I’m sure it’s happened to many of you.  Your friend calls and says, “Hey did you mean to send me that strange email?” 

“What strange email?” you inquire.

“The one with the link to a weird website,” your friend replies.

It’s at about that time you get a sinking feeling in the pit of your stomach as you realize your email was hacked.  So what should you do if your email gets hacked?  Here are just a few of the things you need to do:

1) Evaluate how much damage could be done
If this was a trash email account that you barely use and don’t have any sensitive information sent to, then the impact could be nominal.  UNLESS you use the same password on other accounts!   If that is the case (Tisk Tisk!), then assume all those other accounts have been compromised as well and start changing passwords.   If you fear sensitive accounts could have been compromised (such as your online banking account) you should immediately contact those institutions and think about putting some credit monitoring in place.

2) Run your anti-virus
This has become trickier as we continue to increase the number of devices we have in our lives.  We have a desktop computer, laptop, tablet, smartphone… and don’t forget the computers at work where you’ve accessed your email.   If you don’t have anti-virus on every single one of your devices now is the time to get them protected.  It’s possible one of your devices was compromised by malware, and if you change your email password the bad guys will have your new password.  If you’re using a “free” anti-virus program it probably isn’t protecting you as much as you need.  Anti-virus is a very small investment to protect some of the most important aspects of your life.  If you’re not comfortable with your ability to install anti-virus or run a thorough scan, take your computer to a computer store and have them give you a hand.

3) Change your password
As mentioned above, if you have malware on your computer and don’t remove it before changing your password the hackers could obtain the new password.  Once you are sure all potentially infected devices are free of malware and are properly protected, change your password to something secure and isn’t used anywhere else.  (If you want more advice on creating strong passwords and using password managers refer to a previous blog post.)

4) Check your email settings
Sometimes hackers will setup automatic forwards in your account, or will add a signature to your email.  Comb through your email settings and make sure everything is set the way you left it. 

5) Tell your friends
Your friends will be unwilling beneficiaries of your hacked account because they will start receiving emails that contain links to websites they don’t want to visit.  If they click the links it’s possible they will be taken to a website that contains malware and they may get a case of the nasties on their computer as well.

At this point all you can do is monitor your online accounts and your credit and keep your fingers crossed that the issue has been taken care of.   Now is also the time to be more diligent about your online practices.   If you’re the type of person who responds to spam emails that are sent to you about winning the lotto in some foreign country, click links in emails and/or open attachments from people you don’t know, and send your social security and credit card information to people in email, then be ready to continue to have problems co-existing with the web. 

The post What To Do If Your Email Account Gets Hacked appeared first on .

According to Trustwave, hackers installed keylogging software on approximately 2 million computers and have been capturing login information for over a month.  Trustwave was able to track down at least one of the servers storing the login credentials in the Netherlands, but other servers still exist that have not been located yet.  On the Netherlands server they found passwords for:

• 70,000 Gmail accounts
• 60,000 Yahoo accounts
• 318,000 Facebook accounts
• 22,000 Twitter accounts
• 8,000 LinkedIn accounts

ADP accounts were also compromised which means the hackers had access to sensitive information payroll personnel use to issue paychecks.  Also included in the compromised information found on the Netherlands server was 41,000 FTP credentials and 6,000 RDP logins.

While security experts don’t yet know how the virus got onto infected computers, they recommend insuring your anti-virus software is up to date, as well as the latest version of your web browser and popular plugins for browsers such as Java and Adobe Flash.  Once that is completed you should then update your passwords and make sure they are secure.  That means capital letters, small letters, numbers and symbols should be in your password, and ideally your password should at least be between 12-16 characters in total.  (Can’t remember your passwords for different accounts?  Use a password keeper!)

The post 2 Million Gmail, Yahoo, Facebook and Twitter Passwords Hacked appeared first on .

Since everyone is up in arms because Brian got “killed off” Family Guy (come on people, Stewie has a time machine!) I’m going to take this opportunity to tell you what really grinds my gears.  Sure, I know it’s the eve before Thanksgiving and I’m supposed to be spending the whole month of November posting on Facebook what I’m thankful for, but this is important! 

People inadvertently download crapware to their computers all the time without knowing any better.  Websites deceptively place ads around the real download, and software vendors automatically bundle other software with their download unless you read the fine print and uncheck a small box before you start downloading. 

Sure, I understand if someone is letting me download their software for “free” it’s a way for them to make money.  But how about giving us an option to download something that is valuable, won’t take over control of my web browser, and/or conflict with other software already on my computer?  Huh?  How about that??  And don’t be fooled, it’s not just the little guys trying to make a buck.  The big boys are notorious for this practice too.  Kudos to ZDNet for calling out Skype, Adobe and Oracle for these practices.

Here are some examples of how you are tricked to install things like the Ask Toolbar, Babylon Toolbar and other malware:

CNET is a place that comes up well in searches if you’re looking for a popular piece of software to download.  Unfortunately they strategically place ads that are more prominent and have language surrounding the ads that is designed to confuse less savvy users.  Which of the highlighted areas should I click on to begin my download?

When updating Adobe Flash you are taken to this screen during the installation process, which if you are in a hurry and ignore, will cause you to inadvertently install McAfee.  Doesn’t Adobe already make enough money from us?

Here is an example of how you can be prompted to install the Ask Toolbar.  You should never, ever install the Ask Toolbar!  You need a PhD to get it off your computer once it’s taken over.

And finally, I saved the WORST for last: the Babylon Toolbar.  If you have this on your computer, have your IT person clean it off immediately!   Unfortunately if you do a search for “how to remove the Babylon toolbar” it’s possible you will go to a site that will prompt you to download software to remove it, and you will inadvertently download something even worse.  So if you don’t know what you’re doing, have someone help you who does.

Often when I’m with a client at their office I see their Internet Security application or other critical application popup and say “Update Now”.  Almost always they close the window without running the update.  I ask them why they don’t update and the response I most often get is, “I’m afraid to update things because I end up downloading something that breaks my computer.”  Foistware is directly responsible for that sentiment.  If people are afraid to update their computers because they have been trained to think they are going to accidentally break their computers, then we have a bunch of computers that are open to security vulnerabilities. 

The post Deceptive Foistware Really Grinds My Gears appeared first on .

Did you receive the email pictured below from Google regarding privacy?  These emails from Google have always struck me with a slight feeling I’ve been transported into an alternate universe.  Google, for better or worse, knows more about us than anyone else.  They know which street addresses we’ve looked up (and visited if you have an Android phone), the content of emails we’ve received, the topics we’ve searched for, the websites we’ve visited (including banking, retirement, and other sensitive websites), the IP addresses we’ve been connected to, which ex-boyfriends/girlfriends we’ve looked up, which videos we’ve watched, which photos we’ve uploaded, which news stories we’ve shared… the list goes on forever.  This is done in the name of providing us with the most personalized experience possible, to deliver us a product that is tailored to our distinct tastes, wants and needs. 

But by checking that checkbox in Google’s Terms of Service, you give Google permission to collect your every online move.  And they store that information online.  Which means if hackers ever break into the Great Google Garage storing your personal information, that information could be leaked for the world to see.   According to Edward Snowden, the NSA learned how to tap into that information.  If his story can be corroborated it means it was possible for other hackers around the world to do the same.  These revelations have caused Google and now Yahoo to encrypt internal traffic. 

It’s all very sobering when you take a moment out of your busy day to think about all this.  Can we trust that these big data giants are doing everything possible to protect our personal information?  That they are staying ahead of the technology curve and staying two steps ahead of the hacking community (and foreign governments)?  That they weren’t complicit in sharing data willy-nilly (unconstitutionally) to our government?  Are the measures they are now taking just paying lip service with a wink and a nod to the US government?  Unfortunately we don’t know. 

Will all this cause me to delete my Google account?  Not yet.  Mostly because I’m so darned dependent on the products and services Google offers.  It’s not like I can move somewhere else, because all of them capture and store my data.  My only option would be to go back to the days when I organized my life with a Day Planner and used street maps to find my way around.  Truthfully I just don’t see that as an option given the massive amounts of information I have to consume each day, the emails I have to respond to, the tight schedules I keep.  

So I’m thrust into the reality of making a decision:  do I go old-school and kill my productivity in the name of privacy, or do I roll the dice that my information will be safe and use the technology at my fingertips which so eloquently structures my life? 

“We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”
- Eric Schmidt, Executive Chairman of Google
 
 
 

The post Google Privacy appeared first on .

How Phishing and Malware Affects Us

On Tuesday the world experienced the amount of havoc a hacked account can cause.  A pro-Assad Syrian group took credit for hacking the Associated Press Twitter account and sending a Tweet that there was an explosion at the White House.  Within minutes the Dow plunged about 145 points, erasing almost $200B from the stock market.  How did it happen?  The AP’s employees broke a cardinal rule that led to the hack: They clicked on a link in an email and tried to log into an account.  It seems the hackers sent a phishing email that looked like it was from Twitter prompting the recipients to log into the account to resolve an issue.  At least one recipient clicked the link in the email, was taken to a website that was made to look like Twitter and tried to login.  Of course as soon as they did that the hackers captured the user name and password to the account.  They promptly logged in and posted the fake Tweet. 

Lesson learned:  Never, ever, ever click on a link in an email in order to go to a website and login!  If you get an email that says “click here to login”, simply open your web browser, go to that website directly, and THEN login. 

But even with that safe practice in mind, if you have spyware on your computer hackers can still get login information to your accounts.  That’s why it is crucial to have trusted virus and malware protection on your computer.  I can’t tell you how often I hear people say they don’t have any anti-virus software on their computer.  And the reason I most often hear:  “It costs money.”  Really?  Paying  between $45 – $75 a year for virus and malware protection (which usually can be installed on more than one computer) is too much to protect your identity, bank accounts, retirement accounts, credit card accounts, and all of your other personal information?  Did you also know if your computer is infected with malware it can be used to proliferate spam across the internet?  With all that in mind, that’s too much money to pay?  Sorry if I look at you like you have a 3rd arm growing out of the side of your head. 

And if you’re a business owner who allows your employees to bring their own devices to the office and connect them to your network:  think about all the potential risk you’re exposing your company to each and every day.

If any of this makes sense to you, go find trustworthy virus and malware protection for your computer posthaste.  Finally, don’t forget if you use “free” anti-virus , you will definitely get what you pay for.

The post @AP Twitter Account Hacked appeared first on from the Webtivity Blog.

Back in December I read an article on Wired.com titled, “Kill the Password: Why a String of Characters Can’t Protect Us Anymore”.  It was one of those moments that slapped me up alongside the head and made me reevaluate the digital world around me.  In some ways it validated that I have taken smart steps in protecting sensitive personal data over the years.  In other ways it made me realize I wasn’t as safe as I thought I was.

We know people don’t choose secure passwords in the first place.  Every time there is a major hack and account information is dumped onto the internet, “password” is still the most-used “password”.  The most common excuse why people don’t use secure passwords?  “I can’t remember them.”  (Yet those same people can rattle off totally useless facts and sports stats galore.  Hmmm….)

Luckily there are Password Managers so you only have to remember one nice secure password.  With that one secure password you can open your Password Manager and allow it to make your online endeavors much more secure.  Your password manager will create super-long and complex passwords (e.g., %rD2aMs!TS4h@z6f) and remember them for you.  When you log into your banking or other sensitive website, your password manager can easily be accessed through your browser, and with a click of a button your password manager can auto-fill your secure login information for you. 

Of course there are also security risks with using Password Managers, but I have to guess the risks are much less than using the same password across every website you use. (especially if it’s “password”.)  Just remember to change your super-secure password once a month to add another layer of prudence to your online practices!

If you use these tips in combination with the guidance we provided last week (Fighting Facebook’s Social Graph With Dopplegangers) you greatly improve your online security!

Note:  Password managers are different (and arguably more secure) than the “Remember Password” feature built into browsers.  More information on password keepers: http://lifehacker.com/5944969/which-password-manager-is-the-most-secure

Credit:
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

The post Password Keepers appeared first on Webtivity Internet Marketing Blog.