Monday, July 25, 2016

US Democratic National Committee Emails Hacked - Is Your Email Account Safe?



Today, as 19,252 emails of the US Democratic Committee were made public by Wikileaks, I was asked by some of my clients how they can keep their email accounts safe.

1. Downloading File Attachments -- If you don't know who the email is from, do not download the email attachments. This includes .RTF and .PDF file attachments.

2. Microsoft Windows Users / Spear phishing -- If you are a Microsoft Windows User, some of the computers in the DNC were more than likely compromised in an exploit called spear phishing. In a spear phishing example, an email is sent from a compromised trusted email account and a .RTF attachment file when opened created a registry key with a .dll file. To help deter this type of spear phishing, it is recommended you keep your virus checker up to date and notify your IT Department if you inadvertently open an attachment you think might be an attempt at spear phishing. Some   common types of spear phishing are password change notifications from Microsoft Live and Paypal.

3. Yahoo / AOL Accounts -- I would not recommend anyone use Yahoo or AOL Accounts. Google Gmail is much better at detecting and shutting off phishing email accounts. In the DNC case, a staffer used her personal Yahoo account to receive and respond to messages to and from dnc.org email addresses (most likely for convenience.)

4. Gmail / Google Apps -- If you have a business, it is strongly recommended you use a Gmail and/or Google Apps Service. It's $50 per user per year. You can also use Microsoft Office 365 for a business. It is not recommended that you use GoDaddy or your ISP email.

5. Check if Your Email Address is Compromised -- Use this website to check if your email address has been compromised. If it is, change your passwords.

https://haveibeenpwned.com/

6. Different Passwords - Use a different password for every website. You should write-down and securely store your passwords. Using a secure password manager should be okay, but I would not recommend writing down the exact password, use some sort of code.

7. Change Your Passwords - You should change the passwords of your most secure accounts every 90-days or less.


Sources: Exclusive Suspected Russian hack of DNC widens - includes personal email of staffer researching Manafort (by Michael Isikoff, Yahoo News July 25, 2016)

Spear Phishing: Scam, Not Sport (Norton by Symantec)



No comments: