On Wednesday the Internet was abuzz with news of a Wisconsin security firm obtaining a database of 272 million e-mail addresses, with their associated passwords, from a Russian fraudster.
How did a cyber criminal get his hands on the e-mail addresses and passwords?
Easily, by using the same phishing tricks that we regularly warn you about – using an e-mail, warning you about upgrades to Outlook and that you must “CLICK” on the link to activate the upgrades or your account. Victims literally give their e-mail address and password to the fraudster.
Several of our colleagues were fooled by the mail and did actually go to the site and unwittingly gave their details to the scammers. Luckily, we were able to help them quickly to undo the damage.
However, in retrospect, a deeper problem was picked up:
The stolen passwords and email addresses from the Russian database, which included Gmail, Yahoo and Russia’s mail.ru accounts, were not hacked directly from GMail or Yahoo but they had been taken from various smaller, less secure websites where people use their email addresses along with the SAME password to log in.
Those people who tend to use the same password for multiple sites as well as their email are at risk and should change their email password and avoid using “one password for everything”. It is like having a master key for every lock on your house. If that key is stolen then burglars can get access to every locked door in your house using one key!
Secondly, if you suspect your e-mail password has been compromised and you change your password, it should always be changed to something COMPLETELY different. In other words if your password is for instance “Christopher123”, then changing your password to “Christopher124” is not good enough that change is easily guessed.
If you have a Gmail or Yahoo account and are concerned that your e-mail address is possibly on the Russian database, then you can go to the following links: (they are safe as they do not ask for passwords)
http://securityalert.knowem.com/
https://haveibeenpwned.com/
[ARTICLE BY DAVID WILES]