Larilyn’s Tip of the Week

Impersonators aren’t a new thing, right?  They’ve been around since…..well…..at least since Elvis.
Something that is newer though is impersonation emails, because those have only been around since…..well, you know.  Since email became a widely used thing and bad guys decided to get involved.

What is an impersonation email?  Basically, it’s a phishing method where the bad guys send you an email that is crafted to look like it’s coming from someone you know or someone with authority in your organzation.  It’s all about impersonating someone that they are not.  

This makes it tricky to detect because they have gotten very good at making their emails look legit and like they are coming from the person they say it is.

But not all impersonations look alike.
So in order to help weed out imposters, most email users already have basic imposter detection in place.  It will look for things that seem a bit fishy.  For example, it might see [email protected] is emailing [email protected] – but Sarah’s domain is actually something different (like, inmotionisgreat.com) and is impersonating an inmotionnet.com email address.  So the email gets flagged because the email server can see the impersonation.

Or maybe [email protected] emails something to [email protected], and this gets flagged.  Sure, she may be forwarding something from her personal email to her work email.  Definitely a possibility.  However, it still gets flagged because it’s also possible that someone is just trying to impersonate Sarah and impersonated her personal email address instead of the domain email address.

When it comes down to it, being educated and aware is the most important thing.  So while it’s good that your email probably has some protection in place, still remember to be cautious when opening emails.  If it is from someone you don’t know, even if it looks like it’s coming from your own domain or office, don’t click links or attachments until you verify the sender.

Even if it is from someone you know but they are asking you to do something such as send a wire transfer or change account credentials and you weren’t expecting this from them – don’t do anything until you verify that it is from them.

And above all – please, please, please don’t add your own email address or domain to any allowed lists or filters.  That just makes it too easy for the bad guys.

Heartbleed Bug

OpenSSL is widely used to secure web servers on the Internet and other similar devices. A vulnerability in OpenSSL was found last month that allows attackers to easily capture privileged data from servers running specific versions of OpenSSL. Unfortunately this code has been in widespread use since 2012. Attackers are able to access the secured memory on the server which could contain sensitive information including usernames and passwords and the private master key used for encryption. If the key is obtained it would allow all encrypted information on the server to be unencrypted and read by the attacker.

What does this mean for me?

Unfortunately it is unknown exactly how far reaching this vulnerability was or will be. The only secure option is to not give any privileged information to sites until all the web servers have been impacted. This could mean avoiding online banking, or even avoid signing into facebook if you use the same password there as you do for other sites. It is also possible that hackers have been exploiting this vulnerability for some time without being detected too. Many banks have said that they were not impacted by the vulnerability. Please confirm with your bank prior to logging in.

How the heartbleed bug works.

What do I need to do now?

You should update your passwords everywhere as a precaution. A list of sites where I encourage you to change your password immediately is listed below, but just because a site isn’t listed doesn’t mean you shouldn’t update your password. Remember that you should not use the same password for multiple sites, nor easily guessable variations. Always use a secure password that consists of non-dictionary based words and a combination of upper case, lower case, numbers and symbols if allowed. You should also change your password frequently to ensure no one else has access to your accounts. Finally, if the service offers it you should rely on two-factor (or two-step) authentication. Typically the service will send a text message to you with a code you must use along with your password when signing in from an unknown computer.

Here’s a list of sites that may have been compromised that you should change your password on immediately. Note that it is not known if some of these sites were compromised, but in the interest of safety, please change your password. You’ve probably been using the password for too long there or have shared that password with another site anyway! đŸ™‚

  • Amazon
  • Box
  • Dropbox
  • Etsy
  • facebook
  • Flickr
  • GoDaddy
  • Google, Gmail
  • Instagram
  • Netflix
  • Pinterest
  • Tumblr
  • Yahoo, Yahoo Mail
  • YouTube

Finally, it would be suggested to go ahead and change your passwords again in a few weeks – especially for sites that haven’t confirmed they have patched their servers against the vulnerability. Mashable has a list of websites affected by Heartbleed which can be consulted for a more detailed list.

Stop the Bleeding!

How do you create secure passwords? The best way is with a random password generator. Of course, you’ll need to store all the passwords you’ve created or else you probably won’t remember them. I use and recommend 1Password who is currently offering a 50% off sale. Please see the 1Password blog post for more information as well.