I just want to update everyone on what's going on with the list due to an
obvious scam message sent to everyone a couple days ago.
I generally put the list on emergency moderation after seeing this message
sent to our membership (we've seen several in recent months). Moderation is
generally not due to the first message, but from the dozens of members that
might send messages out to every 3000+ member trying to figure out what is
up.
This is NOT something that I look forward to, but that I do from time to
time based on messages that I see posted. At this time there has not been a
huge reaction to a very obvious scam message. I take this to mean that our
membership has become fairly sophisticated and knowledgeable on hackers and
their evil ways (hooray!).
Firstly, you may have seen the somewhat infamous "I was mugged in the UK and
need help" message (yeah...right?!?). Our list will continue to see these
types of scams from time to time as will every person with an email account.
This type of message will get posted to all Mosaic members unless we are on
emergency moderation.
Please continue to be smart enough to delete and ignore this type of absurd
posting. Please NEVER reply to the ENTIRE list with your questions or ideas
on this type of uncharacteristic post.
In fact, PLEASE DO NOT EVER RESPOND TO THESE ABSURD MESSAGES.
(sorry for shouting)
Yes, I know we all want to help a member, colleague or student, but these
types of messages are NOT from people we know or are connected to. The
message is from a scammer who hijacked the person's email account.
SENDING AN EMAIL MESSAGE TO THE SPECIFIC PERSON IS NOT A GOOD IDEA.
(I don't usually shout, but wanted your attention)
This person's "hijacked" account sends messages out to every contact and
group in the hijacked address book. It then puts a forwarder or automatic
response onto the account. Even if you respond privately, you'll likely see
another "phishing" message even from the person. So in trying to "help" a
colleague, you might be perpetuating the scam (ouch and double ouch!).
The person's account is likely "hijacked" meaning that the owner is locked
out from reading and replying to a message(s) or changing anything at all.
So by replying to the message you potentially increase the effect of the
hacker. None of us wants to add to the hacking effect!
If you know the hijacked person personally, then a PHONE CALL is likely the
best method. Otherwise, please ignore this type of message and move on with
your life. You are not responsible for the hack and you do NOT want to add
to the hacker's effect.
WHAT DOES IT MEAN TO ME???
Personally I don't think Mosaic members are at a lot of risk from this type
of message. Do NOT reply to the ENTIRE list or even the person when you see
this type of message. Delete any suspicious message that is out of character
from a person or group and NEVER click on any link from a suspicious
message.
I'm old and on the AARP list, so those of you without grandchildren please
do not be offended when you view a reference to the "stranded in UK" scam at
this AARP URL:
http://tinyurl.com/23fs43q.
WHAT DO I NEED TO DO TO BE SAFE?
My advice is to have a solid, secure login to your email. Many people use
something like a pet name, a birthday, a spouse, or hometown, etc. You
should have secure and "hardened" password (ie. HkX*qB7v3#&lL). These types
of characters are somewhat hard to "crack" and tough to compromise. The
problem is that they are also hard for a normal person to remember.
Be aware that hackers get clues by the annoying password clues that an email
ISP wants you to provide (what is your pet's name, what high school did you
graduate from, etc.). In many cases the absurd login questions actually make
it easier for a hacker to guess your profile answers.
BE DILIGENT. BE DILIGENT. BE DILIGENT.
If something sounds suspicious then take a minute and search Google using
key words from the message and adding "email scam". So check the results on
a Google search from "stranded in UK email scam" at:
http://tinyurl.com/26trtc8
If your provider wants a clue to pet, then don't give them the name "rover
or spot". When a provider wants account a clue on pet name, then you know
that the answer is "I$or$6qqZqzX" (not in any way related to the question).
In other words, be smart enough to know that the clue to your password is
not in any way related to the actual password.
I work with teachers in a small school and at least 50% of the time I can
guess their passwords given a couple minutes (of course I get to see
pictures on desks). Don't use the obvious and be creative and use "hardened"
passwords. Yes, I know that this is not easy, but also know that I'm
changing my passwords as I compose this message.
If you're still reading, please know that we are now off emergency
moderation. This mostly due to our members' restraint at replying to a
member that was (ahem) "stranded and in need of financial help in the UK"
(as if...!?!?!?).
Thanks for listening and I continue to advise everyone to be diligent in all
forms of online communication.
Keith Mack
Web Administrator for Mosaic List
[email protected]
- - - - - - - - - - - - - - - -
If you're still reading know that I got a "forwared" email on how to detect
stroke in older people a couple days ago. It seemed to be legit.... but...I
was feeling a bit used..
Being one of the (ahem) older people referenced in the alert, I wanted
belive that all the indicators were valid.
My suspicion was alerted by closing line in the message that "If everyone
forwards this info to 10 people then thousands of lives will be
saved"...(yeah...right...as if?).
So, I checked the message's key words and added "email scam" and found the
info to be legit...who would have guessed!?!
My final two words....BE DILIGENT.
My final words beyond my (ahem) final two words:
Don't get caught up in alarmist messages. Keep everything in perspective.
Better "safe" than sorry...especially in online communication.
- - - - - - - - - - - - - - - -
>From some Star Trek episode...
"fool me once shame on you...fool me twice, shame on me."
_______________________________________________
Mosaic mailing list
[email protected]
To unsubscribe or modify your membership please go to
http://literacyworkshop.org/mailman/options/mosaic_literacyworkshop.org.
Search the MOSAIC archives at http://snipurl.com/MosaicArchive.
