The recent news of the Yahoo breach and leak of hundreds of millions of passwords, names, dates of birth, and other
personal information has led to headlines across the country. Understandably, given Yahoo’s popularity, people are worried. Especially as a summer dominated by news of leaks, hacks, and foreign intelligence agencies with nefarious agendas comes to an end.
Given that reports suggest that the initial breach of this data occurred in 2014, one of the primary concerns about this type of data dump are password reuse attacks, where cybercriminals take previously compromised credentials and use them to break into accounts on other platforms where the victim used the same username/password combination. It’s only a matter of time before criminals use the credentials leaked in the Yahoo breach to attempt to compromise other accounts, such as financial accounts or social media profiles.
What can someone who is concerned with their online security do?
- Change your passwords regularly. Use memorable calendar dates to remind yourself, like the recent change of season, or New Years and the Fourth of July.
- Aim for a passphrase, not a password. One song verse of four lines, gives you four long, complicated, multi-character and symbol passphrases that are easy to remember.
It’s a beautiful day in this neighborhood,
A beautiful day for a neighbor.
Would you be mine?
Could you be mine?...
-Mr. Rogers, Neighbor, TV Host, Passphrase evangelist
- And, most importantly, watch out for phishing attacks. Criminals can most easily turn your personal information into cash and they want that information in bulk. They’ve found the best way to do this is to trick you into sending it right to them. By sending legitimate-looking messages via email, SMS, or social media that link to phishing websites, they hope you’ll enter your information and click submit.
How can you take further steps to stay vigilant?
- Be suspicious of any requests for personal information. Any. Especially if it’s marked urgent.
- Learn what the online financial services you use will and will not ask for.
- Confirm with whatever company appears to have sent you the email for its legitimacy.
- Watch for trends. Popular news items make for effective phish bait. Scammers will use the fear generated by the recent Yahoo leak to get current usernames and passwords. Watch out for unsolicited emails about account breaches, always verify.
Interested in fighting back against attacks targeting your customers or account holders? Learn more about our Anti-Fraud services.
Interested in fighting back against attacks targeting your employees? Learn more about our T2 Spear Phishing Protection services.
- Webinar: Evolving the Fight Against Phishing
- Download: The 2016 Phishing Trends & Intelligence Report
- Webinar: Fight Back - A Better Way to Stop Phishing and Online Fraud