YAHOO REPORTS ADDITIONAL ATTACK
Articles suggest the most recent attack(s) may have compromised 300 million
user accounts. It is recommended that members change their password on
Yahoo! accounts they may hold whether they are in active use or not.
BANK HIT BY RANSOMWARE ATTACK
Articles suggest these attacks are more targeted to Banks. Possible reasons:
- they don't want to report the attack to regulators so they will pay ransom
- this requires the purchase of BitCoins which drives their value higher
- one small bank in the US recently indicated they would wipe all of their computers
clean and reload from backups and refused to pay the ransom demands.
- the use of BitCoins reduces the risk of capture from the financial exchange
IT'S CHRISTMAS TIME AGAIN AND THE BAD GUY'S WANT YOUR MONEY
While Christmas has come and gone, the Bad Guys may not pay much attention to
what scams are run when as any day is a good day to get free money.
While not exclusive to holidays, scams can come in many different types of e-mails
ranging from soliciting money for poor children, stolen luggage and need money to
get back home, an opportunity to get millions of US Dollars stolen during Middle East
money transfers, Bibles for Iran, and on and on and on.
VOICE IS NOW PART OF THE SCAM
Companies are moving towards voice identification versus PINs or Passcodes as a
more reliable identity validation process. Avoid from answering the telephone by
using the word "Yes". Yes is the frequently solicited response by people opening new
accounts over the telephone with automated systems. Along these lines, also avoid
from giving your first and last name until you know your caller.
Use the standard practices to "sniff" out these scams such as:
- if a friend is in trouble, why do they not mention your name in asking for money?
- if a package has been lost, damaged or delayed, why do they also only have my
e-mail address and no other information about me except in their attachment?
- if this is a government agency or court, why is everything in their attachment?
- if this is the IRS can only contact by US Mail ... e-mails are illegal.
- if this is an award from a large multi-national US based corporation, why are they
using a personal e-mail account in a foreign country?
- why is this well known company not including their logo in the e-mail?
- when hovering your mouse over all links and text, does everything contain the
- if this is legitimate, why must I transfer Bitcoins to them at a strange address?
YAHOO! SECURITY BREACH & DISCLOSURES -- IMPORTANT NOTICE
UPDATE: 2017-02-23 - We have not seen anything from Yahoo! or Verizon on
UPDATE: 2016-10-05 - New reports indicate Yahoo! may have agreed to
UPDATE: 2016-09-30 - Business Insider reports former Yahoo Insider
If you had a Yahoo! Account PRIOR to 2015 you need to change your password,
even if you used a Non-Yahoo! ID for your access and/or e-mail with The CT
It was reported that:
b) Group E is believed to have stolen more than 2 Billion records from about a
c) Per the Wall Street Journal, Date of Birth, Phone Number, and ZIP Code was
d) As of Sept 9, 2016, Yahoo!’s securities filing for the pending sale to Verizon
e) Yahoo! indicated passwords were cryptographically protected. The Wall
f) InfoArmor believes the database was taken from Yahoo! prior to Dec 4, 2014
g) It was reported the Yahoo! database was sold 4 times: to groups called
Information on Passwords and creating Strong passwords
CREATING A STRONG AND EASY TO REMEMBER PASSWORD EXAMPLE
The example below uses 28 characters of a song lyric, commas and periods
As a good rule, never ever use less than 10 characters today and the more the
Password security strength is actually very simple:
4. Some of The Bad Guys are professionals on a thrill seeking event. Others are
If you want a strong password that is easy to remember here is a process you
a) Think of a song you know the words to but don’t go around humming or
b) Take a few lines of the lyrics and write them down on paper using upper
c) Take the first letter of each word, including capitalization, and write it on
d) Replace lower case “o” with the number zero, replace a period with the
e) This password, most likely, will be significantly more secure than what you
f) SO HOW STRONG IS THIS PASSWORD / HOW DO I DETERMINE PASSWORD
28 letters, numbers and special characters in your new password.
Personally, I sleep very well with passwords like this.
TAKE AWAY ITEMS FOR YOU:
3. IF YOU USED AN ID WITH YAHOO! AND USED IT OTHER PLACES, CHANGE
It is unfortunate we are all going through this process.