June 16, 2011

Lulzsec - Careful there

You may or may not have heard of Lulzsec. In the online world they have been grabbing attention by grabbing info.

Massive Gmail phishing attack hits top U.S. officials

They've gotten gmail users, Sony, Citigroup, the IMF, the US Senate, the CIA, and oddly enough writerspace.com (an online website service for writers), probably a few more I'm not aware of or forgot after reading all this.   But I think this conveys the idea... they are prolific, proficient, and they have an agenda.

Today I received an email purporting to be from someone concerned because my email address was in the list of those that had been compromised.  I was sent several links where I supposedly could check for myself...

Ooookey dokey... I'll get right on that. 

While anything is possible. It's highly unlikely that the email was real.  First of all, I have to go through major contortions to get at my gmail password... I don't know it so I can't just type it out. I use 1Password and I never have to type my passwords once they are stored, the passwords are long and random.   I don't have them memorized and I have not gone to the trouble to find any password and pass it on.  Along with other safety features and 1Password, I am pretty sure I'm covered so far.

So, unless I missed something, I have not been "phished". 

It's always possible that someone broke into the gmail servers and managed to steal data.  Google claims this did not happen, but in the world of 1's and 0's anything is possible. 

What I did NOT do is respond in any way to the email I received.  I did not click any links, I did not write them back.  I trashed it.  I also changed my password as a precaution and I'm keeping an eye on my sent email box to make sure nothing is going out that I did not send.

If you happen to receive anything similar, I highly recommend you do the same. Unless you have a computer you feel like trashing along with an email address you'd like to abandon, it's not worth the problems to pursue trying to find out what's at the other end of the links. 

Consider this your email safety tip of the day.  Watch what you click!  Before you hit that link, think about what might be at the other end. 

Yes, you can receive emails from the email box (or return email address) of a person you know. This does NOT mean it comes from that person. Their email account may have been hijacked OR someone may be "spoofing" the return address so what you see looks like someone you know. 

Here are some things to look at when deciding whether or not to click a link or respond:

Does it look suspicious? 
So one of your friends sends you a link that ends in .ru - all it says is "Watch this".   Really? Are you going to click it? 

Does it even begin to sound like someone you know? 
You get an email from a friend but it's spelled strangely, it's not at all how they usually write, and the link looks strange (or is one of those compressed urls).  Are you going to click it?

Do you know the person?
A "good Samaritan" sends you an email telling you to "check here" to see if there is a problem. Are you going to click the link?

If you answered yes to any of the above - you are already or soon will be in trouble.  At the very least, if it's a friend, email them back and ask if they sent the link.  Better yet, just give it a miss. Trash the email.  There is very little out there that you will miss by doing this.  And you will keep yourself a little bit safer.  (No you won't see the latest naked celeb... what a shame)

There are more I could add here, but I hope this is a nice little sample to get you thinking. Even if I mentioned every type of phishing email I've seen, I'd still miss one. The real point is think before you click.

Oh yeah - never ever ever give your password out to anyone.  If you ever find that you have given out a password - even for what seems to be a good reason... change it as soon as possible.

If you use gmail - you may want to enable their new 2 factor authentication.  They explain it here.

That's just a few little things.  I didn't want to write a book so do not consider this to be complete.  Just something to jog your elbow and make you pay attention.

Stay safe!

Posted by: Teresa in WebTech at 11:20 PM | Comments (3) | Add Comment
Post contains 799 words, total size 5 kb.

1 Thank you - you're one of the very few sources I trust. Unless you e-mail me & tell me you didn't write this post ... then we're all SO boned!

Posted by: Rev. Paul at June 17, 2011 12:27 AM (y+0ce)

2 Poor H, he used to click every link he received, back when he was new to online.  After several screaming fits from me as I debugged his machine, he stopped.
Of course, now I get calls at work saying "Who do we know named "Mom"? Can we trust this one?"

Posted by: LeeAnn at June 17, 2011 06:04 AM (dioqO)

3 Rev Paul... LOL.

LeeAnn - well, at least he asks... *grin*

Posted by: Teresa at June 17, 2011 04:09 PM (xE2iU)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
25kb generated in CPU 0.02, elapsed 0.0235 seconds.
69 queries taking 0.012 seconds, 221 records returned.
Powered by Minx 1.1.6c-pink.