Photo by Yura Fresh on Unsplash
There are apps that will allow you to e-mail money to your friends. But a nationally recognized IT security expert, Stan Stahl, Ph.D. (https://www.SecureTheVillage.org ), says the concept is fraught with danger.
More on Dr. Stahl’s warning later, as he explains how easily you could lose your money.
A news headline caught my eye. It wasabout an app, Square Cash, is available for Android and Apple users, according to Walt Mossberg’s review in The Wall Street Journal (The Money Is in the Email).
You’re able to e-mail cash right from your debit card to your friend’s. You can send up to $2,500 a week in either one or multiple e-mails, and you don’t have to login or use a password — just your e-mail on a computer, smartphone or tablet.
“There are other services that allow you to send money from one person to another digitally, Mr. Mossberg wrote. “You can do it via PayPal, or via a newer service called Venmo, which PayPal is in the process of acquiring. But I believe Square is simpler and more private.”
He was satisfied with his test drives of the app:
“I tested Square Cash, sending and receiving money in amounts ranging from $10 to over $1,000, with eight people, and it worked rapidly and flawlessly,” he wrote. “I can recommend it for anyone who needs to pay a small debt, give a cash gift, split a bill, or send cash quickly and easily.”
Mr. Mossberg’s caveat
“If fraud is suspected, the company says it can and will reverse the fund transfer. Still, digital services do get hacked, and email can be manipulated by thieves,” Mr. Mossberg warned. “The service notifies you via email or text that it appears you have sent money, which gives you a chance to cancel a transaction that didn’t come from you or was a mistake.
So, if you don’t trust Square to defeat such things, you shouldn’t use Square Cash.”
Security expert responds
Dr. Stahl, with a stellar record as a security expert, sees potential danger.
“This happens without exploiting any vulnerabilities in Square Cash,” he warns. “It exploits other vulnerabilities in the ‘ecosystem’.”
Stan Stahl, Ph.D.
Dr. Stahl explains how it’s possible to steal money from a Square Cash user (based on The Wall Street Journal account):
- A cybercriminal installs malware on victim’s mobile device (it’s easy if on an Android; harder if an iPad. On the victim’s workstation, it’s easy to do.)
- Malware emails a debit transfer of $1,000 to a Gmail/Yahoo/MSN email account created for the purpose, by using a money mule with a bank account as the recipient.
- Square Cash sends a confirmation email to the user; but the malware intercepts the confirmation email and replies positively.
- Square Cash moves the money to a mule’s account in accordance with instructions, which have been confirmed.
- The mule cashes out and sends the proceeds to the cybercriminal.
From the Coach’s Corner, here are more security tips:
Surprise — Cyber Criminals Chew up Apple Products, too — For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics.
Tips For Internet Security to Prepare you for New Cyber Attacks — According to a Web security study in 2013, Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.
Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.”
4 Tips to Defend Against Hackers When Traveling Overseas — The finger-pointing continues over the sources of cyber attacks on the U.S., including the media sites of The New York Times and Wall Street Journal.
“It’s always better to assume the worst.”
-Bruce Schneier
__________