In the wake of the news that a group hacked into Yahoo and stole email account information from 453,492 accounts, each of us should be aware of the potential impacts of that breach of information. “Concerns about a flurry of new spam messages and the use of poor password protection by people that use very simple or common passwords are two of the bigger risks to you and me,” says Dave Morgan, Director, technology and Information systems for Bethany Village and Graceworks Lutheran Services. He offers the following advice:
Complex Passwords
The news reports about people still using simple passwords like “123456” or any combination of characters from a row on the keyboard “qwerty” are subject to easier account access. Short passwords are also easier to crack than longer passwords.
“With this recent security breach activity fresh in our minds, it is probably a good time to change passwords on our personal accounts that contain personal or credit card information to something that is longer and more complex,” he said.
Complex passwords do not have to be hard to remember, but they should contain numbers, special characters and should not be a single common word.
Spam and Phishing
Spam messages appearing to come from a reputable source–such as someone you know or a company that you might do online business with–are becoming more and more prevalent. The creators of these messages usually model their message after an authentic message, to fool both the spam filters and email recipients. These bogus emails are written to create some concern or worry which prompts a sense of urgency in us. Resist that sense of urgency which typically prompts you to react first, by clicking on the link in the email. Wait…do not click on that link; learn how to spot a scam.
How to spot a scam
1. Use your mouse to hover over the link in the email before you click on it. Hovering over the link usually displays the URL. If the link does not appear to be a legitimate domain from the sender of the email then it could be a phishing email.
2. Check the email’s properties. In Outlook, go to the File tab, select Properties and look at the box labeled Internet Headers. This shows the email’s path to the end user. If the email is not from the company that appears to have sent it suspect a scam.
3. Crosscheck with your bank or credit card company before clicking on a link. By going to their website directly without using the hyperlink you may find that they have a warning or fraud alert. You can also follow up with the bank or credit card company by phone to verify a problem with your account, versus clicking the email link.
To be safe, never click on the link provided in the email. Open your web browser and go to that company’s web site or the account site that was given when you setup the account. If you do not have an account with that company that would be all the more reason not to click on a link in the email.
Cybercriminals are getting more creative in their phishing attempts, especially if armed with account information and passwords that has been stolen!