We have seen several instances lately where email accounts have been compromised (Yahoo, Gmail, etc.) The bad guys have gotten the passwords and then sent fake emails pretending to be the user. Some ways to help you keep your email secure and stay safe:
- Never Reuse Passwords. Many people use the same password or derivative password for online banking, email, windows login, etc. A recent University of North Carolina study found that 17% of new passwords could be guessed (given the old one) in 5 tries or less.
- Two-Factor Authentication everywhere you can. Usually, this will require a code normally sent to your smart phone in addition to your username and password. This is available in Facebook, Windows, Yahoo, Gmail, and most other popular platforms including Stone Bank online banking!
- Don’t save emails you don’t need. If a hacker gets into your email, the first place they will go is to your sent and trash email folders. They will use this to fashion a fake email that sounds like you and can be used to trick recipients into giving out information or money.
- Check your email forwarding settings. Hackers often will set your email to forward to them and you won’t see it or know it.
- Don’t give real answers to security questions. Instead make something up that you can remember and use that as an answer.
What if my password still gets hacked? Sometimes, like in the case of Equifax or Yahoo, your account could get hacked no matter what you did. Here are some steps to take, do this in order:
- Check your computer security. Most hackers collect passwords using malware that has been installed on the user’s computer (or mobile phone if you have a smartphone). No matter which operating system you use, be sure your anti-virus and anti-malware programs are up to date. Choose the setting that will automatically update your computer when new security fixes are available. If you cannot afford security software, choose one of the free security suites available. Consider getting a professional to clean his PC or other device.
- Make sure operating system updates are also installed. To find these, type ’(the name of your operating system) and updates’ into your search engine. Set your computer to update automatically so that you get protection from new attacks as soon as possible.
- Change your email and online banking passwords and make them stronger. Do this after your anti-virus and anti-malware programs are updated and you know your PC security has been cleaned and is secure…..else the hackers may collect your new password as well.
- Strong passwords do not have to be hard to remember, they just have to be hard to guess.
- Make all your passwords (Windows PC password, online banking, remote deposit capture, credit card site, etc.) at least 8 characters long, and use capital letters, lower case letters, numbers and symbols.
- Do not use information about yourself or someone close to you (including your dog or cat!) like name, age, or city.
- Do not use words that can be found in a dictionary, these are easy for hackers to break, even if you spell them backwards.
- Text messaging shortcuts can help make strong memorable password creation easier. For example L8rL8rNot2Day! translates to later, later, not today. OtherSuggestions:
i. "This little piggy went to market" might become "tlpWENT2m".
ii. WIw7,mstmsritt... = When I was seven, my sister threw my stuffed rabbit in the toilet.
iii. Wow...doestcst = Wow, does that couch smell terrible.
iv. Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all
- Check your sent email for anything that relates to finances or personal information. The first place most hackers go is to your sent email so they find out how you communicated with credit card companies, investment companies, banks, etc. If any of that information exists in his sent mail, he should consider those accounts compromised and make appropriate security changes to those.
- Send an email to your contacts saying you were hacked. When an email comes from someone you know you are more likely to open it and click on links within it - even if the subject is weird. Help stop the spread of the malware by warning those in your contact list to be cautious of any email sent by you that doesn’t seem right, and to not click on the links.
- No reputable bank or company is ever going to ask you to ’authenticate’ information online. If you get a request from any vendor (Bank, investment company, Amazon, Netflix, etc.) either call them directly at their number listed on the internet (not the email) or go directly to their site using your web browser (not the link in the email)
Report the hacker by forwarding any information or emails you have to email@example.com and firstname.lastname@example.org.