LastPass Clients, Watch Out For This Phishing Scheme

monochrome photo of two people having a video call

I, along with many, many others, was affected by several of LastPass’s data breaches. So, earlier this year, I shifted over to another product.

So, when I saw this in my email the other day, my suspicions were raised.

Besides no longer being a LastPass customer, the sender’s email was a huge red-flag.

Ah, there’s a link! I always recommend people do in these circumstances is hover over links in email. In the lower left-hand corner, you can see the actual link. *Note, this is not a a LastPass site.

I’m quite confident that these hackers got my information from the dark web, but found that I’ve changed all my passwords, as well as shifted away from LastPass. It’s a rather convincing email phishing for information.

So, I wanted to share this for a few reasons. Mainly, for my fellow LastPass breachees, watch for these sorts of scams. Hackers can use information in multiple ways, not just with accessing your sites with stolen credentials. Also, there are some good tools to use in any suspicious email. My main advice: never click on a link unless you’re 100% certain it’s valid. Reach out to the send via phone/text if you’re in doubt.

Anyway, be wary my friends. If you’ve ever been part of a data breach (is there anyone who hasn’t?), expect that the information collected will be used against you.

Microsoft Security Issue

woman in black hoodie holding a bank card

Over the past few days, I’ve been receiving multiple emails from Microsoft’s Account Team with single-use codes. At first, I assumed that my son or wife was trying to access the account. And the folks at Microsoft added the text “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” But I started to get concerned as the number of these messages increased and no one said “hey dad, I can’t get in the Office”. Finally, I decided it was time to figure out what was going on.

So, I first logged into my Microsoft account (account.microsoft.com) and went to the security panel. From there I opened “View My Activity”.

What I saw alarmed me. There multiple attempts to log in from places like Vietnam and Guyana.

Now, I was pretty confident in my account’s security. I update my password regularly and use a strong password. And when I looked at the “session activity” it states that “incorrect password entered”. Which seems pretty solid. I’m pretty sure that an old password has been leaked from a data breach and is in some list available on the dark web.

But I think it’s not adequate. Exploring further, I realize that I had not yet enabled two-factor authentication, nor connected it to my authentication app. So, I fixed that promptly. I firmly believe everyone really should do these steps for all their account. Do you know where to do that? I thought I’d help out by adding the steps.

One enables that from the Advanced security panel.

I encourage all of you to make sure your security settings are using the most up-to-date protocols:

  • Multifactor authenication
  • Authentication Apps
  • Pass Keys

Also, I opted to sign out of EVERY app. Yeah, it’s a bit of a pain, but I don’t want to have my information compromised. I like that I can do that from the control panel.

Anyway, we really can’t be too safe on today’s internet, can’t we?

Have you seen a spike in Microsoft Single Use Code emails that are not from you? Let me know in the comments.

Spam Job “Opportunity” of the Day

young woman in front of the entrance to the building

Fandango, a fellow WordPress blogger I follow, regularly posts “Spam Comments of the Week” (his most recent as of this post is here). I was reminded of that by this job “offer”:

My first thought was “do people STILL do this”? Does any company want the liability considering how people have been shot going to the wrong house? I mean, look at this list (3 of 495,000,000 results from Google).

So, no…NO I’m not going door-knocking…even here in Seattle. Even forgoing the tales of violence, I’m an introvert. The thought of knocking on stranger’s doors is pretty close to my vision of the deepest pits of hell.

Stepping back a bit, I also wonder about the efficacy of this as a marketing strategy. What sort of conversion rate do you see with this work? I doubt it’s out of the single digits. Perhaps it’s not actually “sales” but political doorbelling (tis the season, after all). But that should be clearly disclosed.

Anyway, I’m lucky that all I need to do in this situation is spend a few minutes puzzling, then move along. I’m OPEN to new opportunities, but do not NEED a new job at the moment. And, with that, it’s time for me to move along.

Musical Interludes Over This Week

person doing tricks on cassette tape

Music plays a huge part in my life. One of my “gifts” is the ability to tie pretty much any phrase, event, or whatever with a song. I’ve had plenty of opportunities this week.

I’m currently working on a project with the Edmonds Waterfront Center. They have several musical activities over the course of each week. And I can hear these from my office. One of my favorites: a ukulele class. They play a wide range of songs, which often transforms me in place in time. The ukulele is a wonderful instrument that I delight in hearing. With this, I was explaining to a chum about some of the artists who have created albums with the instrument. The two that readily come to mind are Eddie Vedder of Pearl Jam fame and Amanda Palmer.

Eddie has a great ukulele album titled, less creatively (I guess) “Ukulele Songs“. This is, perhaps, my favorite from that album.

Amanda Palmer has written some fun songs for the instrument. This one is my current favorite (FYI, not completely safe for work).

A few days later, a friend of mine mentioned her drink of choice was tequila. That always make me think of this song:

And, yesterday, while seeing article after article about AI, this song popped into my head.

Affiliating songs with events is not something I work at, just natural reflex. The results of my misspent youth, I guess.

Being Strategic With Social Media

facebook application icon

I’ve known people whose business is dependent completely upon a single platform. YouTube is a huge one, but I also see people 100% dependent on Instagram, TikTok, or even Facebook, for their business. I’ve been thinking a lot about that recently.

A friend of mine, due to the LastPass hack, lost access to his YouTube channel. Then there’s the drama over at Twitter, with people being banned from the platform on the whim of Mr. Musk, and I can continue. So, I hope you’ll understand that I highly recommend that you DO NOT rely 100% upon a single platform where you have no control.

Social media sites are great tools for connection, but they’re best for directing people to a website. One you own, you control. Encourage folks to subscribe to a newsletter, or the website. Then, by combining your website with blog posts and newsletters, and you have a very powerful tool to stay connected with your audience even if you’re blocked from a key social channel. Also, if you have a website connected to your social platforms, your audience has a way to find and reconnect with you if you lose access to YouTube, Twitter, Instagram, TikTok, Snapchat, whatever.

I particularly like sites built on WordPress, as it’s extremely portable. Wix, Squarespace, and the like are tied to a single provider, too. With WordPress, I can port my website to another hosting company with relative ease (related: make sure you back up your files somewhere other than on the hosting platform).

Be strategic with your digital portfolio. Be prepared for various calamities, as well as for the eventual falling out of whatever must-use platform the people abandon next. Technologies evolve. Audiences evolve. Platforms evolve. Business sustainability requires you to be thoughtful and strategic.

The Web and the Future

black laptop computer turned on showing computer codes

Ah, web dev! The path of the future! Well, that’s been my thought for the past few years. I believe that web interfaces are a key part of most every software system we’ll be dealing with over the next few years (not sure what I mean by few…but, you know).

With that focus on the future, I want to consider what the future of the web looks like. I’ve explored web 3.0 a little bit, but there’s quite a bit more to wrap my head around. The key parts seem straightforward: immersive experiences and dispersed architecture. How much of that is the “metaverse”? What’s the role that blockchain will play? That is quite hard to glean right now.

As with any frontier, there’s a lot of uncertainty. There’s a lot of risk. And, let’s be fair, a lot of fraud/snake-oil/charlatans. But there’s also great opportunity. Discerning between the two is the challenge. And those that get that figured out the earliest will reap the greatest rewards.

Cybersecurity Podcasts

person in black hoodie hacking a computer system

Cybersecurity is not a main focus of mine, but it is something that I have an interest in: it impacts my work as a web developer and project coordinator. Earlier today a friend and I had a brief discussion about the news. We both stated we get much of our tech news via podcasts. Then we had the idea of creating a list. So, here is the summation of our brief discussion.

If you have ideas or additions, please let me know. I’ll update this list as I discover more.

Some Thoughts On GaryVee’s “The Power of Gratitude”

black android smartphone

Lately, Gary’s videos and podcasts have given me lots to think about. I really appreciate his focus on thinking higher. Why are we doing what we do? Why are we pursuing whatever goals we have?

I’ve long held that gratitude is critical to living a good life. Thus, I think he’s spot-on here.

It’s roughly 4 minutes and think it’s well worth your time.