You got one (or more) email notifications saying that attackers have captured your email addresses.
Lots of noise and chatter floating around about this one, but this certainly isn’t anything new. A few measures of caution and you shouldn’t have anything to worry about. Everyone is expecting a fairly huge phishing/malware campaign though, so be at the ready for a ton of spam, clickjacking and other “click my link” type of attacks.
- Places who you’ve asked for newsletters, or signed up for mail will name you directly, not say “Dear User” or “Dear Customer”, or even “Dear <your email>”
- These places will never obfuscate their links with tinyurl or t.co or any other url shortener
- If you’re unsure about the URL they want you to click (be it twitter, or gmail or your bank) manually enter the root domain and navigate yourself – i.e: if you get a phish for gmail.com?owned=yes&gimme=yourmoney and it looks suspect, go to ‘gmail.com’ by hand and see if what happens.
- If you do see messages like that, be sure to report them to the institutions that are being spoofed, send them a copy, and then mark it as spam.
- Places dont ever ‘lose’ your information and ask you for it again. No place ever asks you to ‘update’ your account info.
- For facebook clickjacking attacks – hover your cursor over the video/link/whatever. If the url ISNT facebook, %100 chance its bogus. If it *IS* facebook, copy the url and paste it into google – see if you get any results like “this has been reported for malware”.
- Be smart – with as much spam and malware links as we’re expecting – dont share really stupid crap on facebook and twitter – you’re gonna get marked as spam
Thats it! Just a bit of common sense and caution.
Now move along smartly!