Ensuring your safety

Topic

New Reply

ISSUE 19.14.1 • 2022-04-05 By Susan Bradley MailChimp was compromised by attackers. Here’s what you should know. This is breaking news. An article at
[See the full post at: Ensuring your safety]

Susan Bradley Patch Lady/Prudent patcher

Total of 22 users thanked author for this post. Here are last 20 listed.

stanhutchings, LH, fisher75, rc primak, lmacri, JD, GDR, NetDef, RetiredGeek, WSbfjonas, jlp, DLivesInTexas, John18, geekdom, abbodi86, WScooney0000, OldMainframeGuy, Pim, WSBev25, BATcher

Reply | Quote

Replies

My employer (financial institution) regularly sends us “phishing tests” to see if we’re paying attention to these hazards.   Maybe more companies should do this.   Hearing things like this over and over again is disheartening.    We worry about our privacy with Google and Microsoft; meanwhile, hackers are stealing our credentials with seemingly relative ease.

1 user thanked author for this post.

WSbfjonas

Reply | Quote

Here’s a bit of extra information we didn’t have yesterday. According to several news reports, 319 MailChimp accounts were examined by the intruder, who exported the audience data from 102. It appears the accounts of interest were related to cryptocurrency.

To be on the safe side, anyone with a MailChimp account should submit a support request asking if their account was affected.

 

6 users thanked author for this post.

fisher75, rc primak, DrBonzo, GDR, NetDef, DLivesInTexas

Reply | Quote

Per the release on Mailchimp’s site regarding this incident

…While our investigation is still underway, our initial assessment found that 319 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts. We contacted the owners of all impacted accounts via email. If you have not been contacted by Mailchimp, we have no reason to believe your account has been impacted at this time. …

I added the bolding in the quote above.

The above quote from Mailchimp’s site brings up a question for Will and/or Susan: Have you, as of the date and time of this post (about 4:35 pm Server Time/CDT April 9th, 2022), been notified by Mailchimp as described in the quote from their release above?

Reply | Quote

Susan, This is timely information for all.  I get so much spam email that I cannot tell a phishing spam from the MailChimp hack from a generic phishing spam, a sad commentary on how vulnerable we all are, despite all the patching of Windows and the brave, new more secure Windows 11.  We, ourselves, cannot be patched and we don’t have TPM 2.0 or Secure Boot in our brains.

My advice to most anyone who asks me about anti-virus, anti-malware or anti-computer-anything is that the best malware defense is between one’s ears.  We all have to use this defense.

Reply | Quote

Susan,
At 8:43 AM Eastern time today (April 5th) I received this WhatsApp message:

Dear. You are invited to join the “Bitc0in” analysis group and join in the investment plan and earn 500-5K usd a day. Reply “1” and long press the link to join.
Link removed

This was from no one in my contact list and may have come from the MailChimp breach.
Stu Berg

Moderator memo: Link removed to be on the safe side. Note: It did not show positive on VirusTotal. Please do not post a link from what you think may be spam/phishing email.

Reply | Quote

You have posted a link to potential virus stuff and it’s live.

To all, don’t click on the link. I haven’t clicked on the link and I advise you not to click on the link either.

To moderators, please remove the link.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

For Moderator only,
I’m very sorry for posting that link.  It was accidental.  I will try not to do that in the future.

It was only because Susan Bradley posted “The phishing is reported to be about crypto, so that’s at least one warning sign.” and then I received that WhatsApp message that appeared to be spam (i.e. “Bitc0in” with a zero instead of the letter “o”).  I’m very sorry that I didn’t run the URL through VirusTotal.  It won’t happen again.
Stu Berg

2 users thanked author for this post.

rc primak, GDR

Reply | Quote

“Apparently, MailChimp employees don’t read our newsletter, where I constantly harp on the importance of not clicking, not opening email attachments, watching text messages carefully … do I need to go on?”

Question regarding the above, the answer of which might be useful to everyone:

I use Outlook for my email, and when you say not clicking, in order to delete any email, it has to be clicked on (bringing up the preview). Does that count as opening the email? Or are you supposed to right-click on suspect emails and select junk mail in their un-read state?

Reply | Quote

WSameridan wrote:

Does that count as opening the email?

I am unaware of any current threat vectors associated with previewing or opening an email (this was a problem in the past). I use Outlook and I don’t hesitate to open emails when I’m trying to assess whether they are dangerous.

Susan’s ongoing advice is based on what happens after you’ve opened the email. Caution is the order of the day: don’t open attachments, don’t click links, don’t reply unless you are absolutely certain about the safety of those actions. This also goes for tapping links in text messages.

One caveat: My version of Outlook is always current because I have a 365 plan. I think currency of email clients is essential.

9 users thanked author for this post.

fisher75, SueW, windbg, rc primak, DrBonzo, 280park, WSameridan, NetDef, Susan Bradley

Reply | Quote

Thank you Will.  Sometimes, I get a Malwarebyte pop-up screen as the email preview is commencing, and I delete that email right away, but I get scared that it has already alerted the sender that I received it.  That is why I was concerned as to the security just in previewing an email.

Reply | Quote

email was confirming an order in the amount of 610.32, if you have questions or request a refund, call this number. They offered to return the money to my account. I knew almost immediately it was a scam.

Reply | Quote

Ben Myers wrote:

Susan, This is timely information for all.  I get so much spam email that I cannot tell a phishing spam from the MailChimp hack from a generic phishing spam, a sad commentary on how vulnerable we all are, despite all the patching of Windows and the brave, new more secure Windows 11.  We, ourselves, cannot be patched and we don’t have TPM 2.0 or Secure Boot in our brains.

My advice to most anyone who asks me about anti-virus, anti-malware or anti-computer-anything is that the best malware defense is between one’s ears.  We all have to use this defense.

I couldn’t have said it better myself, Ben.  Or any funnier.  I think we could all use Secure Boot to get through that critical first hour after waking up and systems coming online.

It seems that as time goes on, we have to take on more of the duties and responsibilities traditionally provided by contractors and professionals; either because they have reduced their services, have become un-affordable, unreliable, or just plain unavailable.

Think about how much googling (hint: start at page 3 or 4 on your searches nowadays) we do so we can be our own doctors, lawyers, plumbers, etc. Our systems are failing us do to rot and bloat.  We have to become more vigilant and self-sufficient to survive. I don’t think there is a better illustration of this than the current cyber-security landscape.

That’s why, in the last 10 years, I have shifted my focus to education (best practices) and not on any “solution” that comes with its own set of problems.  You can’t reach half of them, though, which is a bit depressing. It’s a tougher nut to crack than the homeless problem.  Theoretically, if we gave everybody on the street a tiny home, a job, and life skills, we could eliminate about 80% of the problem, at least initially.  If we can reach even 40% of workers in IT settings and maybe 20% of the general public and make them at least security “bros” (and “sistas”), we would be doing extraordinarily well, I think.

Of course, this has it’s own set of pitfalls.  At what age do we teach our children to “trust, but verify”?  Will they become hopelessly cynical and anti-social?  (it’s too late for me.) Until we figure it all out, I think it’s safe to say that there are protectors and those in need of protection, and we should move forward with teaching the basic, non-technical skills needed to mitigate threats to our family, friends, community, anybody who will listen and take heed. That is our skill set and we can’t be solely responsible for fixing the fundamentally twisted paradigm of somebody exploiting somebody else because they are not physically present to be dealt with properly and barely legally accountable.

Sorry, long post. “Oh, look…a QR Code I must scan!” 😉

Reply | Quote

Will Fastie wrote:

This also goes for tapping links in text messages.

You don’t have to tap on links in text messages to be hacked.
NSO Pegasus messages doesn’t need to be open/clicked.. Just getting a message is enough to surrender your mobile device.

2 users thanked author for this post.

windbg, rc primak

Reply | Quote

All of these breaches seem small at first, but it is usually that pattern we all find out that later the abuse was worse and lasted longer than first notice.

Reply | Quote

I don’t know how my email address was handed over to spammers. About a month ago I started getting dozens more spam per day. Gmail puts 99% in the Spam folder and interestingly, they all have colorful icons, GIFs, emoticons, etc. so I can quickly delete them. A small subset of the spam is requests for political contributions. I always check the sender and try to be alert to tip-offs for phishing email.

I’ve suggested to my representatives in Congress that Federal efforts would be greatly appreciated. They treat my suggestions the way I treat their requests for contributions.

Reply | Quote

I also noticed an uptick in spam, but I think it was closer to a couple of months back. I suspect spammer(s) obtained my email address (again) as a result of a provider breach going back a few years. The same lists keep making the rounds.

Like you, very little spam actually makes it to my inbox, but it is troubling just the same. Why repeat offenders aren’t simply blacklisted is beyond me. Yep, maybe it’s time to rattle our representatives though in this political climate I fear it wouldn’t amount to much.

Reply | Quote