SECURITY CORNER:  How to Know If Your Login Credentials Have Been Compromised in a Security Breach

This article is about how to know if your login credentials have been compromised in a security breach and what you can do about it.

As you continue to evaluate your options for using a password manager, and assessing your current security stance, we would like to share an industry-leading security website that tracks company breaches from across the world that will let you know if your email or password has been compromised in a security breach.

But first, let’s define “breach.” A breach is an incident where data is inadvertently exposed. This usually happens because there are insufficient access controls or there are security weaknesses in the software. In either case, it means your personal and/or business information is at risk for misuse.

Where To Check if Your Login Credentials Have Been Compromised in a Security Breach:

To check if your EMAIL has been compromised, go here: www.haveibeenpwned.com

To check if your PASSWORD has been compromised, go here: www.haveibeenpwned.com/Passwords

These web pages will check your addresses and passwords against known data that may have become compromised due to company breaches over the past several years. There is no login required and the web interface is easy to use.

What To Do If Your Login Credentials Have Been Compromised in a Security Breach:

After checking your common email addresses and passwords, if you find that your login information has been compromised, we highly recommend making some changes.  Review your logins and change the ones using compromised passwords to something unique for the specific site. If your email address was compromised, change the password for that email account too.

The best practice for creating a strong password is to include letters, numbers, special characters, and to make it at least twelve characters long.

How to Prevent Your Login Credentials from Being Compromised in a Security Breach:

Also, now would be an excellent time to start using a password manager, like LastPass, to help keep all these new passwords easy to track and secure.

If you would like guidance or assistance in setting up your firm with a password manager, please let us know. Your team at Sorted Solution is here to help.

If you think your login credentials have been compromised in a security breach, take a look on www.haveibeenpwned.com and follow the steps above.

Phishing Scam Notice

An increasing number of clients have contacted us about questionable emails that they are receiving, appearing to come from known contacts they do business with locally. These phishing emails appear to come from known contacts of the client and direct the recipient to the legitimate DropBox web site (See screen shots below). DropBox requests the recipient to download a PDF document, and when clicked, asks the user to enter their Office 365 Outlook login username and password to complete the request.

If you receive one of these emails, please forward a copy to us. We will review the email and direct you to delete it if it is considered phishing. If it is a phishing email and you know this business or contact, this means the sender’s email account has been compromised and you should contact them by phone to inform them. We have also learned the phone numbers in the phishing email’s footer has been changed, so please use a known phone number from your own contact database and use this fact as another indicator of a phishing email attempt.

Here is what to look for:

Clicking on the attached PDF brought them to a realistic-looking DropBox web page.

However, the three items that should make you pause are highlighted below.

  1. The filename listed in the “Attachment Download” box does not match the file name of the attached file in the original email.
  2. DropBox would not know that a file is an attachment. DropBox would actually display the attachment within your browser; or, would use wording like “download file.”
  3. The use of a term like “virus free document” is not something that DropBox would indicate. DropBox does not know if the file is virus free or not. That check is performed by your own anti-virus software on your workstation.

When clicking on the link, you were taken to a fake Microsoft site and asked to enter login credentials to access Outlook. However, as you can see, the address bar does not list office.com. My password manager LastPass (the highlighted icon on the right) does not attempt to automatically fill my office.com credentials because it does not recognize this site, regardless of what I see on the screen. And lastly, you would not be prompted to log into Outlook to open a file from DropBox when you are on the DropBox web site.

Help avoid becoming a victim of having your account hacked or accessing fraudulent sites by clicking on a link in an email you receive. Sorted Solution has three recommendations:

  1. Two Factor Authentication – Setup your web sites and accounts to use a passcode generator like Google Authenticator. Two Factor Authenticator (2FA) programs will randomly generate numeric codes that a user must supply when they are logging into your account, along with a username and password. At a minimum, you could also use SMS to have a text sent to your device from the web site when someone is trying to log in.
  2. Password Manager – Utilize a password manager like LastPass to store and manage your application and web site passwords. When you visit a web site with a password manager, the password manager will match the web site address and auto-fill your login information. If you visit a site and your password manager does not auto-fill the information, you are not be visiting the site you expect.
  3. Ask Us – Sorted Solution is a “no shame zone”. You can always contact us if you are unsure about an email you have received or if you clicked on a link. We will work with you to determine what happened and how to mitigate the possible effects.

If you would like assistance setting up Two Factor Authentication or a Password Manager like LastPass, please send us an email. And as always, if you have questions about suspicious emails you receive or links you might have clicked on, we’re here to help.

Goodbye, Flash

You may have noticed for a while now that Adobe has blocked Flash content from working on your computers and devices, that’s because Flash has officially been retired. Adobe stopped supporting Flash on December 31st and as of Tuesday (Jan 12, 2021) it’s blocking all Flash content. Adobe is suggesting users uninstall Flash Player to help protect their systems as there will be no more security patches moving forward. You’ll find instructions on how to do this, as well as the reasoning behind it here.

Basically, Flash had been on the chopping block since 2017 as it was no longer as frequently used and was being phased out across major web browsers. While the retirement has mainly been a minor inconvenience, it posed a real problem for some people, particularly in the city of Dalian in China — that’s because they were using Flash to run their railroad system!

Slashdot reports commuters were late to work at first but the railroad’s technicians were able to get back up and running using a knockoff version of Flash.

Security Corner: Beware of Fake Emails

We have all seen it, those emails that appear in our inbox that have a subject of “Your service will be disconnected unless you act now,” “Reset your password now,” and “There’s a problem with your account.” Some of these look like the real thing and your instinct might be to immediately address the request but BE CAREFUL. Before you click a link, open an attachment, or respond, to the email, be sure to check a few things:

  • Are there blatant misspellings in the subject line or body?
  • Does the company font or logo not match what you would typically see online from that specific company?’
  • Does the From email address appear to be from a non-company domain (i.e. yahoo.com, gmail.com, outlook.com, etc.)
  • Does the From email address appear to excessively long or doesn’t make sense (i.e. support@client.support.helpdesk.aeafb.intuit.com or support@chase.us.com)

Here’s a real-world example of a scam email:

Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.

The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
The email says your account is on hold because of a billing problem.

The email has a generic greeting, “Hi Dear.” If you have an account with the business, it’s unlikely you’ll see a greeting like this.
The email invites you to click on a link to update your payment details.

While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. This is a phishing email, where scammers are looking to obtain your personal information and can have real consequences.

If this does pass the “sniff” test and you click on a link, and you are sent to what appears to be a company website, but your password manager software doesn’t auto-populate the login, you might be at a scam site. Close your browser, and don’t go any further.

If you suspect you’re the recipient of a scam or phishing email, go directly to the web site from a new browser session and log into your account. Type in the website you know or Google it, don’t paste the link from the email. Banks, credit card companies, service providers will mostly likely send you a notice within your account if there is a problem or if they need something from you. Or, you may call the customer service department of the company and inquire about the request directly.

Alternatively, you can always forward your questionable emails to us at hello@sortedsol.com and we’ll help determine if it’s legitimate or not.

Security Corner: Time to Check Google Chrome is Up to Date

Google has released a critical patch to address new Zero-Day vulnerabilities that can impact Google Chrome. By default, Chrome is set up to auto-update but if when you first installed Chrome you happened to select to manually update, you’ll need to that now. If you’re unsure where you stand, here’s how to check:

  1. Launch Google Chrome
  2. On the top right of the Web browser, click the three vertical dots
  3. In the drop-down menu click Help
  4. Then choose About Google Chrome

If you see a message that reads: Google Chrome is up to date, you’re up-to-date.

If you learn you’re not up to date, then please click the Update option on the About Google Chrome page to initiate the Chrome update process.

Google recently found security vulnerabilities in Chrome and this update patches those security vulnerabilities. It’s important to keep software up to date all the time, and particularly around the holidays when scammers tend to up their efforts. As an aside, please remember to not open any emails, click on links, or open any attachments from people that you don’t know. Also, even if you do know the sender, if something feels off, call or email that person from a new email that you create, to check if they’ve indeed contacted you.