All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Get up to 16x more storage and 2x the speeds of the original drive
Handpicked deals...
$2998 $2498
SAVE $500

$350 $280
SAVE $70

$1598 $998
SAVE $600

$399 $329
SAVE $70

$1069 $869
SAVE $200

$1299 $899
SAVE $400

$1499 $999
SAVE $500

$1499 $1019
SAVE $480

$1799 $1349
SAVE $450

$3698 $2998
SAVE $700

$2397 $1897
SAVE $500

$1199 $898
SAVE $301

$1299 $1169
SAVE $130

$4499 $3999
SAVE $500

$1399 $1099
SAVE $300

$1499 $1299
SAVE $200

$4499 $3149
SAVE $1350

$2299 $1599
SAVE $700

$1799 $1349
SAVE $450

$2998 $2498
SAVE $500

$2199 $1999
SAVE $200

$430 $230
SAVE $200

$3399 $2199
SAVE $1200

$6299 $3599
SAVE $2700

$400 $280
SAVE $120

$1499 $1019
SAVE $480

$1279 $719
SAVE $560

$1699 $1549
SAVE $150

Beware of Phishing Based on Fear of Secret Porn Behavior and Real Password Compromise

See previous security tips and previous phishing posts.

Check if you have an account that has been compromised in a data breach at https://haveibeenpwned.com.

I’ve been getting variants of this email for months, as has my wife.

First email can be spoofed (“sent you an email from your account”) looks that way, but email was designed in an age of naiveté and is easily spoofed. Don’t fall for that claim.

The initial email was specific including a real, legitimate password* that I used 8 or 9 years ago. That the password was real raised a real fear in the instant I saw it—the fear of a real compromise to my computer. But since I use unique passwords for every web site, I was not concerned, just annoyed (you do use unique passwords for EVERY different web site, right?).

Over the ensuing two months, I have received perhaps 30 variants of this email. This latest one lacks the specifics of the original.

* How was that password obtained? By a compromise of a major internet service provider whose incompetence in storing cleartext passwords merits the corporate death penalty along with prison time for the executives.

The hacker was even smart enough to custom-tailor the phishing email with the brand of my router (Cisco). Very scary for the non-expert—how many people have paid up out of fear?

Since it was an old/unused password having nothing to do with my email and since I do not visit porn sites (a very good way to acquire malware) and because I also tape over the security-hazard camera on my Macs, it was clear that the email was extortion with no possibility of harm to me. Still, the specificity was chilling—it was a valid password I had once used at a certain photography site (FredMiranda.com, for not aleshame on themrting me).

The phishing email is a curious mix of helpful suggestions (“change your password”) with amusement (“big delight”), and threats (sending screen shots and videos to everyone) and rationalization for low-life scum behavior (“we all have to make a living”).

The hacker expects you to NOT notice missing details and pay up out of fear. If the compromise were real: (1) which OS?, (2) why not place a new file on the computer, proving its compromise or just encrypt everything (ransomware), (3) which porn site(s) exactly?, (4) no “sampler” screen shots. It’s all bogus—there is zero evidence of any actual compromise.

Don’t fall for it. And since a compromise could happen one day, always backup in triplicate. Not one, not two, at least three (3) backups.

Best practices follow.

Phishing email exploiting a compromised password (a legitimate one)

Best practices follow

This is not an exhaustive list.

  • NEVER use the same password for more than one web site or anything. Nor similar variants, e.g. MyDogEatsCats and MyDogEatsCats2 are (excuse me for being blunt) idiotic choices. NEVER. It’s just too huge a liability. [Aside: thank you Apple for making it a hassle to enter strong passwords on iOS].
  • A password of “me1234” or whatever might be easy to enter and is a strong tempation on an iPhone, but it sucks. Don’t do it. Use a mix of letters and numbers and punctuation at least 12 characters long and/or use a password manager so you don’t even have to know what the password is (have it generate 30 or 40 character random passwords for most things).
  • Don’t visit porn sites. Besides the obvious, they are magnets for malware.
  • Do not downoad “free” copies of commercial software. You’re a thief if you do, and you’re likely to get a well-deserved malware with it.
  • Backup in triplicate (at least) and keep at least two of these backups offline, not connected to the computer.
  • Don’t run Windoze unless it’s the latest and battened-down with anti-virus.

MacPerformanceGuide.com
View all handpicked deals...

Beats by Dr. Dre Studio3 Wireless Bluetooth Headphones (76ers Blue / NBA Collection)
$350 $280
SAVE $70

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__