How to protect your internet accounts from being hacked

Filed under: Computing Tips,Security - May 26 2012

We get a lot of calls where the person’s account has been hacked. The hacker has sent spam email to their contacts, and often copies their contact list for the purpose of sending future emails and forging their name and email address. Others have had emails sent to their contacts asking for money because they are in distress in a foreign country while on vacation. After their account got hacked, people usually ask us how it happened. Typical methods that hackers are able to access email accounts include….

1. Guessing an insecure password to access your account. Examples of insecure passwords include common names, names of a pet, words listed in a dictionary, or using the same password for different websites.

2. Guessing the answer to your account security question(s), then resetting the password so that the account can be accessed.

3. Insecure web site databases are being hacked and the usernames and passwords are being used to log into email and other accounts. For example, here’s a common scenario that could happen to you:

You discover xyzrecipes.com and register for an account so that you can access their exclusive recipes that are only available to registered users. They require an email address for a username, and ask you to create a password to access their site. To make it easy to remember, you simply use the same password that you use to access your email – since most people wouldn’t care if somebody got access to your xyzrecipes.com account.

However, a few weeks later a hacker breaks into the xyzrecipes.com user database and copies all the email addresses and passwords. The hacker then tries to access your email account using the same password that you used to register at xyzrecipes.com. If it’s the same password, they now have access to your email account, make a copy of your contact list and send spam messages to your contacts that look like they’re coming from you. Worse yet they can read all of your previous emails, learn about the people you correspond with and financial transactions that you make, and/or change your password – locking you out of your email account.

4. If you click on a link in an email which leads to a malicious website, the website can capture your email login credentials.

5. Sending an official-looking email asking for email login credentials. (See sample below)

 

What you should do if you’ve been hacked, and tips to prevent being hacked.

If your email account was hacked, immediately change your password. (If your email address is the master account for AT&T DSL service, see note below*) Below are a few things you can do to help prevent your email account(s) from being hacked.

1. Use a password system/pattern so that you have a unique memorable password for each web site. I recommend putting part of the letters of the website in the password. (See creating secure memorable passwords.)

2. If the account has a password reset question (or account security question – ASQ), make sure that the answer to your question is something that a hacker would not know or easily guess.

3. Learn how to recognize emails that “phish” for your information.

4. Secure your email account with 2-step verification.

* Note: If your email address is the master account for an AT&T DSL account, after changing your email password you need to call AT&T DSL at 877-722-3755 and have them give you your network password to program into your DSL modem or router. Otherwise you could lose your connection to the internet.

 

Print This Article Print This Article

Submit a public comment