LastPass Clients, Watch Out For This Phishing Scheme

monochrome photo of two people having a video call

I, along with many, many others, was affected by several of LastPass’s data breaches. So, earlier this year, I shifted over to another product.

So, when I saw this in my email the other day, my suspicions were raised.

Besides no longer being a LastPass customer, the sender’s email was a huge red-flag.

Ah, there’s a link! I always recommend people do in these circumstances is hover over links in email. In the lower left-hand corner, you can see the actual link. *Note, this is not a a LastPass site.

I’m quite confident that these hackers got my information from the dark web, but found that I’ve changed all my passwords, as well as shifted away from LastPass. It’s a rather convincing email phishing for information.

So, I wanted to share this for a few reasons. Mainly, for my fellow LastPass breachees, watch for these sorts of scams. Hackers can use information in multiple ways, not just with accessing your sites with stolen credentials. Also, there are some good tools to use in any suspicious email. My main advice: never click on a link unless you’re 100% certain it’s valid. Reach out to the send via phone/text if you’re in doubt.

Anyway, be wary my friends. If you’ve ever been part of a data breach (is there anyone who hasn’t?), expect that the information collected will be used against you.

Microsoft Security Issue

woman in black hoodie holding a bank card

Over the past few days, I’ve been receiving multiple emails from Microsoft’s Account Team with single-use codes. At first, I assumed that my son or wife was trying to access the account. And the folks at Microsoft added the text “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” But I started to get concerned as the number of these messages increased and no one said “hey dad, I can’t get in the Office”. Finally, I decided it was time to figure out what was going on.

So, I first logged into my Microsoft account (account.microsoft.com) and went to the security panel. From there I opened “View My Activity”.

What I saw alarmed me. There multiple attempts to log in from places like Vietnam and Guyana.

Now, I was pretty confident in my account’s security. I update my password regularly and use a strong password. And when I looked at the “session activity” it states that “incorrect password entered”. Which seems pretty solid. I’m pretty sure that an old password has been leaked from a data breach and is in some list available on the dark web.

But I think it’s not adequate. Exploring further, I realize that I had not yet enabled two-factor authentication, nor connected it to my authentication app. So, I fixed that promptly. I firmly believe everyone really should do these steps for all their account. Do you know where to do that? I thought I’d help out by adding the steps.

One enables that from the Advanced security panel.

I encourage all of you to make sure your security settings are using the most up-to-date protocols:

  • Multifactor authenication
  • Authentication Apps
  • Pass Keys

Also, I opted to sign out of EVERY app. Yeah, it’s a bit of a pain, but I don’t want to have my information compromised. I like that I can do that from the control panel.

Anyway, we really can’t be too safe on today’s internet, can’t we?

Have you seen a spike in Microsoft Single Use Code emails that are not from you? Let me know in the comments.

Oh, Lord…LastPass

I’ve used LastPass for several years now. Even through a couple of data breaches. But this latest saga, especially with the, *ahem*, lack of transparency in their communications eroded my trust in the app. After looking over several options (if you’re looking, check out PCMag’s list of Best Password Managers), I opted for NordPass.

With all that, yesterday, this video came into my YouTube feed:

If you’re still on LastPass, why!?

It’s a rather snarky rendition of how LastPass failed in their security controls. Anyway, it reminded me of my frustrations with them. I was willing to turn a blind eye to many of their issues due, well, laziness. Porting to a new provider was going to be a pain the…you know. However, a friend of mine’s information was released in this hack, and it was brutal. This was the tipping point for me, watching the impact of this for a friend’s business.

This finally motivated me to shift to Nordpass. It turned out that the transition was nowhere near as hard as I imagined. So, so far, I find the tool works fine and have no problem recommending them. It’s only based on a few weeks of experience, though. I’ll keep exploring it further.

Anyway, I hope you have great weekend plans.

Cybersecurity Podcasts

person in black hoodie hacking a computer system

Cybersecurity is not a main focus of mine, but it is something that I have an interest in: it impacts my work as a web developer and project coordinator. Earlier today a friend and I had a brief discussion about the news. We both stated we get much of our tech news via podcasts. Then we had the idea of creating a list. So, here is the summation of our brief discussion.

If you have ideas or additions, please let me know. I’ll update this list as I discover more.

Great, Another Phishing Email Scam

Well, a new scam landed in my inbox this morning. Check out the details:

Google docs phish email scam example

This isn’t terribly new. I first saw references last fall (here’s a piece by Wired Magazine from last November: “Beware a New Google Drive Scam Landing in Inboxes“. Now, this isn’t terribly sophisticated, but it’s pretty clever. Now, I don’t have a David Anderson in my contacts, so this one is pretty obvious for me. But that’s a rather common name. Imagine how tempting it would be if it looked like it came from my friend/colleague David.

So, what should you do if you get an email like this? Report it! In most email tools, you can report a message as spam. If you have Gmail, you can report it as phishing, too. It’s pretty straightforward.

Gmail report phishing steps

You’ll see a dialog like this one:

Gmail Report Phishing Dialog Box

Click “Report Phishing Message” and you’re done.

Anyway, this seems as good a time as any to remind everyone to:

  • don’t click on links you’re not expecting. In this case, if I knew a David Anderson, I’d ping him independently of this email thread and ask about it. Do not reply to the email!
  • Make sure you have good malware protection and antivirus software. Here’s a great place to start: PC Magazine’s list of The Best Antivirus Protection for 2021.

And the Google Docs Phishing Scheme Continues

I just got this message from my college (taking an AutoCAD class at Edmonds Community College). It’s the Google Docs phishing scam. You get an email from someone you know that has “shared a document on Google Docs with you”.

Rule #1 with this sort of thing: DON’T CLICK THE LINK!

This has been around the interwebs for some time. The very first of these I saw, I called the sender and asked. And I’m sure you know what they said.

Now, if someone says they got one of these from you, it’s possible your account’s been compromised. It’s also possible you’re being spoofed (someone forged your email address in the “from” spot…it’s pretty easy, actually). I recommend immediately changing your password, since it won’t hurt. You should be regularly changing your passwords, anyway (yeah, yeah…I know…).

Anyway, live your digital life with a healthy dose of suspicion. Trust but verify, and any of a number of other security-esque cliches.

Clearly this is starting to grow again. Here are two articles to explore this fun further (both posted today)

Practice safe computing!

 


 

Subject: “<some name you may recognize> has shared a document on Google Docs with you”

Message:

 

“_______ has invited you to view the following document:”

 

 “Open in Docs” <—– DO NOT click on this link!

————————————————————————————————————————————-

Do not open the document! Immediately mark the email as Spam or Delete it. This is a widespread phishing scam targeting Google Apps. If you accidentally opened the Doc, your email account may be compromised, and your email address will continue to send the scam to everyone in your contact list. Several people at EdCC have already been fooled by this scam, so you may receive this email from someone familiar, such as your instructor, staff at EdCC, or other students.

We urge you to change your password and visit your account security page in EdMail to verify the applications that have access to your data in Google Apps.