Dear Cloudy Nights members,
The administration staff have become aware of multiple instances of hacked CN accounts over the past few days. So far all of the hacking attempts have been linked to members being directed to phishing websites disguised as legitimate astronomy sites. Once a CN member attempts to enter the phishing site, his or her authentication credentials (usernames, passwords) are collected by the phishing site and then used to gain entry into their CN account (and possibly other accounts as well).
So how do we protect ourselves against these phishing attempts? The first step is to use common sense. Don’t give out your CN username and password to anyone. Some of you are probably thinking that this is just a harmless hobby website, so who cares if your account gets hacked? Well, many of you have a habit of using the same passwords for other sites, including your email, PayPal, and banking websites. If a hacker were to get hold of your passwords for those sites, the results could be devastating. Second, even if your password is exclusive to CN (as it should be, for maximum protection), a hacker could easily use your account to set up bogus sales transactions with other CN members. Imagine trying to clean up the mess that might result after you’re mistakenly accused of scamming other members out of tens of thousands of dollars without any easy way to prove otherwise.
If you ever receive an email that claims to come from CN and asks for your password, it’s likely fraudulent. Occasionally a CN staff member may have to ask for your username to verify who you are, but that will always come as a response to an email generated by you with a question about your account. We won’t email you out of the blue to ask. And we would never ask you for both your username AND your password, as the administrative staff have absolutely no need to know your password.
If you ever enter into a sales transaction with another CN member, and that person insists that all the transaction details be discussed off site (i.e., via a personal email address not connected with the CN site), please be wary. We've added the following language to our Classifieds posting guidelines in order to make things more difficult for scammers: "For personal security and privacy reasons, unless you are a registered vendor, please do not post personal information such as phone numbers, e-mail addresses, or mailing addresses in classified ads."
And finally, use extreme caution when clicking links sent to you through email, even if you think that the email has come from someone you know. Instead, a safer method is to use a major search engine (Google, Yahoo, Bing, etc.) to find the official site for that link, and then look for a security OK for the site from your own browser security program, if you don't already have that site bookmarked.
These are just some of the basics, but following this advice should help to thwart 99%+ of phishing/hacking attempts.
Thanks for reading. And please BE SAFE!
Edited by Scott in NC, 03 August 2016 - 04:13 PM.