Polycred.com: A Secure And Reliable Platform For All Email Account Users With Simple Management

November 24 09:36 2021
Polycred.com: A Secure And Reliable Platform For All Email Account Users With Simple Management
Polycred’s offering ensures a secure and reliable experience for the world’s 3.8 billion email account users

These past couple of years have been nothing less than a rollercoaster for people across the globe. As a result of the pandemic, the ongoing shift to digital platforms took center stage and accelerated at a much higher pace. It is not surprising that this progression to an online format brought its own set of challenges and concerns, the foremost being the question of security and privacy. Discussions around cybersecurity have been ongoing for years now and, with the swiftly changing internet landscape and the increase in cybercrime, it is of utmost importance to address the issue.

Polycred, a web extension that generates email aliases, began operations earlier this year with the main objective to address these growing concerns and protect the 3.8 billion email accounts that are currently in use. Patrick O’Brien and Aaron Lefkowitz, both software developers with over 25 years of experience, originally established the company in order to protect email account users from possible cyber attacks. In the wake of increasing threats online they detail Polycred’s focus on the issue of privacy and security also helps combat spam emails that mailbox owners are all too familiar with.

Many experts believe that email addresses are as sensitive and personal as identifying material such as social security numbers or date-of-birth. How does an email address function like one of the pathways into your financial lives when we send messages across various platforms? And how does Polycred help us to overcome this issue?

“Email address” has it in the name; it’s an address. It helps locate you and identify you. When you’re on the phone with a business or government agency verifying your identity, they’ll ask you for your date of birth, your address, zip or postal code, and increasingly now even your email address. Much like you wouldn’t want someone entering your house, it’d be a safe bet that you also don’t want someone entering your email account.

Of course, an attacker can only breach your email account if they know what your email address is. They can only provide that email address to an agency they’re trying to trick into believing they’re you if they have it to provide. They can only attempt to reset a password to an account on a website if they know the account name – which is almost certainly an email address in this day and age.

Much like you don’t hand out your address to every business you walk into or random strangers on the street, it’s not a good idea to be giving your email address out to every website or random strangers in the comments section of your favorite site.

As banks and financial institutions have increasingly switched to online platforms, email is a critical part of identification – and yes – identification theft for these systems.

Polycred means you never need to give your email address away to anyone ever again except to those individuals and businesses you fully trust. It generates email aliases for your primary email account that work for seamless sending and receiving of emails straight to your regular inbox. By using your email aliases, even if an address leaks in any way, you can turn it off and create a new one.

You have been working as a software developer for over 25 years, and I’m sure your journey must have been long and rewarding. But every incredible journey has its own challenges. As someone who is passionate about cybersecurity, I am interested in hearing what kind of cases you came across during this time period that might be surprising to others outside our industry too?

I think what people often miss about cybersecurity is that it’s fundamentally a human problem. Often when people hear that there was a big hack, they believe it’s all technology and that it’s the fault of a bunch of programmers somewhere, but that’s unusual, at least at the big-company level. Insiders facilitate many company data leaks, and many security breaches result from poor training or poor execution of company security policies.

Exploiting this is all about convincing people to give you information or downright help you execute an attack. A great demonstration of this from a popular video is when a woman calls a man’s cell phone provider to see if she could get them to give her an email address that she could later use in further attacks. Not only was she successful in this, but she was also able to convince the cellphone company representative to add her to his account with full access and change his password, locking him out. With a bit of acting and pretending to be his wife, she was just convincing enough. It’s that simple and that scary.

The takeaway here is that you’re the only true protector of your data and personal information, and in this digital age, we all need to be a bit more careful about who we give our data to and who has access to it.

What is the most unusual cybercrime you have come across, and how can Polycred help fight against such a situation?

In 2020 the company that sells and manufactures the Ledger cryptocurrency hardware wallet suffered a data breach, and over one million victims had their personal information exposed. This information included their names, email addresses, phone numbers, and home addresses. As a result of this leak, these victims have become the target of some incredibly sophisticated and clever attacks. 

One extraordinary attack – and there have been many – has been the home delivery of a specially handcrafted device that replicates an authentic Ledger wallet’s exact look and feel, including authentic-looking packaging. Accompanying this fake hardware wallet is a signed note pretending to be from the organization’s CEO, asking users to load their cryptocurrency into the newly received device. Ironically it explicitly mentions the data leak as why the victim should use the new device and discard the old. Regrettably, once the victim attempts to load their cryptocurrency into this fake device, it sends the private key to the attackers over the internet and instantly steals the funds.

While Polycred can’t protect against this particular and smaller-scale home-delivery-based attack, it would have saved the victims from the more common attacks we’ve seen. For example, email phishing scams, emailed extortion threats, cryptocurrency exchange social engineering attacks, and password cracking attacks on online wallets that use the same email address everywhere. All of these attacks require the knowledge of the victim’s email address. 

Cryptocurrency has become more mainstream over the years, and with this newness comes risk. With cryptocurrency transactions becoming increasingly common in our everyday lives, there is also an increase in cybercriminals who want access to private information for nefarious means like identity theft or financial ruin. How do you plan to combat crypto fraud with Polycred? 

Cryptocurrencies have similar weak links as many online technologies. There’s an email and a password to access your exchange accounts. You may have an online wallet for your cryptocurrency secured with more of the same.

In the last several years, password managers have become a little more commonplace, but it’s unfortunately still the norm to see passwords reused everywhere. However, we collectively reuse our email addresses far more often than we reuse our passwords. It’s most often the case that you only have one or two, and you’ve used them on dozens and dozens of sites. Somewhat inevitably, this information gets leaked since every reuse of an email address increases the chance of a leak. 

The simplest account takeover can happen when you’ve reused both the email and the password on a different site. But reusing either is a problem. If you reuse your password on many sites, then you’ve given attackers an entry into your account if they can guess the email address or username. Similarly, if you reuse your email address on many sites, you’ve given them a known account to try various passwords and combinations on other sites. Other data leaks with the same email address help them build a personality profile for you so they can employ more convincing phishing attempts or use that as leverage to extract more information about you via vishing attacks towards the companies holding other vital personal information.

Crypto is protected similarly to everything else, and so it has the same vulnerabilities and weaknesses. The key is to give the attackers nothing to work with; if example.com leaks your email address and password, you shouldn’t have to worry about anything except your account on example.com. Polycred ensures this is the case because you never have to give out your email address; instead, you give everybody unique aliases that protect you from these reuse attacks and profile building.

Phishing emails are one of the most common ways that cybercriminals try to steal your personal information. There is a range of scams targeted at businesses where cybercriminals use misleading sales techniques that can be very convincing because they look just like legal or business-related messages. How can entrepreneurs protect themselves and their startups from email scams? 

The number one way is user education. Unfortunately, it’s an uphill battle given the email system we’ve inherited from yesteryear, which is very permissive by default. Products like Polycred help, but people need to stop clicking links until they verify the source with certainty. For technically inclined folks, SPF, DKIM, and DMARC are some technologies built on top of the email system that can help with this, all of which are implemented and used by Polycred to keep your email secure.

The best advice for entrepreneurs is to invest time and energy into security training early on. When you only have a handful of employees, it may seem silly to train staff to remain safe online and properly verify your users to ensure authentic access to customer support resources, but it’s critical. Data leaks and hacks are incredibly damaging to a company’s reputation. Furthermore, it’s the case that most entrepreneurs have never had to go through the hellish experience of having a data breach. Many business owners don’t realize that there can be tremendous costs in legal fees, restitution, government penalties, and more.

Protect yourselves with great tools like Polycred and other security-focused tools like password managers. Reward ethical penetration testers for helping to aid you in increasing your startup’s security. Invest in security training to shore up the human element, and make security a part of your routine business. Finally, don’t let security fall to the wayside because an up-and-coming enterprise cannot afford to deal with the consequences of a breach.

Media Contact
Company Name: Polycred
Contact Person: Patrick O’brien
Email: Send Email
Country: Canada
Website: polycred.com

view more articles

About Article Author