Not a poem: malware warning

[dcmarti1]

Sorry to bear bad news, but I got an e-mail with my password to this site and a bitcoin ransom. It threatened my messenger, facebook, and e-mail contacts. I do NOT even have messenger or facebook, but the p/w was correct for THIS site. I do not store my e-mail locally, only on the web. I did change my p/w for THIS site. My gmail p/w is NOT the same.

You MIGHT want to change your p/w for this site. The e-mail I got was from Joseph Clark whose domain was "egyptnow.com".

 

[tonyv]

Marti, thanks for the heads-up. It’s unlikely the site is compromised, but I’ll certainly be on the lookout for anything strange. I hope your computer is ok.

Enabling two-factor authentication wherever possible could help. The one we’re using is simplistic (a security question), so an attacker would have to know the answer to your security question even if he knew your email address and password, but if there’s already a key logger on your computer that you don’t know about, an attacker would probably get the answer to your security question also. I think the “Google Authy” app is available for two-factor authentication. I’ll look into it later today, but I’m not sure if that’s freeware or a paid option. Please keep us posted. 

[tonyv]

PS — hopefully it was a ruse to see if you’ll just pay, and nothing happens. 

[tonyv]

Okay, I just enabled "Google Authenticator":

Whoever wants to can go to the Google or Apple app store and download an application that will send a one-time code to his smartphone whenever he goes to log in to the site. Of course, you should always change a compromised password when you find out about it, but this will hopefully help if any unauthorized person should learn your password. (You'll also have to allow Google Authenticator in your site two-factor settings for it to work.)

[tonyv]

UPDATE:

I opened a support ticket just to be on the safe side. I included the text from Marti’s and my posts (along with some additional questions I won’t reproduce here) and received the following reply:

“Hello,

Our networks are of course protected, as you would expect from a cloud based product. As you mention yourself there, the likelihood here is that the user themselves have been compromised. We do advise on using 2 factor authentication on accounts to ensure that even if one password is compromised for some reason, another method of authentication would fail, such as authy, google authenticator etc.

There is of course the other aspect here that if someone were to attack your site, they would not be targeting only one single user, as it would not make sense to do so.”

So, I hope everyone is having a good summer. I’ll be on here more tomorrow and/or Friday to enjoy your recently posted poetry and catch up on some replies. 😀

[dcmarti1]

On 7/7/2021 at 9:29 AM, tonyv said:

PS — hopefully it was a ruse to see if you’ll just pay, and nothing happens. 

So far, it appears to have just been a ruse. The password IN the email was disconcerting, though. I did learn about:

monitor.firefox.com

It will tell you if your data (email, password, profile) has been in a "breach".

Thanks, as always.