Breaches have been in the news a lot lately, Snowden, Apple and Yahoo to name a few. Even though most states require formal notice within 30 days, it took 2 years for Yahoo to report that their passwords and user information was lost. We also hear about the other frauds happening to businesses and users; like the Apple Store Phishing attack with fake landing pages and fake login pages. I found a ‘Netflix’ Phishing scam in my junk mail folder just this morning, fortunately my Office 365 filters identified it as ‘junk’ but I would have liked it to have failed to get thru to my mailbox altogether.
A new Phishing attack can use a very realistic-looking Apple App Store or email from Netflix or other business message to trick you into trying to prevent getting charged for something you did not buy, like renewing your membership. This attack may make it through all the spam filters into your inbox so you must be alert for this fraud.
These phishing attacks try to make you fill out a page with your full address and credit card information so that you “will not get charged”. If you or a family member fall for this trick, it is highly likely that your credit card WILL get fraudulently charged and quickly.
Remember to never click on links in emails to go to a vendor’s website. Always use your browser and either type in the ‘correct’ (watch your spelling) address of the company or use a bookmark you have set yourself earlier. And while we are at it, never just open an email attachment you did not ask for.
Let’s stay safe out there and “Think Before You Click!”
Yahoo’s news should be a big notice to change your password and to be certain to never use the same password on different accounts. I know this makes for many passwords and to keep track of them all you really need a password manager that securely keeps your passwords safe. I see many people creating a Word document or Excel spread sheet to track their passwords, this is an unadvisable method. Storing passwords as an Outlook contact, while still an inadequate method, is less likely to be hacked than a simple document file, and only if you have a good email password. The better way is to use a password manager, I use LastPass which is free for desktops, or $1 per month for mobile access and works on ‘any’ device or browser. It will audit all your entered passwords to check if you are using the same in multiple accounts, assist you in updating your passwords and generate complex passwords for you. LastPass can also keep other data and best of all, it is encrypted. You only need to remember your LastPass password to access your list from anywhere. It isn’t perfect but once you have your Identity stolen it is very much worth the trouble. LastPass also has videos on their site to show you how to use the tool.
Action item: A quick word about Yahoo breach, if you have a Yahoo account you must change your password. If you used that password on other accounts, you will need to change those passwords as well.
Changing passwords can mean the change will affect how you access your information, like email. If you change your Office 365 password, this will cause you to update Outlook and your mobile email programs. A very simple task and you should do it at least 3-6 times a year for good measure if you use a simple to remember password.
Passwords should now be at least 10 characters long. It is best if you don’t use dictionary words for your account password, let LastPass generate them for you. I like to make my email passwords one case, 14 characters long and random, this makes it a bit easier to enter on iPhone.
One last comment, we are also hearing about ‘Support’ calls from supposed technologies companies. Please know that Microsoft does not call you unless you ask them and our techs will always identify themselves as ‘Mike’ from ‘K Square Technologies’.
My typical response to one of these fake calls it to tell them they should be ashamed of themselves for working for these kinds of companies, which will likely result in their hanging up the phone on you and good riddance to them.