It has come to my attention that criminals and “spoofers” or scam artists are using the 3rdCompass.org name in fake emails that appear to come from 3rdcompass.org to try and get login credentials and other information. This is a common ploy used by spoofers, so as with any emails, text messages, phone calls, instant messaging, or social media messages, use caution when you are asked for personal information or logins, even when it appears the message is coming from the authentic source.
You may not know that it is relatively easy for email scammers to fake the sender in email addresses. This does not require the sender’s account to be stolen, but only needs special computer email server or sending programs. Using customized or hacked email sending programs is likely how the spoofers sent the emails spoofing 3rdcompass.org that I know about.
This ministry will never send messages asking you for personal information, passwords, or other login information, so pay no attention to any messages asking for personal details or security information.
Tips for Cybersecurity
- No matter where or how you get a message (email, phone, social media, etc.), don’t assume the sender is who they say it is. User accounts are often hacked, taken over, and used to send messages, which do appear to come from the person or organization you know because their email or social media account was taken over by a hacker.
Email messages, though, can be faked, as I noted, without need to take over the sender’s account or computers. These messages appear to come from the actual person or organization even though it didn’t. With the right technical resources, it is just as easy to send fake emails as it is for criminals to copy, print, and send an envelope and letter that appears to be from an official organization.
- Always examine links in messages before you use them. Be especially suspicious with messages that tell you to use a link to login or enter other personal information. Without getting into complicated Internet link protocol, it can be difficult for a layperson to identify if the link actually goes to the official website, but if you know the official website name, it should be near the beginning of the link.
For example, 3rdcompass.org will be in any links given by this ministry, such as
http://3rdCompass.org/go?v=posts-by-topicThe complete site name, including the dot before org or com, must be in the link. You do not need to worry about capitalization of letters, as website names are not case-sensitive, so 3rdcompass.org is the same as 3rdCompass.org. However, any text after a website name may be case-sensitive, but that is not important for this discussion.
Spoofers also try to trick people by using an official website in their own links, such as
amazon.validate.com/loginThis link appears to be related to amazon.com, but the link would actually go to a subdomain for a completely separate website named validate.com
Spoofers also use website names that include an organization name or use misspellings or nearly identical spellings of an official website. Examples of this are:
amazon-validate.com/login, amason.com/login, amazon.au, amazon.netBut even if you know how a link should be structured, sometimes organizations use “shortcut” links that don’t show the organization’s website in the link, so you can’t tell where the link actually goes unless you use it. In this case, I would not use a link from a suspicious email or message, because simply clicking on or using a link can get your computer or phone hacked, as some computer viruses and malware can easily spread just from viewing a webpage or using a link that is infected.
This is why I recommend using quality Internet security and virus protection on computers.
- Use Internet security and virus/malware protection on computers, tablets, and phones.
- Make sure your computer, phone, and tablet system updates are installed when they become available.
- Use strong passwords for your logins that do not use birthdates or other easily guessed words or numbers. Instead, use concepts or memories that are personal to you but are not publicly known, so that you can remember them easily, such as a hobby, favorite food, memorable moment, etc.
- Use stronger and different passwords for accounts related to banking and financial services.
- Use different passwords and limit personal information for accounts with companies based in countries with questionable governing authority. For example, governments run by authoritarian dictatorship authority, like China, Russia, and Iran, who can easily get access to an organization’s database should not be given the same passwords or full personal details that you use for your other accounts.
Customer data given to organizations based in countries with corrupt governments will be at risk in coming times of war.
- There is no completely secure Internet storage or "cloud" storage. As someone who spent most of their life in computer systems engineering and Internet engineering, I know the security and integrity of Internet storage is only as good as the company, organization, or person can or will provide, even if they advertise secure and encrypted data storage.
All computer systems can be hacked into, as there are often break-ins at major companies where hackers steal customer information. Companies that keep social security numbers and other identifying information are often targets for hackers seeking profit from identity theft. I’ve seen data theft at credit reporting organizations, banks, and even major computer companies that are leaders in computer security and Internet storage, like Microsoft.
All files and information you send over the Internet, whether it is through an encrypted service, connection, or website or not encrypted, ends up on computers that may not be secure and which are under the control of the people operating them. This is why I never store confidential files or use cloud back-up for my computer and other digital files, like documents. Anyone with access to the computers where files are stored for Internet or cloud storage can access your files.
So even if a website or service uses SSL encryption, where you see “https://” before the website name in your browser, will not ensure data protection. Connection encryption, like SSL, only encrypts the information as it goes from your computer to the computer that stores your files and information. How the information is secured on other end will depend entirely on the organization’s computer setup and security measures.
In the same way, email or file encryption services can be a waste of money because there is no way to completely secure messages or data from the sender to the receiver unless the information stays entirely within secured connections and secured computers.