jane in Long Island, New York. Oh, Long Island. Forget about it. What's going on, Jane? I'm doing well, thank you. How about yourself? Say there, I love it. Before we get into the call, I just need to know, Jane, you put your clothes in what? A dresser? Oh, I put it in a dresser, yes. What is specifically in the dresser? My pants, my shirts, my underwear. What is that that you pull out of the dresser that you put your- My clothing? No, you pull out. What is that piece of, what is that thing that you- It's got two handles, you pull it out. You know, I have to tell you, my son is a speech pathologist and he corrects me. Every time I say the word, D-R-A-W-E-R. She won't even say it. Oh! But that's what she's going to get out of me. Come on, Jane. Come on, you and I, we say the same way, the drawer. Drawer. We got the drawer. Drawer. The drawer. Oh, is she, is she, is she tried hard to say that correctly? I have been coached. The drawer, drawer. Okay. All right, now that we've got that out of the way, what's going on with you? So, I've been very bothered lately, past a month and a half, two months, with junk emails that are soliciting sex. And obviously I've been, you know, blocking all the addresses that they're coming from, but they continue to come. And then additionally, I started getting shares to my OneDrive, which are all PDFs related to sex. And Liam, my concern is that I can't get rid of them. I've done some investigation and read that no one else can figure out how to get rid of them either, or to block them. And I have grandkids that may use my computer sometimes. Hey, Lynn Gray. Granny, what are you doing? Who's Bambi? How is Bambi related to us? No, I have a question. When you say they're soliciting, is it actually like, you know, hi, my name is Teresa, would you like to get together tonight? Yes. Okay. And they're sending, they're sending vulgar pictures. Okay. Well, here's, let me tell you what's going on. Here's what's going on. This is coming in off of Microsoft OneDrive. See, these hackers and scammers, they are getting so creative. I mean, there's a calendar scam that's going on right now, where they, you get an email and then all of a sudden it pops up on your calendar. And you're like, where did that come from? And it's a scammer that says, you know, would you like to have, would you like to see a timeshare or whatever it may be? So what's happening with OneDrive is that you have to turn off the all sharing notifications. It's so weird that Microsoft hasn't been able to truly stop this, because you're not the only one that this is going to. So you get into OneDrive and then your settings and notifications, and then you turn off all sharing. This will stop the alerts cold and then go to shared and shared with me. And then you have to turn off that as well and remove anything that's shared. See, that's what they're doing. See, it's like an open door. Right. They're coming right in. It's like air drop. Yes. And so you need to just go into your Microsoft OneDrive settings and start turning all that stuff off. You know, Google is having the same problem too. So if this is on happening on your Google account, where you're getting suddenly Google docs and calendars and forms, I mean, basically you need to turn off all sharing with any of your online drives. It's so annoying. Let's see, Jane, thanks for your call today on Long Island. Love that. Boys.