It’s a trap?

Most of us have heard the stories about phishing and sometimes we just cannot believe what people fall for. Yet, it’s important to realize that people fall into these traps when they’ve let their guard down. It happens when they’re in the middle of work or communicating with family. We cannot fault people for this.

Do we really want to live in a world where every conversation must be viewed suspiciously?

Let’s cut people some slack. Yes, they might have missed the warning signs but often those are only obvious AFTER the scam has been identified.

Also, many legitimate emails come to us with the markings of a phishing scam. Take a look at the message I got from Common Sense Media recently.

Let’s go through the “watch for phishing” checklist:

  • Message comes from email address that doesn’t match domain
  • Message is asking users to enter login credentials
  • Links in message point to a URL different than the domain
  • Link takes user to suspicious looking pages

It’s the last two bullets that made me think I was phished. When I clicked the FAQ link I was sent here:

It turns out that Common Sense Media uses Salesforce for their help and support pages. That’s where the suspicious looking commonsense.force.com url came from. Phew.

In the end, I think it is way too easy to blame the people who are phished. What can we expect when some of the tools and tricks for legitimate communication are the same tools and tricks that are used to deceive us.

So, the next time you learn about someone who was duped by phishing, go easy on them and focus on helping them back to safety. They’re already embarrassed. Plus, it could happen to you next.

Your password has been stolen. Are you prepared?

From USA Today:

Zappos, the Amazon-owned shoe and apparel retailer, said late Sunday that more than 24 million of its customer accounts had been compromised.

This week I received an email from Zappos, my favorite online shoe store:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Scary stuff. Now hackers can use a network of computers to crack these passwords and try to login to my other accounts (like Gmail, Facebook, or worse) using the same password.

However, there are ways we can protect ourselves.

First, do not use the same password for every account you use. If one password is compromised, then every account using that password will be compromised. To prevent this, create unique passwords for your accounts. Don’t worry. You don’t have to remember hundreds of passwords. Just invent a pattern for creating passwords that is based on the account you are entering.

Here is an example.

Example Pattern: 56$$-FooD-$$65
(Food = the first four letters of a food that relates to the account I’m entering)

Example password: 56$$-OraN-$$65
(This might be my password for Yahoo. Since Yahoo ends in “o” I chose the first four letters of a food that starts with “o” to take the place of FooD)

Another example password: 56$$-EggP-$$65
(This might be my password for Google. Google ends in “e” and “e” is for eggplant.)

The trick is to make a pattern that is personal to only you.

The second thing you can do is use a strong password. I suggest using a password that is easy to remember but hard for a computer (even a supercomputer) to crack. Consider creating passwords using a password haystack. Please take a few minutes to watch this video to see how (and why) to use password haystacks. Then visit this site to create your first haystack.

People create programs to hack our accounts for a reason. There is money to made from stolen information. This has happen before and it will happen again. Be safe now. Fix your passwords today.