skip to main content

Beware of Phishing Scams! People urged to change passwords due to Heartbleed SSL flaw

Simon Crisp Posted by Simon Crisp Email Simon
Beware of Phishing Scams! People urged to change passwords due to Heartbleed SSL flaw

Beware of Phishing Scams, as people are urged to change passwords by some trusted media due to Heartbleed SSL flaw

There is much in the news today about a software flaw in some SSL software, dubbed Heartbleed.

Trusted sites such as the BBC are reporting that security firms are urging people to change all their passwords , but some experts are suggesting that if you do this, and the site you change them on is not patched / fixed then you are exposing your new password. If you are worried you should contact websites that you believe may be affected. There is a good alternative article cautioning people not to rush to change passwords on the Guardian website.

None of our client's websites are affected. (Mainly because this bug does not affect Windows based SSL certificates, which form the vast majority of the certificates we manage)

If you are a Yahoo user (including Tumblr and Flickr) you are recommended, by Yahoo, to change your passwords now as they have patched their servers. If you have used the same password on your online banking or your email as you have on Yahoo you should change those passwords too.

Amazon, Microsoft, Twitter and Linkedin are not affected.

The main reason for this post though is to warn against so called phishing attacks.
I predict there will be a lot of emails doing the rounds pretending to be from your bank, or other website or even from us stating that you should change your password because of this software flaw.

These emails are all fraudulent and are pretending to come from someone reputable. Never click on the links that are in these emails as they will attempt to capture your password by tricking you into giving it to them. It is the same advice as your bank often gives you about your PIN - that they will never ask for it. Likewise banks will never ask foryour password and nor will we.

If you are worried please call us on 01325 489300.

 

Footnote: There is a great article here about Heartbleed including where the name comes from.