WEBVTT - If You BBC Someone on an Email, Can Other Recipients Find Out?

0:00:01.920 --> 0:00:06.480
<v Speaker 1>Welcome to brain Stuff, a production of iHeart Radio, Hey

0:00:06.559 --> 0:00:10.920
<v Speaker 1>brain Stuff, Lauren vog Obam. Here. Your typical email program

0:00:11.000 --> 0:00:14.600
<v Speaker 1>has several options to simultaneously message more than one person.

0:00:15.040 --> 0:00:17.599
<v Speaker 1>You can load up the two box with many recipients

0:00:17.600 --> 0:00:20.520
<v Speaker 1>and then blast away. Or you can put some or

0:00:20.680 --> 0:00:23.400
<v Speaker 1>one in the two spot and then see ce the

0:00:23.440 --> 0:00:27.880
<v Speaker 1>rest or b C C some or all. That b

0:00:28.080 --> 0:00:30.840
<v Speaker 1>C C might be the trickiest, as it means that

0:00:30.880 --> 0:00:33.960
<v Speaker 1>not everyone is privy to the same information, and it

0:00:34.040 --> 0:00:37.160
<v Speaker 1>has some of the biggest risk for pitfalls. So when

0:00:37.159 --> 0:00:39.120
<v Speaker 1>do you CEE CEE and when do you b C C?

0:00:40.400 --> 0:00:44.280
<v Speaker 1>First the basics, the C C field probably stands for

0:00:44.440 --> 0:00:47.559
<v Speaker 1>carbon copy and the b c C field stands for

0:00:47.680 --> 0:00:51.320
<v Speaker 1>blind carbon copy. The carbon copies were common prior to

0:00:51.360 --> 0:00:54.920
<v Speaker 1>email communication, and even more so prior to photo copying.

0:00:55.600 --> 0:00:57.920
<v Speaker 1>In those days, if you wanted to distribute copies of

0:00:57.920 --> 0:01:00.800
<v Speaker 1>a typed or handwritten document, you might writer type them

0:01:00.840 --> 0:01:04.039
<v Speaker 1>on stacks of thin sheets of paper with a piece

0:01:04.080 --> 0:01:08.800
<v Speaker 1>of pigmented carbon paper sandwiched between each sheet. The pressure

0:01:08.840 --> 0:01:10.880
<v Speaker 1>of writing or typing on the top sheet of paper

0:01:11.000 --> 0:01:13.880
<v Speaker 1>would transfer pigment from the carbon paper to the blank

0:01:13.959 --> 0:01:17.880
<v Speaker 1>sheet underneath. Creating a carbon copy of the inked original.

0:01:18.480 --> 0:01:21.160
<v Speaker 1>You can still find carbon copies in some memo pads

0:01:21.280 --> 0:01:25.160
<v Speaker 1>or similar technology in more modern checkbooks and restaurants server pads.

0:01:26.319 --> 0:01:29.560
<v Speaker 1>But these days, an email CC means you sent a

0:01:29.560 --> 0:01:31.959
<v Speaker 1>copy of a message to someone other than the direct

0:01:32.000 --> 0:01:34.400
<v Speaker 1>recipient in the two line. It's an easy way to

0:01:34.480 --> 0:01:37.840
<v Speaker 1>keep vested parties in the loop on a subject. Notably,

0:01:37.920 --> 0:01:40.960
<v Speaker 1>the CC format allows everyone to see each other's email

0:01:40.959 --> 0:01:46.120
<v Speaker 1>addresses as well. BCC works the same way as CC,

0:01:46.680 --> 0:01:50.000
<v Speaker 1>except the direct recipient in the two line doesn't know

0:01:50.240 --> 0:01:54.480
<v Speaker 1>that anyone was BC seed on the message. So, for example,

0:01:54.680 --> 0:01:57.280
<v Speaker 1>if you emailed the subordinate at work about being late

0:01:57.320 --> 0:02:00.000
<v Speaker 1>with the project and bcced your own boss to show

0:02:00.000 --> 0:02:02.920
<v Speaker 1>them that you were being diligent about tardiness, your subordinate

0:02:03.000 --> 0:02:05.760
<v Speaker 1>wouldn't know that their lateness was being pointed out to

0:02:05.920 --> 0:02:10.840
<v Speaker 1>your own superior. If that sounds a little secretive or tattily,

0:02:11.320 --> 0:02:14.959
<v Speaker 1>it can be. BCCs usage can be loaded with etiquette

0:02:14.960 --> 0:02:19.200
<v Speaker 1>pitfalls and potential backlash. It might be perfectly innocent. Let's say,

0:02:19.240 --> 0:02:21.560
<v Speaker 1>if you're asking a question to a large group but

0:02:21.800 --> 0:02:24.639
<v Speaker 1>don't want to burden the entire group with receiving every

0:02:24.680 --> 0:02:30.040
<v Speaker 1>single person's answer. Just BCC everyone, But if you're purposefully

0:02:30.120 --> 0:02:32.880
<v Speaker 1>hiding the fact that there are other recipients, it can

0:02:32.960 --> 0:02:38.440
<v Speaker 1>be trouble. BCC is a notorious office space landmine, particularly

0:02:38.480 --> 0:02:41.959
<v Speaker 1>if a secret person who's blind copied doesn't just reply

0:02:42.040 --> 0:02:46.239
<v Speaker 1>to you, but accidentally hits reply all. Their reply will

0:02:46.240 --> 0:02:51.000
<v Speaker 1>go both to you and the messages direct recipient. Now, whoops.

0:02:51.360 --> 0:02:54.520
<v Speaker 1>One of many reasons to be careful about reply all.

0:02:55.560 --> 0:02:59.000
<v Speaker 1>But still, there are some very good reasons to use BCC.

0:02:59.760 --> 0:03:03.440
<v Speaker 1>Maybe a year supervisor of various contractor freelance workers who

0:03:03.480 --> 0:03:05.919
<v Speaker 1>never interact with each other, and you want to update

0:03:05.919 --> 0:03:09.440
<v Speaker 1>them all on policy changes without having to send individual emails.

0:03:09.960 --> 0:03:12.400
<v Speaker 1>This isn't just a matter of convenience for you. It

0:03:12.480 --> 0:03:15.760
<v Speaker 1>also protects the privacy of your freelancers who probably don't

0:03:15.760 --> 0:03:18.600
<v Speaker 1>want a bunch of virtual strangers to see their personal

0:03:18.639 --> 0:03:22.720
<v Speaker 1>email address. Or maybe your company trying to contact many

0:03:22.760 --> 0:03:26.640
<v Speaker 1>customers about an important issue. You absolutely have to use BCC.

0:03:26.919 --> 0:03:30.520
<v Speaker 1>Otherwise hundreds or thousands of people will suddenly see private

0:03:30.520 --> 0:03:34.240
<v Speaker 1>email addresses. That's a major breach of trust. But is

0:03:34.280 --> 0:03:36.760
<v Speaker 1>there a way for recipients to find out who was

0:03:36.840 --> 0:03:41.440
<v Speaker 1>BCC on a message. We spoke via email with Shared

0:03:41.520 --> 0:03:44.480
<v Speaker 1>de Grippo, Senior director of Threat Research and Detection for

0:03:44.560 --> 0:03:49.120
<v Speaker 1>Proofpoint Email. She said, generally recipients can't see if someone

0:03:49.160 --> 0:03:52.160
<v Speaker 1>has been blind copied on a message. Servers that receive

0:03:52.240 --> 0:03:55.960
<v Speaker 1>messages are designed to strip out BCC information before they

0:03:56.000 --> 0:03:58.640
<v Speaker 1>pass the message on to the recipient. This is the

0:03:58.640 --> 0:04:01.720
<v Speaker 1>case for all recipients, including those in the two c

0:04:01.960 --> 0:04:05.600
<v Speaker 1>C and BCC lines. The most common way for someone

0:04:05.600 --> 0:04:08.160
<v Speaker 1>to figure out blind copied email addresses is when the

0:04:08.160 --> 0:04:11.120
<v Speaker 1>sender accidentally puts people meant to be in the BCC

0:04:11.280 --> 0:04:15.960
<v Speaker 1>line in the CC line. However, she notes that threat

0:04:16.000 --> 0:04:19.760
<v Speaker 1>actors or packers have found ways to attack the privacy

0:04:19.800 --> 0:04:23.919
<v Speaker 1>of BCC. One would be to access the target's inbox

0:04:23.960 --> 0:04:26.120
<v Speaker 1>in one way or another and then simply look in

0:04:26.160 --> 0:04:28.359
<v Speaker 1>the scent items to find out who was sent a

0:04:28.400 --> 0:04:31.720
<v Speaker 1>BCC message. Or if your device is infected with data

0:04:31.720 --> 0:04:35.520
<v Speaker 1>stealing malware, an attacker could access messages in the scent folder,

0:04:36.400 --> 0:04:40.040
<v Speaker 1>the Crippo said. Another opportunity for compromise occurs when an

0:04:40.040 --> 0:04:43.680
<v Speaker 1>attacker intercepts the sender's network traffic while the email is sent,

0:04:44.040 --> 0:04:47.520
<v Speaker 1>and they see all recipients, including those blind copied, and

0:04:47.680 --> 0:04:50.200
<v Speaker 1>she explained that this kind of thing happens frequently when

0:04:50.240 --> 0:04:53.640
<v Speaker 1>someone is using public unencrypted WiFi and an attacker taps

0:04:53.680 --> 0:04:58.080
<v Speaker 1>into the WiFi network traffic. And finally, quote if an

0:04:58.080 --> 0:05:01.080
<v Speaker 1>attacker has compromised the emails rivers of the sender or

0:05:01.120 --> 0:05:04.480
<v Speaker 1>any of the recipients, or intercepts the network traffic between

0:05:04.520 --> 0:05:09.120
<v Speaker 1>these servers, they can also see all recipients. In other words,

0:05:09.279 --> 0:05:13.000
<v Speaker 1>BCC is anything but impenetrable, so if you're a spy

0:05:13.040 --> 0:05:16.839
<v Speaker 1>training in state secrets, you've been warned to protect yourself

0:05:16.920 --> 0:05:19.320
<v Speaker 1>when using BCC, you can take a number of steps.

0:05:19.720 --> 0:05:22.080
<v Speaker 1>The first and most obvious is to double check your

0:05:22.120 --> 0:05:25.640
<v Speaker 1>recipients before you send any BCC messages, just to be

0:05:25.760 --> 0:05:30.880
<v Speaker 1>absolutely sure you're using BCC and not CC. You should

0:05:30.960 --> 0:05:34.760
<v Speaker 1>also regularly update your security software and anti virus programs.

0:05:35.200 --> 0:05:37.839
<v Speaker 1>That way, your device will be guarded against current threats,

0:05:38.440 --> 0:05:41.440
<v Speaker 1>the Grippo said. Be sure to also safeguard your email

0:05:41.480 --> 0:05:45.400
<v Speaker 1>accounts with strong passwords and multi factor authentication whenever possible.

0:05:46.000 --> 0:05:49.320
<v Speaker 1>It's important to avoid using un encrypted public WiFi networks,

0:05:49.360 --> 0:05:51.680
<v Speaker 1>and if you must use them, be sure to use

0:05:51.720 --> 0:05:54.760
<v Speaker 1>a virtual private network or VPN that will encrypt and

0:05:54.800 --> 0:06:03.080
<v Speaker 1>protect your information. Today's episode was written by Nathan Chandler

0:06:03.080 --> 0:06:05.240
<v Speaker 1>and produced by Tyler Clang. For more on this and

0:06:05.279 --> 0:06:08.400
<v Speaker 1>lots of other technological topics, visit how stuffworks dot com.

0:06:08.480 --> 0:06:10.760
<v Speaker 1>Brain Stuff is production of my heart Radio. For more

0:06:10.760 --> 0:06:13.240
<v Speaker 1>podcasts for my heart Radio, visit the I heart Radio app,

0:06:13.320 --> 0:06:15.920
<v Speaker 1>Apple Podcasts, or wherever you listen to your favorite shows.