Jump to content

security alert

Level 1
  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About security alert

  1. Sadly, my confidence is much lower, mostly because my secondary training tells me that Evernote bungled this response. If I understand correctly, the link took you to a site asking for your current ID and Password. If I sent you the same email, but changed the link to: evernote.5371mkt.com and asked for the same info, I no longer have to brute force your salted password. You handed everything to me. Therefore, a well planned attack only needs to make Evernote 'think' something happened. From there, the rest is very easy. Keep in mind that if you are ever targeted for hacking, you have already lost. That does not forgive using a security response plan that wouldn't pass the first level of an audit.
  2. Exactly correct. Always be cautious. Never be lazy. Type the name yourself, or use your old bookmark. In this particular case, hackers right now can be sending out millions of these emails changing the link to their own site. Many email systems display the most recent email first, so the duplicated phising email may be viewed before the one Evernote might have sent. I'm suddenly saddened to think that the email was legit and absolutely destroyed my confidence that Evernote has a Chief Security Officer, or at least one that has expertise in this area.
  3. Yes, I'm not 100% "convinced" the email is legitimate. Here's the first reply line from the header: Return-Path: <[snipped]@bounce.evernote.mkt5371.com> You should NEVER TRUST a company name in an address if it's not immediately before the very last dot (or period) in the name. In this case, a hacker from "mkt5371.com" can set up bogus emails claiming your Microsoft, or Apple or any other account was compromised. Seeing something like: apple.mkt5371.com or microsoft.mkt5371.com does NOT MEAN the email came from the company you think it did. There is a HOT Topic on the forums, and I did read the first page of the 100+ replies. Nothing helpful was there. In fact, the email can be taking advantage of another security flaw. This may be a coordinated attack where the email is stealing login information during another breach. Lastly, releasing the mail on a Sunday means that the lowest level of staffing at Evernote is available or aware, particularly the senior level. Those managers would be most educated on phising activity and they would also be most likely to have the day off.
  4. I received a highly suspicious Phising email this morning. It claimed passwords needed to be reset. DO NOT CLICK ANY LINKS IN THAT EMAIL! (If you fully read the email, you'll note that it was a direct copy from an existing Evernote email, where they specifically warn you to NEVER CLICK A LINK IN AN EMAIL. The attacker had then modified the email to insert links well above the warning that they didn't even read.) If you hover over a link you'll notice it redirects to a non-evernote web site. It then asks you to ENTER YOUR CURRENT PASSWORD. If you have entered your password, you should consider yourself compromised. Had this been a serious alert from Evernote, you would have been instructed to visit Evernote from your Bookmarks, or enter it directly. At that point you should have seen a link to reset your password via email. Remember people, NEVER BLINDLY TRUST AN EMAIL. They are easily forged and companies already have established policies to verify your identity through established email accounts. You may wish to reset your password immediately, especially if you have clicked a link in the aforementioned email.
  • Create New...