Over the past few days, the news that a large provider of mass email services for many companies (including some big, big names) was hacked, and names and email addresses of subscribers were pilferred. A few of the companies that have contacted me are Disney Destinations, Chase, Capital One, BarclayCard. I’ve actually been contacted thus far by seven different companies, and I suspect that others might email me to give me a heads-up as well.
There are of course two different issues here. One is that this opens your legitimate, and often protected email addresses to more spam. But even worse, the fact that name and email combinations were leaked also means that some very clever phishing attacks can be expected. In case you aren’t familiar with that term, a phishing attack is when an email looks like it comes from a legitimate provider (perhaps your credit card company), and even is personalized to you. But in fact, the email is from a hacker trying to gain personal information from you. If you click one of their links and put in your userid and password, you are likely giving them full access to your account for that provider. So there are a couple of reminders here:
- Never click on a link from an email and enter a userid/password from that link. Always go to your browser and type in the URL for your provider yourself. Some of these links could look very real. For example, you might get a www.capitol-one.com address (notice the misspelling and hypenation), when you should have been going to www.capitalone.com. So never, ever put in a userid and password on a location that you do not know and trust to be true.
- Don’t use the same password everywhere you go. Now I know, this is a hard one, because we all want to make our online lives easier. So you might just need to come up with a “standard” password that you use and have a way that you can remember to customize it for each site. For example, have a password that you like and replace the 4th and 7th character with a two character representation of the site you are visiting, etc. However, if all of your online passwords are the same, all a savvy hacker needs to do is get to one of them to have the means to hacking all of your online life!