As the book closes on the Class of 2021, we would like to update the community on 2 recent developments:
1) Billions of email addresses and passwords exposed
A few days ago, the largest data dump of exposed email address credentials with their passwords dropped onto a popular online hacker forum. In what is being called RockYou2021, some 8.4 billion email address credentials were leaked and there is no way to know whether the passwords are more recent or older. If you use a specific email address as the username or credential for social media or purchasing or even banking and haven’t changed it in a while, you may wish to take this opportunity to change your password for that account as soon as possible.
https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked
https://bgr.com/tech/data-leak-exposes-biggest-password-trove-of-all-time-online-5930388
To see if a listing for your email address appears in the data dump, Cybernews has set up a web query for you to check.
https://cybernews.com/personal-data-leak-check
If your email credential appears and you haven’t changed that password in a while, you should probably change the password on all sites that use that email as the login. So if you want to be 100% safe, just change the password.
Our recommended best practice for passwords is long but easy to remember. For example (and don’t use this password for anything it’s just an example): Thispasswordisreallylongandeasytoremember2021
2) Ransomware Attacks
Given the high number of ransomware attacks that have recently hit both private corporations and companies responsible for key parts of our nation’s infrastructure, we would like to ask everyone to please remain vigilant for phishing emails.
The numerous ransomware attacks that have hit high profile companies and infrastructure targets in recent times start as phishing or spear phishing emails with the intention of trying to get the user to click on a link or open the file to install the ransomware. These bad actors and grifters continue to flood our email inboxes with fake invoices, alerts, or scare tactics from Amazon, Paypal, Ebay, UPS, Fed EX, USPS, phone carriers, credit card companies, banks, police, three letter government agencies, etc in order to get us to become afraid and do something we wouldn’t ordinarily do. Don’t fall for it, they’re all scams.
REMEMBER, no legitimate email will ever ask you for anything or click on any links or download any files or ask you to verify personal information, account names, or passwords. They’re phishing emails trying to invoke fear so you suspend the logical part of your brain to con you into doing something you would never normally do. These bad actors will try to get you to surrender your personal or private information or do something to infect your machine with a virus by clicking on links or downloading a file that will install a virus or malware.
If you receive a phishing email, please forward these phishing emails “as attachments” to phishing@mit.edu so IS&T gets all the email header information from the whole email.
Normally if you forward an email, it only forwards the body text of the email and not the headers. Most email programs hide the headers since they’re meaningless to most users. These email headers are a record of the path the email took across the Internet to get to your mailbox. IS&T needs these headers to trace the path and origin of the phishing email to locate the phishing source which can enable them to block or mark these attacks as spam going forward.
Here’s how to Forward an email as Attachment in Outlook
https://www.lifewire.com/forward-email-as-attachment-outlook-1173689
Forward as Attachment in Apple Mail: Scroll down to “Forward an email as an attachment”
https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac#:~:text=Forward%20an%20email%20as%20an,Choose%20Message%20%3E%20Forward%20as%20Attachment.
Only forward us a phishing email you’re not sure if it’s actually phishing and you would like us to verify that it’s definitely phishing. If your gut tells you an email is phishing, 99.9% of the time you will be right. If you have any doubt, forward it to us and we’d be happy to verify.
Finally, ALWAYS do your backups! As the recent ransomware attacks have shown, if you don’t maintain any backups and have no data recovery plan, once the ransomware kicks in, you’ve lost access to your data until you pay the ransom.
We never recommend anyone pay the ransom so it’s critical everyone have backups of their files. We recommend all users have at least 2 backups. Mac users should always be running Time Machine backups on an external HD plus either Dropbox and/or manually copying critical files onto a second external HD or Flash drives.
Please let us know if anyone has any questions (there are no dumb questions) and please everyone have a safe, cool, and relaxing summer!