It’s the Digital Security Training team at?Freedom?of the?Press?Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe on LinkedIn?here?or through our website?here.
- The Associated Press has warned that an old AP Stylebook website was hacked between July 16-22, 2023, leading to the theft of data for 224 customers — many, likely journalists. The breached data reportedly includes names, emails, addresses, phone numbers, user IDs, and for some customers, tax-exempt IDs such as Social Security numbers. The website has since been taken down to prevent further attacks, and Stylebook customers are now required to reset their password the next time they log in.
- Since the hack, attackers have emailed customers while impersonating the AP in phishing attacks that reference previous orders, asking victims to update their credit card information on a fraudulent Stylebook website. Read more here.
- This attack outlines how difficult it can be to identify phishing in practice, particularly when an attacker has genuine “insider” information to make the lure sound more plausible, such as the real date of a purchase that you have made previously. However, any time an email says it’s time to update your credit card information, your antennae should go up. It could be legitimate, but it could also be someone masquerading as the service provider.
- If you’re not feeling sure about the link delivered in these emails, you don’t need to click it. Typically most commercial websites want to make it very easy for you to update credit card information to facilitate your purchases, so just search for and visit their website yourself. There’s no need to use the link in a potential phishing email.
- This is also an excellent example of why websites need not store our personal information indefinitely. If you don’t really need persistent access to a website after making a one-time purchase, particularly if that website is storing personal details such as your address, phone number, or tax ID, it’s okay to delete your account when you no longer need it. Alternatively, you can also replace your details with placeholder information when you are done with your purchase.?
Reminder: If you are visiting the Team CommUNITY Global Gathering, come say hi to our digital security colleagues, Harlo, Abigail, Davis, and our previous digital security intern, David Antonio. We might even have some FPF stickers for you. We’ll see you in Estoril from Sept. 15-17.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Freedom of the Press Foundation
