Is there an easy way to check for breached passwords?

Yes there is.

If you use Troy Hunt's "Have I Been Pwned" website, and you put in each of your email addresses, Troy's site will tell you who has "given away your password" in a data breach, when it happened, and what information was disclosed.

Any passwords that have been breached are no longer safe to use in connection with your email address (as that email / password combination will be for sale in "breach lists" on the dark web) and need to be changed immediately.

Have I Been Pwned website

https://haveibeenpwned.com/ 

 

Chris Moody

#TheAntiVirusGuy - Keeping your computers virus free 

#ThePasswordGuy – Making online passwords easy

 

-- 

Mobile:          07852 159092

WhatsApp:     07852 159092

 

A bit of info about me:

💻 Helping Entrepreneurs, the Self Employed Sole Traders and Small Businesses  manage their online passwords and keep their computers virus free

💻 Really good Anti Virus (SentinelOne £16 or ESET £8)

💻 Secure Data Backup
💻 Fixing the pain of remembering passwords

💻 #MHBuzz Ambassador

 I received this scam email last week. It was so clever, I thought it worthy of a blog post.

I've included a screenshot of the email. So let's analyse it.

1. The subject is designed to create an emotion and urgency (Oh ****, someones hacked my HMRC account, I better do something quick).

2. The first word of the subject isn't capitalised. Those that don't pick up on this, are more likely to fall for the scam. It's a deliberate filter.

3. If you look at the details of the sending account (circled), it's not coming from a government domain. That's a big clue. The domain is registered to a UK based company so I'm guessing their email has been hacked.

4. If you hover over the "log in" hyperlink (circled) it's also not a government website (it's claiming to be an educational site in Poland), and if you followed the link it's running some php code.

I'm sure this scam will have caught out quite a few people.

The point of this post is; never click on web links in emails without checking the senders email first, and checking the destination URL by hovering over it.

 
Chris Moody
#TheAntiVirusGuy - Keeping your computers virus free 
#ThePasswordGuy – Making online passwords easy
 
-- 
Mobile:          07852 159092
WhatsApp:   07852 159092
 
A bit of info about me:

💻 Helping Entrepreneurs, the Self Employed Sole Traders and Small Businesses  manage their online passwords and keep their computers virus free

💻 Really good Anti Virus (SentinelOne £16 or ESET £8)

💻 Secure Data Backup

💻 Fixing the pain of remembering passwords

💻 #MHBuzz Ambassador

 Do you backup your Microsoft 365 or Google Workspace data?

Do you use Microsoft 365 for your emails and file storage? Or maybe you use Google Workspace instead. Both are brilliant applications. But do you back it up?

Let’s take Microsoft 365 as an example. 

In their own service agreement, that every user has agreed to, in section 6b Microsoft say:

6b. “We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

So there you have it, right from the horse’s mouth.

It’s your responsibility to backup your emails, files, calendar entries, contacts, Sharepoint & Teams sites. 

Microsoft clearly state that if there is an outage, your content and data might not be there anymore.

And they recommend you back it up using third party apps or services.

Google Workspace and Dropbox is the same. It’s your job to back it up, not theirs. 

If you want to backup your Microsoft 365 or Google Workspace data, get in touch and I’ll sort it all out for you with a UK based secure backup solution.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £8 per month) 
💻 Secure backups of cloud data

💻 Buzz Ambassador 

 #CyberSecurityHintsAndTips - Passwords need

to be different for every online account.

We all do it, we reuse passwords. And we do it because it's hard for us humans to remember lots of different passwords.

We often have four of five passwords that we use across all our online accounts. Or alternatively we have one password, and we have a "system" where we add a couple of extra characters on the end to make it different (e.g "fb" for facebook, "li" for LinkedIn, "am" for Amazon, "pa" for Paypal).

But the cyber criminals love that, as it makes it really easy for them.

The criminals buy lists of breached usernames and passwords.

For example, the might buy the 2019 Canva breach list; 137 million users email addresses, geographic locations, names, passwords, and usernames. If you used Canva in 2019 it's very likely you are on that list (including your password).

The cyber criminals now have your username and password for Canva from 2019. But they are not interested in your Canva images.

They are working on the basis that you have used the same email address and password elsewhere. So they try that combination on Ebay, and Amazon, and Paypal, in fact anywhere they can possibly gain access to your credit / debit card or bank account.

They also use the same password to try and hack your emails.

And very often they strike lucky, because we have reused passwords.

My advice is to start having completely different passwords for each online account.

You can get a very good password manager such as Bitwarden for free, although I recommend the Bitwarden Personal Premium version for ten dollars a year. This password manager will generate passwords, remember them, and fill them in, so you never have to think up, remember, or type in a password again.

Or if you are anti password managers, get a notebook, and write the passwords down in that (but make sure you keep the notebook safe).

The important bit is to stop reusing passwords.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £8 per month)

💻 Buzz Ambassador

 #CyberSecurityHintsAndTips - Use Two Factor Authentication
(2FA or MFA) on online accounts whenever possible.

Two factor authentication adds an additional layer of security to your online accounts. To gain access to your account you need to supply a second form of authentication (the account password being the first authentication method).

Usually this second authentication method is on a separate device, usually your mobile phone, but you can use a Password Manager for your 2FA codes.

This means if your password becomes compromised, your account is still secure as the hacker / cyber criminal will not have access to the second authentication method (unless they physically have access to your mobile phone).

It's a bit like having two locks on your front door, one with a key and the other with a combination padlock (and the combination is changing regulary).

Without stealing both the key, and the regularly changing combination to the padlock, the burglar cannot gain access to the property to steal your belongings. Having the key, or the combination, isn't sufficient, you need both.

This second method of authentication usually takes the form of a six digit number that changes every thirty seconds (so even more secure than a combination padlock). Unless the cyber criminal has access to the device that generates these six digit codes, in addition to the account password, they cannot gain access to your online accounts.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £8 per month) 

💻 Buzz Ambassador