This Week’s Security Risks
Page One – LinkedIn Hacked!
This last week, like any other week had its fair share of security attacks. The most notorious was the LinkedIn hack where 117 Million user name / password combinations were stolen. Wednesday, May 18, was the date of this event – and yes, if you have a LinkedIn account you DO need to change your password. More importantly, if this alert applies to you – and if you are like a vast majority of people who use the same password for all your accounts (BAD Idea) — you need to change your passwords EVERYWHERE.
When you go to your LinkedIn account, you will be prompted to do this, so it’s not like you have a choice in the matter. I urge you to change all your passwords if you’re implementing a single password for most or all of your accounts.
Also, this seems like a good time to mention (again) that you should always use a completely different kind of password for any Financial institutions than for all other accounts.
I’m going to illustrate a couple of dangerous email phishing scams for this last week as well.
The first is one of the most ridiculous and amateurish attempts I’ve seen in a long time.
Subject: (YOUR NAME HERE), Notice of appearance in Court #00000185395
Sender: County Court – firstname.lastname@example.org <seriously?>
Content of this asinine message:
Dear (your name here), You have to appear in the Court on the May 25. Please, prepare all the documents relating to the case and bring them to Court on the specified date. Note: The case will be heard by the judge in your absence if you do not come. <note sentence structure> You can review complete details of the Court Notice in the attachment. Kind regards, Johnnie Hunt, Clerk of Court.
An attachment (00000185395.zip) will ruin your day if you are foolish enough to open it.
Another very popular phishing scam these days is the package delivery scam.
This comes under the guise of a package being shipped / delivered by USPS, DHL, FedEx and more.
Today’s example purports to be from DHL
Subject: Sorry for the delay here is your parcel! <sentence structure is your first clue>
Sender: DHL Global email@example.com
Hi firstname.lastname@example.org, Your parcel has arrived at 09:20:29 GMT. Courier was unable to deliver the parcel to you. Details Service (s): Delivery Confirmation Status: eNotification sent To view delivery status Click here or view the attached file for details. <takes you to bit.ly/1X..... which will infect your computer> Thank you, DHL.Express <<<
Terms & Conditions
An attachment (tracking.html) will ruin your day.
If you are expecting a delivery, always go directly to the shipper’s website and track the package from there. NEVER click on tracking links in an email before verifying the destination of the link in advance
Let’s all be careful out there and never click on a live link in one of these bogus tracking notifications.