Yahoo announced that 1 billion of their accounts were hacked. These accounts are now sold by internet criminals to other bad guys which are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account, looking just like the real ones. Here is what I suggest you do right away.
- If you do not use your Yahoo account a lot. Close it down because it’s a risk. If you use it every day:
- Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong, complex password or rather a pass-phrase.
- If you were using that same password on multiple websites, you need to stop that right now. Using the same password all over the place is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something non-obvious.
- At the house, use a free password manager that can generate hard-to-hack passwords, keep and remember them for you.
- Watch out for any phishing emails that relate to Yahoo in any way and ask for information.
Now would also be a good time to use Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether
- Be very judicious in deciding what apps to download. Better safe than sorry.
- If you *do* decide to download an app, first thing to check is the reviews, apps with few reviews or bad reviews are a big Red Flag.
- Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the AppStore or Google Play.
- Give as little information as possible if you decide to use an app.
- Be very, very reluctant to link your credit card to any app!
There is more information about this at the New York Times:
These bad guys are going to exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with AdultFriendFinder, delete them immediately, both in the office or at the house.”
Please forward this to friends, family, colleagues and peers
Here is one of the examples of Ashley Madison extortion that came out after that hack, and you can expect the bad guys to do the same thing with AdultFriendFinder:
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $625 USD) to the following address:
1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you
need help locating a place to purchase BTC, you can start here…..
You might even get text messages to your smartphone that try to trick you into going to a site with the exclusive pictures of his death. If you see any social media posts or get emails with links or attachments, do not click on anything, do not open attachments or reply, and if it is social media, do not touch and do not share or forward. These bad guys will use anything to shock and trick you into clicking.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.
2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR looks like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont’ fall for it! http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
A lot of companies have support pages on social media. A good example is PayPal that has a Twitter support page. You need to watch out for bad guys who are tricking people with fake support pages. Here is how this scam goes down:
- The bad guys set up a fake PayPal Support page on Twitter.
- They monitor the real PayPal Support page on Twitter for potential victims.
- A PayPal user reports a problem on the real Twitter PayPal Support account.
- The bad guys swoop in and respond to that user from their fake PayPal Support page and tell the user to log in on a fake PayPal support site with their real PayPal username and password.
- Game over. Bad guys now own your account and steal money.
What To Do About It: If you have problems with a vendor, do not use social media to complain and/or resolve the issue because everyone else can see this including the bad guys. Go to that vendor’s website and use their existing support webpage to create a trouble-ticket — not their social media pages.
This is an awareness message for all my followers to update your IOS to the latest version “9.3.5”. Apple is patching three zero-day vulnerabilities. For details please read this article: http://www.csoonline.com/article/3112767/security/apple-patches-ios-security-flaws-found-in-spyware-targeting-activist.html
There is a new Scam Of The Week where bad guys have taken an actual past scam that the Federal Trade Commission has resolved and is now refunding money on. Bad guys take these FTC cases by
and create a phishing attack out of them
Here is the rule: If you receive any emails from an official-sounding organization that promises you a refund for any amount, be very careful and never click on any links or open any attachment you did not ask for. Delete the email.
When you are really expecting an FTC refund, go to their website yourself using your own shortcut, or by typing the address in your browser, or Cut & Paste this URL: https://www.ftc.gov/enforcement/cases-proceedings/refunds (this link may be redirected, do not click on the link)
Remember: Think Before Your Click!
There is a current email phishing scam going on where you get an official-looking email forwarded by your ISP, which states you have violated HBO copyrights and illegally downloaded Game of Thrones.
The email has a link to a website where they say you can pay the fine. Don’t fall for it. The message was sent by cybercriminals and they would get any money you pay.
In general, it’s a bad idea to illegally download shows and movies for two reasons. First, you are indeed violating copyrights which can turn out to be very expensive when you get sued. Second, the websites promising these downloads are often compromised and infect your computer with all kinds of malware.
If you receive such a notice and want to verify if this is for real or not, contact the real IP-Echelon directly which you can do here: https://www.ip-echelon.com/contact-us/
Remember: Think Before You Click!