Sunday, September 25, 2016

Yahoo account holders, you need to do more than just reset your password

By now everyone has heard of the 500 million Yahoo accounts that were hacked and leaked online. CNN story here.

What to do

Of course, if you have a Yahoo login that you use for any purpose (e.g., Yahoo email, Yahoo groups, Yahoo shopping, etc.), you need to navigate to in your web browser and reset your password to a strong password. While you're at it, reset your security questions and answers and enable two-factor authentication using Yahoo Account Key.

See these Sophos tips for creating passwords. If you're really ambitious, you can take it one step further and use unique user names for the sites that hold your most sensitive data.

What not to do

Do not use that same user name and password combination on any other sites.

What else?

Be on the alert for phishing emails that exploit this "world's biggest hack" story. Scammers will try take advantage of situations like this by emailing users fake messages that are designed to steal your login credentials or banking information.

If you get any email related to the breach, just delete it. Don't reply to it, don't forward it, and don't click any links or open any attachments in the message.

Thursday, September 15, 2016

New type of tech support fraud: Email tells you to call toll-free number

In the last few years, web service providers like Google, Yahoo and Facebook have started sending emails to users to warn them when there is a possible security risk to their account, like an impersonator logging in from an unknown computer.

In the past, bad guys would copy these emails into phishing messages that trick you into logging in to a fake website where they steal your user name and password. Now, these fake security emails give you a toll-free (800) number that they claim you need to call immediately.

If you call the number, two things could happen:
  • You get to talk with a real cyber criminal, typically with a foreign accent, who tries to scam you. He or she claims there is a problem with your computer then "fixes" it and asks for your credit card info. 
  • You get sent to to voice mail or are put on hold until you hang up, but your phone number was recorded and stored in a queue; the bad guys then call you back and try the same scam. 
Remember, if you get emails that either promise you something that is too good to be true, or provoke you to act urgently in order to prevent some type of negative event, stop! Think. Don't click... or, in this case, don't pick up the phone.

If you ever need to call a vendor, use your web browser to navigate to the trusted vendor URL and call the number listed on the legitimate web page. Never use a phone number provided in an email.

Here is a link to a sample (and humorous) fake phone call, click here:

Friday, September 2, 2016

Beware email with .DOCM or .DOCX (Microsoft Word) documents attached

According to FireEye, the strain of ransomware called Locky resurfaced a few weeks ago. If you click the Word document attached to the Locky email, it runs a program that encrypts all your files, renaming each with the .locky extension. You have to pay up to get the decryption key that restores your files.

Below are screen shots of sample Locky ransomware emails. For a better view, click the image here, or go to the FireEye article at

A new variant reported three days ago in the SANS ISC InfoSec Forums uses the subject line "Transaction details." While the email generally looks the same as those pictured here, the attachment is a ZIP file containing a compressed Windows Script File (.wsf).

Any time you receive an email from anyone that contains an attachment or links, stop and take your hands off your mouse and keyboard. You do not want to click anything that is even remotely suspicious or unexpected. When in doubt, delete.

For more information, see "Locky" ransomeware - what you need to know.