Fake "your account was hacked" emails

Dear Williams Community,

Many, many Williams people have been receiving fake emails regarding “hacked” accounts.

Typically the two ways they will throw you off guard is to either display an old password in the email, or to send the message as you (with your email as the From address).  Rest assured your account has not been hacked and the claims in the email are false.
What should you do with this email?
In gmail you can choose “report phishing” from the pull-down menu on the right and then delete the email.  This will help Google identify and block further messages like this.
How do they have one of my old passwords?
It is very likely that old passwords of yours have been exposed and posted on the internet due to breaches at sites like LinkedIn, MySpace and Adobe.  If the password listed is one you use anywhere please change it.
 
How do they send an email “from” my account?
This is just standard spoofing and does not indicate your account is compromised.

What can I do to prevent compromises at other services from affecting my Williams and other important accounts?

1.   Set up 2-step authentication wherever possible.  At Williams this is done from  https://www.google.com/landing/2step/ .   Apple, PayPal and most likely your banking sites also encourage you to set up 2-step authentication.  Use it!

2.  Use a different password for every site.  Don’t let a breach at Facebook or LinkedIn compromise your Williams account!  You can easily have different passwords by using a password manager like LastPass:  http://oit.williams.edu/help-docs/lastpass-password-manager/ or Valt: https://valt.io/

Please let me know if you have any questions.

Regards,
Seth

Director of Client Services
Office for Information Technology
Williams College