Another Security Breach – LifeLock

LifeLock customers may be at risk for phishing attacks, A bug on one of the firm’s marketing pages might have exposed customers’ emails.

Symantec, LifeLock’s parent company, fixed the issue and found no indication customer email addresses have been stolen. Still, the company’s investigation is ongoing and it’s smart to be vigilant if you’re a LifeLock customer or former customer.

Here’s What You Need to Know

The LifeLock bug potentially enabled hackers to collect email addresses by simply changing one number in the address of a web page used by customers to unsubscribe from LifeLock communications. The number represents a specific customer and altering it revealed that customer’s email address.

With this type of vulnerability, hackers can potentially gather email addresses and use them to send messages designed to look like they are coming from a legitimate company. This is a practice known as spear phishing.

Before you click on any links in an email make sure it is coming from a legitimate email address from the company.  Better yet, instead of clicking on the link, simply sign into their website from a secure browser and log in with your credentials.

Watch Out For Phishing and Malware Attacks

Scammers often embed hyperlinks into an email that take you to a fake site where they collect your information or load malware onto your computer.

Before clicking on a suspicious link, hover your mouse over it to see what the actual URL looks like. Look for warning signs, such as if the URL doesn’t begin with “https” or the URL goes somewhere other than where the hyperlinked text says it will go.

Whatever you do, do not enter any personal information or credentials via links in emails. Instead, forward any suspicious email to the company itself. You can also call the company directly to confirm whether any such messaging is legitimate.

Here are some additional guidelines for detecting and avoiding spear phishing scams:

1. Check the URL of Any Website Requesting Personal Information

Pull up the organization’s real website and compare the text that appears before the first “slash” (/) in its address.

Look for small differences such as .co instead of .com, “typos” or extra “dots” in the main name, etc. Also, make sure the address begins with https://; the “s” means it’s a secure site and is encrypting your data.

2. Proof for Spelling

Multiple typos or spelling errors could be a sign the email isn’t coming from a legitimate source.

3. Confirm That the Email or Web Address Is Correct

Scammers mimic websites from known companies to fool you. By simply changing just one letter or misspelling a word the fake website looks like the real thing.

4. Look for Attachments

Financial institutions or companies will not send attachments in an email. If you do open an attachment in a spoof email it could allow malicious software to download onto your computer or smartphone.

Protect Your Identity

If you’re worried about your personally identifiable information being out there, you can access your free Experian credit report and run a free dark web scan to find out if information like your Social Security number, phone number, or email addresses are on the dark web.

If you suspect you are a victim of identity theft, you might want to file a free initial security alert that remains active on your account for 90 days at the Experian fraud center.  This fraud alert will notify any lenders pulling your credit report to take extra steps to verify your identity.

Unfortunately, fraud alerts do not completely block access to your credit reports. If you feel that your personal information has been compromised, you might want to consider freezing your credit reports, which prevents lenders from issuing new credit in your name until you authorize an unfreeze.

Until next time,

Megabite,