[CTSARA] eMail Hack Prevention
Jon Perelstein
jon.perelstein at gmail.com
Mon Aug 27 10:37:39 EDT 2012
As a reminder (I know this has been discussed on this reflector before),
there are a couple of different things you need to do to guard your email
accounts against hacking (i.e., to prevent bad guys from getting the
password to your email accounts)
1. The single biggest cause of email account hacking is using the same
password for your email account as you do for other online accounts --
because if someone hacks the other online account, it means that they now
have the password to your email account. For example, when Zappos (online
shoe store) was hacked a few months ago, the hackers got the email
addresses and Zappos passwords for about 24 million people. An estimated
10% (2.4 million people) had the same password for their Zappos account as
they did for their email account, which means that when the hackers tried
the Zappos passwords with the email addresses, it gave them access to 2.4
million email accounts. Yes, hackers do run those tests because getting
those email account passwords is one of their primary goals in hacking
something like Zappos. Any credit card info they get is just gravy
compared to the email account access.
2. Leaving yourself signed in at a public computer. You go to the library
or someplace with a public computer (e.g., Stamford Govt Center) and forget
to log out after checking your email. You walk away and the rest is
history.
3. Using a public computer to access your email or other online accounts.
You have no idea what kind of keystroke loggers have been installed on
those public computers. If you do use a public computer to access an
online account, immediately change the password(s) for that (those) online
account(s) when you get home.
4. Malware (viruses, etc). Yes, this is only the 4th most common way that
people get access to your accounts, even though it's the one that everyone
worries about. Have a good anti-virus and a good firewall on your
computers. There are all sorts of good ones out there, including Windows
Firewall and Microsoft Security Essentials (I'm neither recommending nor
not recommending those in particular, I'm just noting that for once
Mickeysoft seems to have done something right). The anti-virus and
firewalls that are NOT good are those things that pop up when you go to a
website and offer you a free scan. Usually those are in fact viruses and
by running the free scan you've just put a virus on your computer. For
those of you in the Linux and Apple world -- no, you are not protected
simply because you are running Linux or Apple. It's just that malware
writers were writing for the environment that had the most users
(Mickeysoft). Now that Linux and Apple are becoming more popular, the
malware writers are writing for Linux and Apple also. Oh, and change your
passwords regularly (at least monthly).
73s
Jon, WB2RYV
More information about the CTSARA
mailing list