Home » Guard against phishing in wake of Heartbleed bug

Guard against phishing in wake of Heartbleed bug

Department of Financial Institutions urges businesses to use caution

FRANKFORT, Ky. (April 15, 2014) –With reports of the Heartbleed bug spreading like wildfire, it’s important to stay vigilant against potential scams.

heartbleedThe Department of Financial Institutions (DFI) is warning consumers about possible phishing attempts in the wake of the Heartbleed bug – a critical security vulnerability that has put many systems at risk.

[pullquote_left]Click here for a list of websites for which you should change your password.[/pullquote_left]

“Con artists often take advantage of hot topics in the news,” said DFI Commissioner Charles Vice. “Consumers will become prime targets for phishing attempts to change passwords or account information. Protect against phishing by avoiding links in emails you did not request and dealing only with websites and companies you trust.”

Businesses or websites using affected versions of OpenSSL encryption should be working to update their systems to fix this vulnerability. Those businesses may suggest people change their passwords to protect both the customers and the business. As sites are patched and are no longer vulnerable, consider changing passwords. Choose strong passwords and use a different password on each site. For more tips on passwords and other security issues, visit OnGuardOnline.

However, people should be wary of links in email notices as these could be phishing attempts. Phishing is the use of fraudulent email to acquire sensitive information, such as passwords and financial account details. Phishing e-mails appear to be from legitimate sources, such as banks or online services. Often the link will lead to a false website that looks identical to the company’s real site, luring the consumer to reveal logon credentials or other personal information to cybercriminals.

Also beware of other possible scams, such as services that offer to scan for and repair vulnerabilities on your computer. Research any service provider you plan on using to make sure it is a legitimate business before turning over any money or information.

The Financial Cybercrime Task Force of Kentucky is a proactive, internal work group of DFI that focuses on best practice guidance and warnings for the financial services industry and its customers. The Task Force’s goal is to identify and address emerging threats in cybercrime and security and to protect the integrity of the Kentucky financial system.

Click here for a list of websites for which you should change your password.