An email containing an image, shown below, saying MyHeritage V2 ethnicity estimates are available is being sent from a fraudulent email account, firstname.lastname@example.org (with a q instead of a g), encouraging users to click to review their matches.
This email was not sent by MyHeritage and is fraudulent. DO NOT CLICK. Delete.
MyHeritage users are receiving emails from a fake account with the subject “Ethnicity Estimate V2” which attempts to lure users into signing into a fake website set up to look like the legitimate MyHeritage website. The fake website has a similar domain name, except with a q instead of a g, and has stolen the MyHeritage main website picture to look legitimate.
Please read the MyHeritage article, here. To be very clear, MyHeritage has NOT been breached, but bad actors have harvested emails, probably from the GEDmatch security breach, which I wrote about here, and are using them to try to target MyHeritage users.
Word of warning – any other vendor’s customers may be targeted too. Be very very leary right now of any emails.
It appears that email addresses retrieved from the GEDmatch breach either are or may be being used to target users. Be sure if you are going to renew a subscription that you are on the legitimate website, by verifying that the website name in your browser line shows the MyHeritage name accurately and not misspelled in any way.
Note the g instead of a q – this is the legitimate MyHeritage website.
To date, there are no reports of MyHeritage users who did NOT upload to GEDmatch from MyHeritage receiving targeted emails, but that may simply be a matter of time.
There are also no reports of GEDmatch customers who uploaded files from other vendors being targeted, but that may be coming. Stay vigilant.
Always, always check the sender information and look for words that are similar but not accurate. Examples might be 23amdMe instead of 23andMe, or Ancesty instead of Ancestry or FamlyTreeDNA instead of FamilyTreeDNA. You get the idea. These are just examples that your brain “fixes” for you – which is what hackers are counting on.
Here are some ways to protect yourself:
- At MyHeritage turn on two-factor authentication. Their article includes instructions.
- When looking at emails, always truly LOOK AT and evaluate the sender.
These are examples of legitimate emails.
I can see that this website name is accurate.
I can see that MyHeritage is spelled correctly here, and it matches all of the other Smart Match notifications I’ve received.
This is the address my Ancestry notifications come from, spelled correctly.
And at 23andMe.
Please note that a normal email doesn’t guarantee that the email is legitimate, as addresses can and are spoofed regularly. However, an odd email guarantees that it’s NOT legit.
Protection on a Phone
On my phone mail, I click on the sender’s ID a couple of times until it finally displays in this format. I retrieved this email out of my spam folder, someone wanting me to click on a link. Yea, right.
Clearly, this person is not Chondell Campbell.
I don’t know a Chondell Campbell, but even if I did, email addresses are hijacked all the time. I would never, ever click on any link that I can’t clearly see, nor from someone if I wasn’t expecting the information.
Call me paranoid but I’m also safe.
Change Your Password
Just to be safe, you may want to change your passwords occasionally. Don’t use the same password on multiple sites. If you already have, change them now.
Always pick a very irritating long secure strong password. You may want to use a tool like LastPass. Some people use song lyrics.
I’ve noticed a real uptick in bad-actors and emails with phishing attempts in the past few weeks/months. Increase your suspicion level from yellow to full-on red right now.
Don’t click until you are sure, on emails, on messages, on social media or on any website. Not EVER!
We Will Get Through This
I know this is disheartening on top of pandemic and politics and whatever else is going on in your life. Keep heart. We’ll get through this.
I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.
Thank you so much.
DNA Purchases and Free Transfers
- FamilyTreeDNA – Y, mitochondrial and autosomal DNA testing
- MyHeritage DNA – ancestry autosomal DNA only, not health
- MyHeritage DNA plus Health
- MyHeritage FREE DNA file upload – transfer your results from other vendors free
- AncestryDNA – autosomal DNA only
- 23andMe Ancestry – autosomal DNA only, no Health
- 23andMe Ancestry Plus Health
Genealogy Products and Services
- MyHeritage FREE Tree Builder – genealogy software for your computer
- MyHeritage Subscription with Free Trial
- Legacy Family Tree Webinars – genealogy and DNA classes, subscription-based, some free
- Legacy Family Tree Software – genealogy software for your computer
- Charting Companion – Charts and Reports to use with your genealogy software or FamilySearch
- Legacy Tree Genealogists – professional genealogy research
Fun DNA Stuff
- Celebrate DNA – customized DNA themed t-shirts, bags and other items