Monthly Archives: June 2012

So much spam and phishing this last 24 hours

I’ve gotten more spam and phishing messages in the last 24 hours than in a really really long time. In case you don’t know the specifics:

  • Spam – is junk mail. Porn, dating and penis enlargements are in some of the common ones.
  • Phishing is “fishing”, they’re just throwing a line out there to see what they catch. THey send something list looks like it’s from a bank or credit card (“there is a problem with your account”) or from YouTube (“you h ave a new video in your favors” or “your video has been denied”) and then they redirect you to a site that looks like that site and hope you type in your password!
  • spamfish.jpeg

    I got one from FourSquare today, “Peter has sent you a message” and as I was thinking, “I didn’t know I could get messages on FourSquare”, I clicked on it. I could see it was bogus before it even loaded from the site it was taking me to. It was a messy address (http://sfjisdkf.ru or something crazy like that, sometimes they tray to trick with something like http://YouTubeMessages.FakeSite.com/ ) but it looks like a FourSquare address before I clicked it. This is a type of Social Engineering, they don’t hack into your computer they just trick you into giving them the password (it’s like the guy hanging out in front of a restaurant acting like he’s valet parking, he doesn’t even need to say anything, you just hand him the keys and walk away).

    The downside of me clicking on the link is that sometimes they put trackers in them, so they might now now that the guy at my address does actually click sometimes, and then target me for me.

    So I was just sharing some warning since I know I’ve seen more the last day, so you be careful out thereā€¦

    Why your passwords MUST be more complicated!!!

    WIth today’s (alleged) password breach of LinkedIn, it made me think to change some passwords. Why? Because I had a few accounts that use the same passwords. Yes, I know that’s bad. But they were “unimportant” to me at the time I was checking them out, but later they because more important and yet I still had a week password.

    If you don’t know why it’s bad here’s why: password.jpegNow that they’ve got your login and password, the bad guys are going to start plugging in that password into every computer system out there (Facebook, Amazon, Google, the USPS, Twitter, etc.) and knowing many of you, they’re probably all the same. Some variation doesn’t count, having your google password is gary1234google means someone’s probably going to guess for Facebook it’s gary1234facebook. There are computers out there trying to guess your password all day long, I promise you.

    A few of the sites I could log into, but couldn’t find where to change my password. So I logged out and clicked “I forgot my password” and it sent information to my e-mail account on how to reset the password.

    They’ve mentioned it’s only a small number of the passwords stolen (6 million), it’s assumed the other 150 million users were also compromised, they just had easier passwords to crack. They also believe that a bunch of eHarmony passwords were breached also, because many of the passwords consisted of the words “harmony” or eHarmony”. I think most of this is done for money, but do you really want some bored hacker posting your eHarmony information to your LinkedIn profile?

    To clarify about my accounts, most of my accounts that deal with money all have unique passwords (and unique logins) the same goes for my places that I shop. But a few older accounts still had some older shorter passwords. Does it matter to me if someone hacks those passwords? Maybe not, but still I want my Flicker photos right where I put them.

    With a site like “www.HowSecureIsMyPassword.net” you can punch in some passwords and it’ll tell you how long they might take to hack. FYI, most 8 character (letter and numbers) are about 3 hours. Try it, you don’t have to give them your password (if you don’t trust it), if you use a word, year or name, just try a different name and year, just so you can see (how many minutes or seconds it takes).

    Also, keep in mind if someone has access to your e-mail, they can have your password reset at many sites and have the change password information sent to the compromised e-mail (that someone else has access). Some sites are smart, Ticketmaster when resetting your password, also deletes your credit card information.

    Back to my passwords: Keep in mind some sites the function changes. Maybe when I created that password at the Post Office or FedEx, I just used it for tracking alerts or vacation holds. But now they might let me purchase postage or other things that I just couldn’t buy when I set it up with a non-complicated example.

    And I know some people don’t worry about shopping accounts, because they don’t keep their credit card information on-line. But all your receipts are in there, you might want that someday (and where you had all that stuff sent). What if you sign up for that Amazon card with the $50 bonus and it automatically puts it into your account?

    And when your computer remembers passwords for you, that’s great, but who else uses your computer? You trust them, but do you trust they won’t download a virus or something that will steal that information? What happens if you lose that computer or it’s stolen?

    Personally, I keep passwords on my computer just to wake it up from sleep mode. Passwords on my iPhone (10 tries and it deletes all the data on it). I even keep a password on my Kindle, why? Because I occasionally check my mail or access my Amazon account on it.

    I was surprised that some of the apps on my phone didn’t need new passwords. They had already authenticated to the other accounts so many seemed okay. I’m not sure I liked that…