There is a surge in email account hacking these days specially of people who are publicly active on facebook or twitter or businessmen who conduct large transactions through email. Three such cases have come to my knowledge in the last few days and the modus operandi seems the same. So I thought it pertinent to write this post for public consumption.
It is crucial to understand that online identity theft is a very real and scary scenario where a hacker takes over your email and social networking accounts and attempts to then either blackmail you through use of your personal pictures or in many scenarios influence your business transactions which can lead to huge and unexpected losses. Some people take it too easy with their passwords and only wakeup when the damage has been done. So please read the following carefully and see how many loop holes you have left in your system.
- Passwords must be a combination of upper and lower case alphabets and numbers for example MyBirthday1975. Keeping passwords like this leads you clear of bots which hackers use with thousands of wordstrings to hack into your accounts.
- You MUST use different passwords for different accounts, failure to do so will lead to all your accounts being hacked together ( a nightmarish situation)
- Never ever give your passwords to anyone online. Even your family members even if they message you one fine day saying they are stuck somewhere and need access to facebook, you never know if they are on the other end of the screen or someone impersonating them.
- If you are in Pakistan and using social media it is CRUCIAL that you turn on two step verification on your emails. You can enable this in gmail or hotmail or facebook by going into the security settings. The service will ask for a mobile no which you can provide and hence allow the service (gmail/hotmail) to sms you when logging into the account in question from any computer. This sms will contain a security code which you can then input to access your account. This extra level of security after your password will stop any hacker from entering your account even if they have cracked your password.
- In order to use two step verified accounts on your smartphone you can go into security settings and generate application specific passwords which should be labelled correctly and then used with that device ONLY. If you are travelling with two step verification on, the security settings of your account will also let you printout a set of backup codes you can use while away from the local sms carrier.
- It is also very important to make sure that your security question is something known only to you. Make it as personal as you can so no one can guess it quickly.
- It is recommended that you have a few email addresses, for instance have an email which is used JUST AS A LOGIN for your facebook and nowhere else and another for your business and another for your personal use. This splits up your identity so that a hacker cannot get everything in one go if they even hack one account.
- Be very careful of opening spam emails or emails from unknown sources. Many of them contain scripts with trojans in them. Trojans are programs that grant back door entry to your system to a hacker as soon as you are online. These days trojans are sophisticated enough to actually allow hackers to control your system right down to the mouse cursor and will alert them when you are online as well. NEVER EVER input your information in any such emails and press submit. No organization or corporate to my knowledge sends forms for you to fill with “undisclosed recipients” written in the to box.
- Since you have invested money into buying a computer it is important to protect it carefully with a proper antivirus. There are some good ones which re available for free like AVG and Avira however i recommend a paid one so that you can have frequent access to updates and protection from hacks. Please note constant connectivity means that your system is also constantly available to attack and thus i recommend you shut it off (internet wise) when not doing anything.
- Once you have a solid antivirus schedule it to scan your whole computer once a week at least to eliminate any baddie viruses or trojans that get through. The software does it on auto so you dont have to worry about it. It is also important to keep the antivirus software alerts to medium so that any change any script or software is making to your system is preceded by a warning which you can either allow or check out.
- I HIGHLY RECOMMEND THAT YOU USE NO PIRATED SOFTWARE IN YOUR SYSTEM. Pirated sofware contains all kinds of viruses as they are replicated in the thousands. Usually in environments which are not very standard friendly or having any checks or balances as to how corrupt the data has become.
Chrome may be fast and light but it is definitely not as secure as firefox or internet explorer no matter what you think of microsoft. So when browsing be careful which tool you are using. It is also very important that if you use your browser or a browser on any other computer say in a hotel lobby to check your email you MUST LOG OUT at the end of your session. Sounds basic and silly but you would be surprised to know how often people break into email accounts in this manner, just because someone thought it ok to leave their session logged on and walked off.
- Its great to connect via social media but such sites are also prone to trolling for prospective hacks by one or even groups of hackers so kindly keep privacy settings on high and family pictures on these networks to a minimum. Please note as a rule never put up intimate pictures online of you your spouse or your kids.
- Also note, just because a person puts something in their profile it does not mean that is the same person sitting behind the screen on the other end. This is the virtual world, men can be women women can be men in real and you never know where an inbox conversation will end up. So BE CAREFUL!
- People often tend to provide access to a lot of peripheral or third party apps on twitter and facebook. Once provided access with some of these apps can do a variety of things like troll your friends list change things on your timeline and so on. Please make sure who you are providing this level of access too. Also some of these third party apps have security vulnerabilities therefore they can be used as gateways into your system.
Watch out for suspicious patterns
Emails deleting on their own, people complaining of spam from your email id and facebook randomly adding people to your account are USUALLY SYMPTOMS THAT SOMEONE HAS ACCESSED YOUR SYSTEM. If this is happening or you find out that your security has been compromised in Pakistan. The actual process is to reach out to NRC3 which is the national response center for cyber crime in our intelligence services. They have numbers on their website for you to call and complain. So that they can register a case and an FIR to start tracking an offending IP or catch someone trying to do something malicious to your system or data.
Hopefully this will help some of you secure yourselves better. Usually if you have taken care of all of the above then you are pretty safe from a hack but you never know so its best to keep on you toes in this digital age. This includes wiping your smartphones and laptops when you as we usually do trade them in for a newer model in Pakistan. Remember this is a country where women’s cell numbers are sold from guys working at top up locations so you can imagine what lengths they can go to if they have access to your machine for a few days.