Protect Your Email Passwords
Recently I went on a cruise with my wife and her siblings and had a great time. Near the end of the cruise, one of her sisters mentioned that their e-mail account had been hacked. Being in the computer industry, this announcement caught my interest and I attempted to learn how this had happened. Apparently, just before she left their hotel to board the ship, she checked her e-mail from a public computer. Two days later, while in the middle of the cruise and not reachable via cell phone or e-mail, this message was sent from her account:Subject: I need your help Hi, Sorry to disturb with this email but I’m out of the country in Madrid Spain and I found myself in a situation which I really need to take care of now. Can I get a loan of $1000? I will explain better and refund the money to you immediately I get back. Please email back as soon as you get this and please keep this between us. Thanks,
Apparently, some keylogging spyware was on the hotel’s public computer, which then relayed the login info to another party. They then logged in as her and immediately changed her password, then sent the above e-mail to all of her contacts. Not only was someone now impersonating her and asking for money, but she was also locked out of her own e-mail account!
Those of us that are savvy would never use a public computer to log into any account with our regular password. It is just too risky. It would be like entering your PIN at an ATM machine while strangers looked over your shoulder!
With the proliferation of cellphones and personal tablet computers, you should only use your own devices to log on to any system. The frustrating part of what happened to her was that she could have used the public computer if she had registered her mobile number with Hotmail. Hotmail has a sign on option to text you a one-time password for use in precisely this kind of situation. In fact, all major e-mail providers have security options that take advantage of cell phones.
I used to think that the e-mail accounts that I occasionally use did not need super secure passwords and alternate security mechanisms set up. But that naïve thought was removed when it was pointed out that when you forget a password to, say, your backing account, you can click the link to send a temporary password to the e-mail account they have on file. If that e-mail account is compromised, someone else can now get into other accounts.
And what is your backup for your e-mail account password? Often it is sending the temporary password to yet another (less secure perhaps) e-mail account! So take the few minutes it takes to set up your accounts with more security. It is much better to do this than trying to recover a hacked account or your reputation. And whether you are logging into e-mail, Facebook, or your ShopSite store, only do it from your own trusted devices.
Here are some links for best practices for some of the major accounts that people use:
As for my sister-in-law, I don’t believe that any of her contacts fell for the scam since 1) anyone that knew about the vacation knew she was going to Cozumel, Mexico (not Madrid, Spain) and 2) this same thing had previously happened with her Facebook account! Yes, she previously had another account hacked, and one of her relatives did attempt to send money to those posing as her. Luckily, they were able to cancel the fund transfer before it was too late.