Many of you may not be familiar with the acronym ICANN which stands for the Internet Corporation for Assigned Names and Numbers, however everyone is familiar with what they do. ICANN is the international organization that administers all website domain names. ICANN recently disclosed that it had been hacked since November. Fortunately, the extent of the hacking and data breach was minimal and passwords were not stolen since they were maintained in an encrypted manner by ICANN. The hackers did, however, manage to obtain the names, addresses, email addresses and phone numbers of ICANN customers. ICANN is in the process of notifying those people whose data was compromised. The danger posed by this information falling into the hands of scammers is that it can be exploited by a technique called “spear phishing” where specific people are targeted in emails that appear to be from legitimate sources and directed to them personally by name, such that the victim is more likely to trust that the email is legitimate and be lured into clicking on links contained in the email or text message that contain malware that will enable the scammer to steal the personal information of the victim and use that information to make the person a victim of identity theft.
Remember my motto, “trust me, you can’t trust anyone.” Regardless of whether an email or text message appears to be legitimate, you should never click on links until you have absolutely confirmed that the message is legitimate and the link is legitimate. Even if the email or text message is addressed to you personally and appears to come from someone or some business or agency with which you have a relationship, you can never be sure that the communication is legitimate and the risk of downloading keystroke logging malware is too great to trust such communications until you have absolutely confirmed that such communications are legitimate. Additionally, it is important to keep your anti-malware and anti-virus software up to date remembering that your security software will always be at least a month behind the latest malware threats.