Phishing scam prompts Webmail alert
Users of Web-based email services such as Gmail and Hotmail are being urged to update their passwords as a major email phishing scam continues to spread.securitySecurity firm Websense reports a significant increase in spam emails from Yahoo, Gmail and Windows Hotmail accounts. In many cases, email accounts have been compromised and used to send out invitations to visit shopping sites. Details of thousands of Hotmail accounts were also posted online.The invitations are sent to addresses in the address book of the compromised account, and some recipients have responded to them because they appear to come from someone they know. The emails try to get the recipients to divulge information such as passwords. Anyone receiving such emails from familiar senders is urged to check with that person to see whether they actually sent the email.Anyone who may have entered account information in a phishing site should pick a different password immediately. Anyone visiting a Web site by invitation should check that it is genuinely secure – look for the prefix ‘https’ in the address.Some more password advice:• Do change your passwords on a regular basis (every six months or so)• Do use long complex pass-phrases rather than passwords where you can (passwords should be a mixture of letters, numbers, and symbols to minimise the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password. Also, don’t use any personal information in passwords)• Do change all of your passwords if you notice something suspicious• Do take identity theft seriously • Do use up-to-date anti-virus and a firewall• Do NOT click on links in emails, ever• Do NOT use the same password at multiple sitesFor more advice about secure passwords, read the security feature in September’s NetGuide, page 36