Scam of the day – March 6, 2013 – Evernote hacking danger

March 5, 2013 Posted by Steven Weisman, Esq.

Evernote is a popular on line service that helps you store notes, files, web pages and images on all of your electronic devices.  It has both a free and a premium service for which you pay.  Unfortunately Evernote is also popular with identity thieves as evidenced by its being hacked.  Evernote announced the hacking a couple of days ago.  According to Evernote, the hackers managed to steal the names, email addresses and encrypted passwords of its customers.  Evernote is confident that its encryption program will protect the passwords of its users, but only time will tell.  Evernote also stated that it did not believe that credit card numbers used by its premium customers had been accessed.  Again, however, premium users of Evernote should be particularly vigilant in monitoring their credit cards.  Despite its position that no passwords had been stolen, Evernote is requiring all of its customers to obtain new passwords.  The ONLY place to do this is on Evernote’s website at www.evernote.com.

TIPS

Users of Evernote should be particularly wary of an identity theft tactic called “spear phishing.”  Spear phishing occurs when you get an email that lures you to a phony website or link where you either become victimized by providing information that is used to make you a victim of identity theft or causes a keystroke logging malware program to be downloaded when you click on the link or download tainted material that steals all of the information from your computer including bank account numbers, Social Security number, credit card numbers and other information that makes you a quick victim of identity theft.  What makes spear phishing particularly insidious is that unlike most phishing emails which never use your name, spear phishing is directed to you by name which makes many people more trusting of the email.  As I always say, “Trust me, you can’t trust anyone.”  Identity thieves will be contacting people by email posing as Evernote and telling them that they need to change their password by clicking on a link contained in the email or by providing other information.  Do not fall for this ruse.  Evernote is not contacting people by email, but the identity thieves who stole their email list will be.  The only place to change your password is www.evernote.com.  This is also another good example of the fact that your security is only as safe as the weakest place that holds your information.  Limit the places that do have personal information about you as much as possible.