Call us

613-962-5177

StoneHouse Marketing key logo

Email

glenn.lidstone@shmsinc.com

LastPass Phishing Email

IF YOU USE LASTPASS, PLEASE READ THIS EMAIL!

Even if you don’t use LastPass, there are valuable lessons here in this article on online security that might potentially save you untold grief in the future. 

Over the weekend I received an email that could have cost me the keys to the kingdom. By that, I mean giving a hacker every password I have! And I have literally hundreds of different passwords.

Here’s the email I received:

lastpass phishing email

On the surface this looks pretty legit!  It says it’s coming from Lastpass. But when I click on the name “Lastpass” I see that the underlying email address is noreply@security-lastpass.com.

This might fool a lot of people. If you don’t look closely enough you might just see the tail end of the email which is ‘lastpass.com’. But the part in front of that is important too. The real domain here is ‘security-lastpass.com‘.

the from email address

The email is asking me to confirm some information and it introduces an element of fear by telling me that certain features of my LastPass account will be deactivated unless I log in before June 16, 2022.

This is actually a smart move on the part of the scammers. They are creating a sense of panic in the person they want to scam and when you are in that state, your higher level cerebral cortex tends to shut down and your lower level reptilian brain takes over and intiates a ‘flight or fight’ response. In essence, it inhibits your ability to think. And this of course is what the scammer wants! He wants you to CLICK THAT RED BUTTON, which in this case says “Confirm my information’.

Right clicking on the button allowed me to copy the link, and I pasted that in a browse to have a look at it.

Here’s the link: https://customer-lastpass.com/verify/cgdnd3Mtd2l6EAMYADIFCAAQgAQyBQgAEIAEMgYIABAeEBYyBggAEB4QFjIGCAAQHhAWMgYIABAeEBYyBggAEB4QFjIGCAAQHhAWMgYIABAeEBYyBggAEB4QFjoECAAQR0oECEEYAEoECEYYAFCkAVjjGWCwIWgAcAJ4AIABmgOIAdEPkgEHMi01LjEuMZgBAKABAcgBCMABAQ

You can see that it is taking me to the domain ‘customer-lastpass.com.’  This is NOT Lastpass’s domain!

There are a few other clues in this email. In the “Tips for getting started” section (which the hacker includes to add a measure of credibility to his email), there are three sections each with a link. One is to ‘Install browser extension’. The second is “How to add a password” and the third is “Learn about autofill”.  The hacker, though, failed to actually provide any real links i.e. if you click on the blue link text it doesn’t go anywhere! So this is another clue that this email is not legit.

The link, by the way, takes you to a login screen that looks very much like Lastpass’s login screen.

If you enter your credentials, you would be giving the hacker access to your LastPass account and EVERY PASSWORD YOU HAVE STORED IN LASTPASS!  This is literally the keys to the kingdom!

THE NUMBER ONE RULE FOR EMAIL ONLINE SECURITY

Let’s call this the number one rule for online security:
IF YOU GET AN EMAIL THAT ASKS YOU TO CLICK ON A LINK AND WHERE YOU GO TO ASKS YOU TO ENTER YOUR LOGIN CREDENTIALS, DON’T DO IT!

Instead, if you actually think it’s legit, go to the website yourself by opening your browser and use a bookmark or search for the site.

THE NUMBER TWO RULE FOR ONLINE SECURITY

USE TWO FACTOR AUTHENTICATION wherever possible.

That way, even if your password is compromised, the two factor authentication should save you.

If you don’t know what two factor authentication is, take the time to learn.  Google it. You’ll find lots of articles and videos that will show you how to set it up.

THE NUMBER THREE RULE FOR ONLINE SECURITY

Use a good password manager.

LastPass is an excellent password manager. There are other good ones as well. Pick one and use it. Yes, there is a bit of a learning curve. Take the time to do it! In the end, you will be more efficient because you won’t be entering user credentials manually, and you will be far more secure because you won’t be reusing passwords and you will use long passwords (35 characters or more) with upper and lower case and numbers and symbols.

THE WILD, WILD WEST

Phishing scams and the websites they take you to are getting more sophisticated all the time. Often they target organizations and know the names of key people such as the president of the organization or the treasurer. They concoct convincing stories pretending to be key people in your organization and usually end up asking for money to be sent from one person to another (often in the form of gift cards) because of some emergency situation. You might be surprised to hear how many people are taken in by these scams. Again, there are two key reasons:
1. The scammers appear to be legit.
2. They create a sense of urgency and fear which overrides the victim’s ability to think clearly in the perceived limited amount of time they have

The internet is truly the wild, wild west. You need to be appropriately ARMED and wary!  You have to know what you are doing. As we discussed above, you need to understand how to use a good password manager and you need to know enough not to click on malicious links or enter information on the websites these links take you to.

Be careful with downloaded files. These can contain viruses or other computer malware. When in doubt check downloaded files with an online virus checker such as Virus Total.

It also helps to know how to look at a website address (called a URL).

Ignorance of these things won’t get you killed but you do run the risk of significant financial loss or even loss of identity. A hacker who has access to your accounts could do all kinds of malicious things while pretending to be you!

Take the time to learn how to protect yourself!

Unleashing the Power of Google Analytics 4 (GA4) – The Future of Web Analytics

Introduction:   Having an online analytics platform is very important for all businesses that have any kind of online presence (and, of course, that’s almost every business!). The first version of Google Analytics was introduced in November 2005. In October 2020, Google introduced the latest version, called Google Analytics 4 (commonly known as GA4) which gives a detailed insight to all the businesses that have their website properly connected to GA4, including such insights as user engagement on the website, number of impressions, click-through rate, conversion rate, and much more.  ...

Mastering Apple Maps SEO: Your Key to Dominating Local Search and Boosting Business Visibility!

A mapping software application called Apple Maps is pre-installed on all Apple devices. Many businesses are well aware of the importance of having a Google Business Place (formally known as Google My Business) listing so that their business shows up in the local Google search listings. Less known though is doing a listing to show up on Apple Maps! Due to Apple’s enormous user base, this is a massive, largely untapped opportunity for businesses to rank in search! Key fundamentals of Apple Maps include: 1] Apple Maps Indoor Navigation Function: This function is particularly helpful for...

The Future of SEO: Voice Search Optimization

search using a phone

Hello, digital entrepreneurs! In the current scenario, technology is constantly evolving, and it is crucial for us to utilize these technological changes and take advantage of these new technologies as rapidly as possible. Therefore, in today's blog you'll learn how digital assistants like Siri, Google Assistant, and Alexa are facilitating customer and business connections. 1) The growth of voice search: According to recent studies, voice search engines produce $40 billion in annual revenue, indicating that the need for voice help is already rising rapidly.  And people are utilizing these...

New Website Design Quinte Hills Golf

Quinte Hills Golf Course website design

StoneHouseMarketing Solutions, Inc is pleased to release our newest website design, Quinte Hills Golf Course, complete with a dynamic header, eye-catching background photos, and a mobile menu that is easy to use.  You can see it here. The site features an interesting home page main header comprised of five section. When you move your mouse over a different section, the background image will change to display a different golf course hole. It's a great way to showcase the golf course! We also added a weather widget on the home page so that golfers will know what the local weather is at...

Best SEO Practices According to ChatGPT

Google Search Window

I asked the AI program ChatGPT the following:Research the top Search Engine Optimization practices for 2023 and include references. Here's what it came back with! I'm sorry, but I am not able to browse the web, so I cannot research current SEO practices for you. However, I can tell you about some general SEO best practices that have remained consistent over the years and are likely to continue to be effective in the future. These include: 1. Make sure your website is mobile-friendly and loads quickly.2. Use descriptive, keyword-rich title tags and meta descriptions to help search engines...

Fastest Website Hosting Service

SHMSINC Hosting speed

For the fastest hosting service you can get for small and medium sized businesses, it's really quite simple! We recommend hosting with us! The screen shot you see above shows you our website speed the day this article was written. We used GTMetrix to test our home page and you can do the same with your website. Just go to GTMetrix.com and type in your website address starting with https:// Note: There is another website tool you can use that will scan EVERY page of your website simply by entering your site address. This one, by a company called Experte, is available here. Why is this kind...

Every Website Is Being Hacked

website hacker ph

EVERY website is being hacked. And we do mean EVERY website! Now to be fair we can’t make that claim with absolute proof which would mean looking at the data on every website and show the evidence of the hacking attempt. But we are making what we believe is a very reasonable extrapolation. In almost a decade of managing a multitude of websites, we’ve yet to see one that wasn’t probed by a hacker in some way or other. Here's an example of a log from this morning as I wrote this post!536 different hosts attempted login into this one particular site! When I say to our various clients that...

The Most Important Thing for Local SEO   

Local-SEO

What is the most important thing for local SEO?  The most important thing for local SEO is Google My Business (GMB).   And yet, most local businesses we deal with seem much more focused on various social media networks such as Facebook, Instagram, Pinterest (which is great for certain market segments – bridal shops come to mind), and other ones such as Twitter, Linked In and so on. They generally don’t pay much attention to Google My Business. This is, in our opinion, a huge mistake. We’re not saying those other networks aren’t helpful for drumming up or building business, but in terms of...

The ROI of SEO

SEO - Search Engine Optimization

Let's look at the ROI of SEO i.e. the return on investment of spending money on SEO. As a business owner you may have thought about investing in Search Engine Optimization, or SEO for short, but weren’t sure if it really made good business sense. This post can help you determine whether SEO is a worthwhile investment or not. The answer ranges from “absolutely not” to “absolutely”! It really depends upon on several different things. For example, we recently talked to a dentist about marketing, and he told us that he is fully booked and not taking on any clients! Well, then. He clearly...