PHISHING EMAILS – You’re the Fish

When it comes to Phishing Emails – You’re the Fish!

It’s always Phishing Season for Fraudsters. Phishing attacks use emails and sometimes text messages or malicious websites to get information from their victims. The ruse is an attempt to lure you, under the pretense of a problem or an emergency, to click on a link or open an attachment. There is usually a circumstance that is presented to you that requires your attention and your follow-thru, in order to resolve an immediate problem or issue. The emails claim that there will be dire consequences if you ignore the message.

Phishing Emails
DON’T CLICK ON LINKS!

Phishing emails often have the look and feel of authentic communications. Company logos are easily cloned and used in fake phishing emails. Inconsistent or incorrect spelling and grammar are also a tell-tale sign of phishing emails.

Most legitimate emails from businesses would include your name and/or the last few digits of your account number. An email from a friend or family member should be personal in nature. These targeted messages can trick even the most cautious person into doing something that may compromise them. Even if the email is from a known source, people should use caution, because Cybercriminals are very good at mimicking trusted businesses, or even friends and family.

Phishing Emails are Designed to Infect a Victim’s Computer with Malware.

You want to avoid getting Malware installed on your computer.  Infections can result in your downloading keystroke-logging software that enables a scammer to steal information from you as you type passwords or account numbers on a website.

Malware also gives the cybercriminal the ability to use the email addresses of everyone in your email program to spread SPAM to all of them. Your friends and family may be fooled into believing the SPAM email is safe (because it’s from you); and will therefore click on a tainted link or infected attachment in the email.

TIPS and ADVICE

  • Never click on links or open/download attachments – unless you are 110% sure AND have confirmed that they are legitimate.
  • If you receive what appears to be a phishing email or text, always go directly to the source (not the info in an email) to confirm that this is not a scam.
  • Hover you mouse over the sender’s address. You may see that the email address is not consistent with the name of the company or it may be a long string of numbers and symbols that don’t make sense.
  • If calling a business to confirm the email’s legitimacy, be sure to call the correct phone number. In some instances, fraudsters will purchase phone numbers that are only one digit off from those of a legitimate company. These fake (usually toll-free numbers) are an effort to trap people who may mistakenly dial an incorrect number or area code of a bank, credit card issuer, or other legitimate organization.
  • Suspicious emails should be reported to the Federal Trade Commission (FTC) by forwarding the email to spam@uce.gov.  Be sure to report it to the legitimate organization that the email pretends to originate from. You can also report it to your email provider. Once you’ve done that, you should always delete the tainted email from your computer.

EVERY YAHOO CUSTOMER HIT BY 2013 BREACH

Way back in 2013, Yahoo had 3 Billion customers worldwide – who had a user-account with them. ALSO – way back in the month of August 2013, every single Yahoo customer was affected by a historical data breach. Yes, EVERY SINGLE Yahoo customer was affected in that 2013 breach, totaling 3 Billion accounts!

Every Yahoo Customer
DO YOU YAHOO?

Additionally, Yahoo was hit by another breach in 2014, which they said affected around 500 million of its customers. This breach is believed to be a separate incident from the 2013 breach. In March of this year, the Dept. of Justice indicted four people in connection with the 2014 breach – two Russian spies and two hackers.

It is unclear who was behind the 2013 breach, but the stolen data was up for sale on the dark web shortly afterwards. The dark web is an underground murky network, only accessible through special software, where criminals buy and sell their stolen data.

The compromised information included names, emails, phone numbers, birth dates, encrypted (hashed) passwords, security questions and the answers to those security questions. The stolen passwords were hashed, which is a form of encryption. It will therefore, be more difficult for crooks to crack them.

Although no financial information was stolen from every Yahoo customer, the info that was stolen is more than enough data for any criminal to use, for purposes of identity theft AND account takeover. 

Yahoo will be sending out notices to the additional affected accounts. Following their prior hacking revelation, Yahoo required password changes and invalidated un-encrypted security questions, in order to protect user info.

WHAT CAN YOU DO ABOUT IT? 
  • ALWAYS use unique passwords for each of your accounts. It is never a good idea to reuse the same passwords. Also, change your passwords periodically.
  • Make your passwords long, complex and hard to crack. Use sentences or phrases. Mix it up with numbers, symbols and upper & lower case letters.
  • Use two-factor authentication on all your important accounts. A code will be sent to your phone or email before you can successfully login to your account.
  • Beware of fake targeted emails that claim to be from Yahoo. These fake emails appear to be legitimate and will contain links and/or attachments designed to lure you into clicking on or opening them up. You’ll end up infecting your computer if you do!
  • Information you post on social media, coupled with what’s available via pubic records, makes it easier than ever for crooks to guess your security questions. So, use nonsensical answers to security questions instead of the actual real correct answer. For Example: Question: Mother’s maiden name – Answer: Pizza. Be absolutely sure to keep a record of those nonsensical answers you used, you may need them for future reference.