7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Google is pretty regularly adds new features to Gmail, but there’s always room for improvement, and third-party developers have been quick to plug the gaps. Here are seven browser add-ons that are polished and powerful enough to be native features (and hopefully will be one day…).

Advertisement


1. Checker Plus for Gmail (Chrome, Edge)

Checker Plus for Gmail is a totally different way of checking for new email. Rather than having a Gmail tab always open, you can click the Checker Plus for Gmail icon on the Chrome toolbar to see new messages and quickly process them. You can mark messages as read, delete them, and generally manage your inbox without even launching Gmail.

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Checker Plus for Gmail

There’s support for multiple Gmail accounts, so it’s really good for managing multiple Google email addresses, and we really like what this browser extension does in terms of customizations as well—you can configure which inbox labels get shown, set up a Do Not Disturb window, alter the look and appearance of the add-on window, and more.


Imagine if emails weren’t flooding into your inbox every minute and every hour of the day; instead, they arrived only when you allowed them to. It might go a long way to reducing email anxiety and inbox distraction, and this is exactly what Inbox When Ready provides. The core feature of the add-on, brilliant in its simplicity, is to completely hide your Gmail inbox from view.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Inbox When Ready

You can still search through and compose emails, but you’re not constantly seeing unread counts and alerts about new messages. Inbox When Ready keeps track of the times when you decide to show your inbox as normal, and you can configure the extension to lock you out of your email at certain times, or limit the total time you can look at your emails for.

Advertisement


Todoist is a full-fledged app in its own right, but its associated browser extension is a perfect example of the sort of extra functionality that could be added to Gmail. While Google has made some effort to integrate Google Tasks with its email client, the Todoist browser add-on is a much more polished and much more capable option.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Todoist

The Todoist for Gmail extension adds a new button on the toolbar for opened messages, so you can quickly add a new to-do based on the message you’re reading. You can still edit the title, frequency and other settings for the task as you go. You also get access to your lists from the pop-up box in the lower right-hand corner of the Gmail interface.

Advertisement


Boomerang initially made its name as a great option for scheduling messages in Gmail, and even though that’s now a native feature Google added to Gmail, Boomerang is still worth a look for all the other tweaks and tricks that it brings: reminders for unanswered emails, help with composing messages, an inbox pause option, and more.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Boomerang

The first change you’ll notice when you install Boomerang is a big Pause Inbox button on the left that you can use to stop the flood of incoming emails. You also get new buttons added to various other screens, so you can use the browser extension to hide emails until you’re ready for them, or schedule emails to be sent at a specific time in the future.

Advertisement


5. Simplify Gmail (Chrome, Edge) 

Google usually maintains a minimal aesthetic, but there’s no doubt that the Gmail interface can get cluttered at times, and that’s where Simplify Gmail comes in. As the name suggests, it tweaks the look of Gmail on the web to focus on what’s most important, meaning fewer distractions for you as you work through your busy inbox.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Simplify Gmail

The extension was put together by one of the co-founders of the now defunct Inbox by Gmail, and it borrows some of the visual ideas of that app. There’s more white space, the option to hide a lot of the on-screen elements, a better layout for conversations, and clever use of background images, too—and all of this can be easily customized if needed.

Advertisement


Simple Gmail Notes simply lets you append notes to the email messages in your Gmail inbox, which is actually a more useful feature than you might think, and one that we hope is on the radar of at least one Google engineer. Being able to add notes to individual emails and conversation threads means you need never lose track of an idea or a contact again.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Simple Gmail Notes

How you decide to use Simple Gmail Notes is entirely up to you. You might want to add notes on contacts, clients, or projects, or set yourself reminders for follow-up emails, for example. Your notes get synced across devices courtesy of Google Drive, and you can take control of where the notes appear on screen as well as the default colors used for them.

Advertisement


One useful feature we’d like to see Google add to Gmail is the option to flag and block common email-tracking technologies. These are typically little tracking pixels hidden in emails that enable the sender to see when and where you open up the email, and even the app you used to browse your inbox. That’s where Trocker comes in.

Advertisement

Illustration for article titled 7 Gmail Browser Extensions That Are So Good They Should Be Native Features

Screenshot: Trocker

The extension will keep a careful eye on your inbox, stopping these pixel trackers from loading and giving you a heads up about which messages include them (the tracking pixel itself gets replaced by a little Trocker image, too). As an added bonus, it works with just about every web email app, so the online Outlook and Yahoo portals are also covered.

Advertisement

Do you have information about something going on in the genre (sci-fi, horror, fantasy) entertainmen

Do you have information about something going on in the genre (sci-fi, horror, fantasy) entertainment industry? We want to know! Email us at tips@io9.com—not just with info, but if you’ve made art or a cool fan film that you’d like us to showcase, or anything else, you can send that too! Don’t forget you can follow us on Twitter, Facebook, and Instagram.

5 Reasons to Ditch Gmail for ProtonMail

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Image: ProtonMail

You may assume that you have to rely on Google, Apple or Microsoft for fast and free email, but that’s not true. If you want to break away from the big tech giants, there are other options. One of those is ProtonMail.

Many Gizmodo staffers rely on Gmail, but some of us also use ProtonMail, and we think it’s worth highlighting this lesser-known service. ProtonMail may lack the polish of its rivals, but it does have some advantages.


1. It’s fast and free

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Screenshot: ProtonMail

Advertisement

Let’s start with the basics: ProtonMail has a free tier, and you’ll get your messages quickly. Those are two of the most important facets of any email service, and this one checks those boxes. The interface is slick and uncomplicated, even if it is a bit more basic than the apps offered by its big name rivals. It’s simple and clean, and keeps the focus where it should be: on your messages.

ProtonMail makes its money from paying customers. A premium subscription includes more storage (only 500MB is free) and features like multiple email addresses attached to one account. The service is perfectly usable without these extras, though, and unless you want to keep years and years of emails on file at all times, you’ll be fine with the free tier.


2. It’s neutral and independent

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Image: ProtonMail

Advertisement

There are plenty of free email services around, but they often require you to give up a measure of privacy and control. Some, like Google, have historically served up targeted ads based on the contents of your email (though the company has said it no longer does this). Others, like Apple, want to lock you into their ecosystems so you never buy a device or subscribe to a service offered by another company ever again.

It’s a refreshing change to use a “neutral” service like ProtonMail (bonus: the company is actually based in Switzerland). You’re not being pushed to use a particular browser or smart assistant or chat service while you’re checking your messages. ProtonMail is an option if you think the tech giants have already claimed enough of your digital life.

Advertisement


3. It’s private and anonymous

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Image: ProtonMail

Advertisement

End-to-end encryption is one of the key features promised by ProtonMail, with a zero-access setup ensuring that not even ProtonMail can see what your messages are about. What’s more, the code and cryptography that ProtonMail is built on open source and available for anyone to see, so there’s no chance of any back doors being hidden away.

On top of the encryption, the service offers other features designed to protect your privacy. You don’t need to provide any personal details when you sign up, for example, and ProtonMail doesn’t keep IP logs of your account access. There’s also the option to set an expiration date for sent email messages, so you can use your email account more like you use Snapchat.

Advertisement


4. It’s available anywhere

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Screenshot: ProtonMail

Advertisement

We’ve already mentioned the independence and neutrality of ProtonMail, and it’s also available on any device. You can use the webmail client on desktops and laptops, and on mobile you can use the apps for Android or iOS. For third-party clients, IMAP and SMTP support is available for the desktop, but you need to be a paying customer in order to use it.

There are plenty of useful privacy and security features on mobile. You can protect the app with biometric security, for example, so no one else can read your email even if they get into your phone. If you check out the iOS app, you’ll see that the privacy label only has one entry in it: diagnostics (which aren’t in any way linked to your identity).

Advertisement


5. It offers plenty of extra useful features

Illustration for article titled 5 Reasons to Ditch Gmail for ProtonMail

Screenshot: ProtonMail

Advertisement

ProtonMail is much more than a bare-bones email service. You can view emails in conversations, Gmail-style, and use a combination of both labels and folders to keep your messages organized (though these are limited on the free plan). On the security side, there’s support for two-factor authentication and easy access to your login history.

Upgrade to a paid plan (from $5 a month) and you can set up filters and rules to sort your messages as they arrive, set up an auto-reply message, access smart import and export options, and even configure custom domains for your email addresses. The extra protection of a VPN service is another paid-for extra you can add to your account.

Advertisement

X-Rays Help Scientists Read ‘Letterlocked’ Renaissance Mail

A computer-generated depiction of the letter’s step-by-step virtual unfolding.

A computer-generated depiction of the letter’s step-by-step virtual unfolding.
Image: Courtesy of the Unlocking History Research Group archive.

In July 1697, Jacques Sennacques of Lille, France, scribbled off a missive to his merchant cousin, Pierre le Pers, in The Hague. The subject of discussion was a death certificate for their relative, a topic which the cousins had discussed previously but le Pers had neglected to follow up on. The letter was the Renaissance equivalent of a “per my previous email,” and it was only just read for the first time since it was sealed 324 years ago.

But though it was read, the letter remains unopened. It’s letterlocked, a term coined by MIT conservator Jana Dambrogio for letters that use specific folds and slits to seal themselves, without the need for an envelope. Letterlocking was the typical way of sealing messages in the days before mass-produced envelopes; Queen Elizabeth I of England had at least five different letterlocking variations for privatizing her correspondence.

In a unique application of the technology, Dambrogio’s team “unfolded” Sennacques’ epistle virtually using X-ray microtomography, which allowed the researchers to circumvent the often damaging process of a manual letter opening. The team’s research was published on Tuesday in the journal Nature Communications.

Advertisement

A virtual unfolding of the centuries-old letter.
Gif: Courtesy of the Unlocking History Research Group archive.

“I remember a feeling of elation, as in, [oh my god] we finally did it,” said co-author Rebekah Ahrendt, a musicologist at Utrecht University, in an email. “Having worked with this collection for a number of years, the effect of ‘I’m probably the first person reading this since it was written’ has admittedly worn off a bit…That said, this letter is such a wonderful example of the concerns of normal people at this time.”

It’s not known why le Pers never got the letter—given his profession, he may have moved. But the sealed letter remained in the care of the chief postmasters of The Hague, Simone de Brienne, and his wife, Marie Germain. The couple didn’t discard the enclosed familial matter because in those days letters were purchased by recipients, not paid for by their senders. Some postmasters kept unclaimed letters in case someone eventually came along to buy them. The couple in charge of The Hague’s post were either hoarders or resolutely optimistic, because they held onto the letters until they died. Thousands of letters in Brienne and Germain’s charge were preserved in an old trunk, and 600 of them are unopened letterlocked messages; it’s an amazing assemblage of European conversation suspended in time, now called the Brienne Collection. The collection resides at The Hague’s Sound and Vision museum.

Shooting X-rays through the letter penned by Sennacques yielded the spread of iron-rich ink he jotted across each fold in the letter. The X-rays’ intensity were about a third of those used by the same machine for its original purpose—imaging teeth and bones.

Advertisement

The team’s legible results, with the letter’s faint watermark at center.

The team’s legible results, with the letter’s faint watermark at center.
Image: Courtesy of the Unlocking History Research Group archive.

“We start with a very high resolution CT scan of the folded letterpacket, basically a 3D x-ray image,” said co-lead author Amanda Ghassaei, the algorithm engineer lead on the project and who previously has worked on simulating the folds in origami, in an email. “From there, our algorithm detects individual layers of paper in the scan and reconstructs the folded geometry. This computational pipeline allows us to observe writing, watermarks, seals, internal folds, and any other information hidden inside the letterpacket without doing any damage to the original artifact.”

Advertisement

But that wasn’t enough. The team also had to decrypt the folded letter, understanding which characters fell where in the unfolded version. To do this, they employed a computational flattening script, to deconstruct the letter without touching it. Though an imperceptible jumble of characters from the outside, sheathed in the khaki paper, the research team was able to extract the message without issue.

The research team didn’t describe any of the folded layout of Sennacques’ letter in code; the algorithm did the heavy geometrical lift.

Advertisement

The Renaissance chest contains missives from around the world sent to The Hague.

The Renaissance chest contains missives from around the world sent to The Hague.
Photo: Courtesy of the Unlocking History Research Group archive.

“The message and intricate internal mechanics of these letters are only known to us because they have been virtually reconstructed,” said co-author Holly Jackson, an undergraduate at MIT and an algorithm engineer on the project. “Our methods are fully automatic, unbiased to scan orientation, and require no prior knowledge about a letterpacket’s folded geometry.”

Advertisement

So, to author the new paper, the team used X-rays to detect the layout of ink on a piece of centuries-old paper, they built and deployed an algorithm to unfold that paper virtually, and they described the contents of that letter alongside a complex dictionary for the diverse techniques of letterlocking as a greater practice in days before envelopes. Essentially, the work was threefold.

The sum of these efforts is a clear-cut plan of attack for the roughly 600 letterlocked items that remain in the chest. The qualms of cousins, marital disputes, state secrets—who knows?

Advertisement

It’s as close as history can get to holding its breath.

In the 1970s, Email Was Special

Computers and magnetic tape storage at the U.S. Department of Justice circa 1973.

Computers and magnetic tape storage at the U.S. Department of Justice circa 1973.
Photo: Hulton Archive/Getty Images (Getty Images)

Social HygieneSocial HygieneThe internet is hell, particularly social media. In this series, we discuss the ways it’s flawed and how it could be better.

What was the internet like in the 1970s? It was an incredibly small community of university researchers, government employees, military contractors, and more than a few spies. But those people all built and tinkered with the earliest technologies to create something that would transform the lives of everyone reading this message today.

One of the most vital technologies to emerge from this period was electronic mail or “network mail” as it was known at the time—something we call email today. And while we may think of email as integral to our experience of the internet, it wasn’t always a given. Email had to be invented, but once it was, people loved it.

Versions of electronic mail actually predate the internet, but they’re perhaps best thought of as electronic post-it notes because the message weren’t able to travel very far. A program called MAILBOX was developed for large time-sharing computers at MIT in the early 1960s to exchange messages between people who may have been just a few hundred feet apart. Time-sharing—the ability to utilize computers most efficiently by dividing up any downtime across a broad group of people—was one of the entire reasons computer networking and the ARPANET was so appealing. But even more importantly, the MAILBOX tool could be used to exchange messages between people who may be using the same computer at different times of the day or night.

Advertisement

The first host-to-host connection of the ARPANET, the precursor to the modern internet, occurred on October 29, 1969 between a computer at UCLA and a computer at Stanford Research Institute. And not even three years later, in 1972, proper email that was able to traverse the internet was invented by Ray Tomlinson, a government contractor at BBN. Tomlinson is the one who came up with the idea to use the @ symbol in email. Others at BBN, MIT, and ARPA, built on top of the work that Tomlinson did to improve electronic mail.

Back in 2015, I spoke with Stephen Lukasik, the former deputy of ARPA in the late 1960s and early 1970s (now known as DARPA) and he explained how he commissioned a study from MITRE to see how people were using the Arpanet. Astonishingly, roughly 75% of all net packets in 1974 were being used for email. Needless to say, email was a huge hit from the very beginning.

Email is an incredibly ephemeral medium for archivists, but thankfully we have some printouts from this period that gives us a sense of what email was like back in the 1970s.

The messages from the 1970s would be familiar to anyone who uses email today, except for a few tiny tweaks. The messages are numbered, and it includes the number of characters in the message, like this email sent on November 15, 1976 to Edward A. Feigenbaum, who worked on artificial intelligence and computer science at Stanford University.

Advertisement

Illustration for article titled In the 1970s, Email Was Special

Screenshot: Stanford University Libraries (Fair Use)

The messages of the early days could be short, as the one above. But they were supposed to be for official business. In fact, when UCLA’s Len Kleinrock sent a message of a personal nature in September of 1973 he felt like he was getting away with something illicit.

Advertisement

The legendary 1996 book Where Wizards Stay Up Late by Katie Hafner tells the story of Kleinrock returning from Europe to Los Angeles in 1973 only to realize he’d forgotten his electric razor at a conference. Kleinrock sent a message to Larry Roberts, another early internet pioneer like Kleinrock, and was able to get his razor back after Roberts alerted a mutual friend who was traveling back from the UK to L.A.

From Where Wizards Stay Up Late:

Kleinrock’s razor retrieval caper wasn’t the first time anyone had pushed past official parameters in using the network. People were sending more and more personal messages. Rumor had it that even a dope deal or two had been made over some of the IMPs in Northern California. Still, tapping into the ARPANET to fetch a shaver across international lines was a bit like being a stowaway on an aircraft carrier. The ARPANET was an official federal research facility, after all, and not something to be toyed with. Kleinrock had the feeling that the stunt he’d pulled was slightly out of bounds. “It was a thrill. I felt I was stretching the Net.”

Advertisement

As can be expected, many of the discussions happening over email in the 1970s were over technical problems that researchers on the early internet were encountering. People would schedule meetings, discuss the problems, and brainstorm which tools might be best to tackle any given issues.

Below, we have emails from July 1976 that were printed out discussing a keyword program that sounds like it had plenty of problems.

Advertisement

Illustration for article titled In the 1970s, Email Was Special

Screenshot: Stanford University Libraries (Fair Use)

The internet today is awash in all kinds of messages, including emails that flood our inboxes. The idea of “inbox zero” is a constant struggle for some people as we wake up in the film Groundhog Day to answer email after email.

Advertisement

People of the 1970s didn’t have fancy filters to automatically sort their email or make life “easier” through the wonders of automation. But there’s always an upside to the simplicity of any technology’s earliest days. In the case of email, it did seem like people valued this new communications tool in a way that no one wanted to waste it.

Yes, getting your electric razor back after forgetting it might not be a matter of national security. But such a task is obviously much more important than probably dozens of emails you’ve already received today.

Advertisement

How many of those emails are just invitations to Zoom meetings that could have been an email? They didn’t really have that problem back in the 1970s. At least most people didn’t.

GoDaddy: Sorry We Promised Holiday Bonuses, That Was Just a Phishing Test

Illustration for article titled GoDaddy: Sorry We Promised Holiday Bonuses, That Was Just a Phishing Test

Photo: Jenny Kane (AP)

GoDaddy decided that December would be a great time to test whether its employees are staying alert when it comes to cybersecurity threats. At a time when its staff is trying to navigate a holiday season hobbled by a pandemic and an ailing economy, the web hosting giant sent a phishing email with an offer that was too good to be true and now it’s very sorry.

Advertisement

Arizona-based news outlet The Copper Courier first reported that GoDaddy employees received an email on December 14th with the subject line “GoDaddy Holiday Party.” The email informed workers that the company is looking forward to the annual holiday party and will be issuing “a $650 one-time Holiday bonus.” Two links were included in the email and employees were instructed to choose their location and fill in some details on a form to ensure they’d get receive their bonus before the holidays. Unfortunately, the whole offer was just a test to see if employees would fall for such a scam if a bad actor to try to redirect them with a malicious link.

Two days later, around 500 GoDaddy employees were informed that no bonuses were coming and they’d failed a corporate phishing test. GoDaddy’s chief security officer Demetrius Comes wrote in the follow-up email that failing employees “will need to retake the Security Awareness Social Engineering training.”

Advertisement

Many companies perform these kinds of tests and the tell-tale sign tends to be that deceptive email is sent from an email address that appears to be from a corporate account, for example, my boss might try to phish me with an email from an address ending in @gizmondo.com. But GoDaddy runs its own email service and the fake phishing email was sent from an account with the address, happyholiday@godaddy.com. It’s easy to see why so many workers failed the test, and it’s easy to understand why GoDaddy would see such a glaring vulnerability in its systems after the company just suffered an embarrassing data breach earlier this year.

What’s not understandable is the cruelty involved in the setup of this test and the lack of follow-through on an employee expectation of a routine bonus in a year when the company reported record growth while participating in the larger corporate trend of laying off workers. Cybersecurity is important for a company like GoDaddy but this same test could’ve been conducted, training mandates could’ve been issued to anyone who failed, and bonuses could’ve still been delivered to everyone.

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a GoDaddy spokesperson told Gizmodo. “While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.” The company did not reply when Gizmodo asked if it intends to issue the bonuses.

Data breaches can be a gigantic headache for a web hosting company but if no one wants to work there and no one wants to do business with an organization that treats its employees like dirt at the toughest moment in the toughest year in a generation, there’ll be nothing to keep secure.

Advertisement

A Hacker Is Reportedly Selling Hundreds of Microsoft C-Suite Email Credentials for As Little as $100

Illustration for article titled A Hacker Is Reportedly Selling Hundreds of Microsoft C-Suite Email Credentials for As Little as $100

Photo: Drew Angerer (Getty Images)

How much are a CEO’s email credentials worth? According to one hacker, anywhere between $100 and $1,500 will do, although the specific price will be set depending on the company’s size and the person’s role in it. Unfortunately, this is not a drill: There are purportedly hundreds of C-suite level email credentials being sold on a Russian-speaking underground forum, ZDNet reported on Friday.

Advertisement

ZDNet found that the hacker is selling email and password combinations for Office 365 and Microsoft accounts belonging to high-level executives such as the CEO, COO, CFO, CMO and CTO, among many others. The hacker posted an ad for the credentials on Exploit.in, an underground forum for Russian-speaking hackers, along with login information for an executive at a UK business management consulting agency and for the president of a U.S. apparel and accessories maker as a way to prove his offering was legitimate.

Advertisement

Per the report, ZDNet worked with an unnamed source in the cybersecurity community who contacted the hacker to obtain samples of the data being offered. The source gained access to valid login information for two Microsoft accounts. One of them belonged to the CEO of a medium-sized U.S. software company and the other belonged to the CFO of a retail store chain based in the EU.

The outlet reported that the cybersecurity source has confirmed the validity of the data. The source is in the process of notifying all the companies that their executives’ email credentials have been compromised.

Gizmodo reached out to Microsoft to ask it to verify the report and describe any actions taken.

We are aware of the report and will do what is necessary to help support our customers,” a Microsoft spokesperson told Gizmodo via email. “We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. To increase security we recommend taking additional steps like turning on multi-factor authentication.”

Advertisement

Microsoft also pointed Gizmodo to its online safety resources page.

Although it’s not clear how the hacker obtained the hundreds of Microsoft email credentials he’s peddling, the cyber intelligence firm KELA offered a possible clue. KELA told ZDNet that the same hacker had in the past expressed interest in buying “Azor logs,” a reference to data collected from the AZORult trojan malware. AZORult steals data from compromised systems, including saved passwords from browsers and email, Skype message history, files from chat history, and desktop files, among many others.

Advertisement

Raveed Laeb, a product manager at KELA, told ZDNet that corporate email credentials can be exploited by cyber criminals in many ways.

“Attackers can use them for internal communications as part of a ‘CEO scam’—where criminals manipulate employees into wiring them large sums of money; they can be used in order to access sensitive information as part of an extortion scheme; or, these credentials can also be exploited in order to gain access to other internal systems that require email-based 2FA, in order to move laterally in the organization and conduct a network intrusion,” Laeb said.

Advertisement

As noted by ZDNet, the best way to protect yourself from these types of attacks is by enabling two-factor authentication, also known as multi-factor authentication. MFA requires you to present two pieces of evidence in order to gain access to your account. This means that a hacker would need to steal, for example, your credentials and your phone in order to be able to do something with them.

Advertisement

Do people do this though? Apparently not. At the beginning of the year, Microsoft stated that out of all the enterprise accounts hacked, only 11% had MFA enabled.

[ZDNet]

Update 11/28/2020, 11:55 p.m. ET: This post has been updated with additional comment from Microsoft.

Advertisement

A Hacker Is Reportedly Selling Hundreds of C-Suite Email Credentials for Microsoft Accounts for As Little as $100

Illustration for article titled A Hacker Is Reportedly Selling Hundreds of C-Suite Email Credentials for Microsoft Accounts for As Little as $100

Photo: Drew Angerer (Getty Images)

How much are a CEO’s email credentials worth? According to one hacker, anywhere between $100 and $1,500 will do, although the specific price will be set depending on the company’s size and the person’s role in it. Unfortunately, this is not a drill: There are purportedly hundreds of C-suite level email credentials being sold on a Russian-speaking underground forum, ZDNet reported on Friday.

Advertisement

ZDNet found that the hacker is selling email and password combinations for Office 365 and Microsoft accounts belonging to high-level executives such as the CEO, COO, CFO, CMO and CTO, among many others. The hacker posted an ad for the credentials on Exploit.in, an underground forum for Russian-speaking hackers, along with login information for an executive at a UK business management consulting agency and for the president of a U.S. apparel and accessories maker as a way to prove his offering was legitimate.

Advertisement

Per the report, ZDNet worked with an unnamed source in the cybersecurity community who contacted the hacker to obtain samples of the data being offered. The source gained access to valid login information for two Microsoft accounts. One of them belonged to the CEO of a medium-sized U.S. software company and the other belonged to the CFO of a retail store chain based in the EU.

The outlet reported that the cybersecurity source has confirmed the validity of the data. The source is in the process of notifying all the companies that their executives’ email credentials have been compromised.

Gizmodo reached out to Microsoft to ask it to verify the report and describe any actions taken.

“We are aware of the report and will do what is necessary to help support our customers,” a Microsoft spokesperson told Gizmodo via email. “We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. To increase security we recommend taking additional steps like turning on multi-factor authentication.”

Advertisement

Microsoft also pointed Gizmodo to its online safety resources page.

Although it’s not clear how the hacker obtained the hundreds of Microsoft email credentials he’s peddling, the cyber intelligence firm KELA offered a possible clue. KELA told ZDNet that the same hacker had in the past expressed interest in buying “Azor logs,” a reference to data collected from the AZORult trojan malware. AZORult steals data from compromised systems, including saved passwords from browsers and email, Skype message history, files from chat history, and desktop files, among many others.

Advertisement

Raveed Laeb, a product manager at KELA, told ZDNet that corporate email credentials can be exploited by cyber criminals in many ways.

“Attackers can use them for internal communications as part of a ‘CEO scam’—where criminals manipulate employees into wiring them large sums of money; they can be used in order to access sensitive information as part of an extortion scheme; or, these credentials can also be exploited in order to gain access to other internal systems that require email-based 2FA, in order to move laterally in the organization and conduct a network intrusion,” Laeb said.

Advertisement

As noted by ZDNet, the best way to protect yourself from these types of attacks is by enabling two-factor authentication, also known as multi-factor authentication. MFA requires you to present two pieces of evidence in order to gain access to your account. This means that a hacker would need to steal, for example, your credentials and your phone in order to be able to do something with them.

Advertisement

Do people do this though? Apparently not. At the beginning of the year, Microsoft stated that out of all the enterprise accounts hacked, only 11% had MFA enabled.

[ZDNet]

Update 11/28/2020, 11:55 p.m. ET: This post has been updated with additional comment from Microsoft.

Advertisement

Update 11/29/2020, 18:30 p.m. ET: The headline has been updated to clarify that it was not Microsoft C-suite executives who had their credentials stolen, but rather C-suite executives using Microsoft accounts. We regret the confusion.

You Don’t Have to See That Horrid New Gmail Logo If You Use a Mail Client

Change is hard. I get that. Judging by the dismay on Twitter over the Gmail logo change, few people are happy with the multi-colored M. Some have blamed the email logo change for missing important missives. Others complain it’s now visually indistinguishable from Google’s other app logos. To everyone in the throes of an extremely first-world mental breakdown over a largely inconsequential thing, I have a simple solution: Get an email client for desktop. If you use Gmail’s mobile app, get a different mail app.

Advertisement

“B-b-b-ut Gmail! My whole life is on Gmail!” You say, clutching your imaginary pearls, as if Gmail and its stranglehold over email is something you have to give up. It’s not. I simply don’t understand the madness of keeping a dedicated tab open at all times to access your email. Chrome is already a RAM hog. If you, like me, have an egregious number of tabs open at every single waking moment, tabs for each of your email accounts are an unnecessary eyesore. If you only have one email, you can get away with it, sure. I have five emails that I monitor at any given time. Pfffffft I can’t dedicate five tabs at a given time to an open web browser. I’m not a maniac.

Email clients are beautiful that way. A neat little program on your desktop (or laptop) that can organize and manage every single one of your inboxes for you. Now you only have one program. Granted, it too will take up RAM but never to the extent that I’ve felt my laptop slow down or lose performance. And even if it did, the benefits of a desktop mail client are worth it.

Advertisement

It may be personal preference, but once you gain the infinite power of seeing all your emails in one program at once, going back to one email account per tab is unbearably annoying. You also don’t lose out on features like snoozing emails. If anything, your customization options are enhanced. It depends on the client. Each comes with their own feature set and some may be better suited to your personal needs than others. Many have “smart inboxes,” which automatically filter based on your usage what’s spam and what likely needs your attention. Others give you the option to aggregate all your inboxes into one mega-inbox, while also providing settings so you respond from the correct address.

I use Spark and that integrates with Todoist—another to-do list app I use. If instead of snoozing, I want a concrete reminder to reply to an email, I can just export it to my to-do list, complete with a link to that exact email. Alternatively, I can right-click and select “Search Email by Sender” to bring up every email that person has ever sent me—without having to go to the search bar. Again, this just happens to be the client I’ve settled on as it works best for my needs. There’s a crapton of free and paid options out there that I assure you, offer a better experience than Gmail in multiple web browser tabs.

The other benefit of an email client on your desktop? You already, instantly, get an offline backup of all your emails. Perhaps it’s a morbid, paranoid thought but in the event you suddenly get laid off, there’s no scramble to run to your computer and save all your contacts or documents. You already have a searchable copy.

Advertisement

But what about mobile? I’ll get a lot of shouting in my inbox for this, but Gmail’s mobile app is a steaming pile of donkey shit. I keep downloading it thinking that this time is the time I’ll understand the best way to use it, since it keeps popping up on “Best Email App” lists. But alas. While it’s okay for managing a single account, it’s clunky as hell if you want to check up on three or more email accounts at a time. There’s no good, easy way to see at a glance how many unread emails are in each of my inboxes.

Alternatively, I’ve got no way to view every “Important” email from all my accounts in one place. Again, I have to switch accounts. Sometimes, because I am old and my memory is shriveled, I don’t remember which account the important email is in. I don’t have time to manually check one folder for a single, potentially mythical email. Or, if I have multiple accounts in the Gmail app, I can’t search all of them at once. My option is assaulting my eyes with the All Inboxes view, or manually switching between accounts. When it comes to notifications, I’ve found that Google’s “High Priority” settings are less than foolproof and I’d rather die than get notifications for every single email I get. Actually, that’s true for most settings. Apple’s iOS Mail client is also stinky garbage, and if you have an iPhone, you can do better.

Advertisement

All of these quirks are nonexistent in my Gmail app-free life, and yet, I have even more freedom over email experience. The Spark app lets me pre-load templates in case I just have to shoot off a quick email like “I’m not near a keyboard right now but I’ll get back to you ASAP.” I can manage settings for all my emails accounts in one place. The smart notification filters mean I only get notifications from people I know and have interacted with. Most importantly, I’ve made it so there’s never a goddamn red bubble, regardless of how many unread emails I may have.

Advertisement

You don’t have to use the client I do. In fact, there’s a good chance it may not be the best for your needs. But there are dozens upon dozens out there, many of which have figured out how to streamline and customize the whole email thing in ways that Google has continually failed to do. You can pay if you want, but you absolutely don’t have to. The best part is, you don’t have to ever look at that infernal Gmail logo ever again.