Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Read a little about the book here:

Employees are allies, not the adversary

--OR--

Check out the Kickstarter here (click)
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

Account Hijacking

Yesterday my wife received an e-mail from a friend that had a generic subject and only a link as the content. Fortunately, she knows enough to suspect that her friend's account was likely hacked to send bad e-mails. After a quick phone call we were able to confirm with her that was the case.

This same advice works for any online account; e-mail social network, etc

Her poor friend was now stuck with the embarrassment of handling an e-mail that contains a virus-laden link that was sent to all her friends, family, and business contacts (several hundred in her case).

And of course, the worst part is that she had no idea how to handle the problem. For anyone else who runs into this problem, here's what you need to know:

Why People Do This

Account hijackers are like...

Anything from pranks to making money to stealing corporate/government secrets… take your pick. The point is that it's easier to trick people out of information than to break into secured facilities or even an average person's home (that's why there are phishing attacks (before) and hijacking now.

The reason that account hijacking has become the new "in fashion" thing is because you're much more likely to believe and respond to a message from a friend than a random stranger. Regardless, the key is to not immediately believe what you see.

How to Know You've Been Hacked

The first and most obvious sign is that you can't access your own account anymore even though you're sure the password is correct (though make sure that your CAPS-LOCK key isn't on!).

Another is that people call you to ask about your "status update" or a strange e-mail with a link or attachment.

If it was your e-mail that's been hacked, you might even get a series of "out of office" replies from business contacts.

What to Do

If You Are Locked Out Of Your Account

The process is much harder if you've been locked out of your account since regaining control may be difficult or impossible. Regardless, here is what you would do in order:

  1. The very FIRST thing to do is contact everyone you can by phone or using an alternate e-mail. A mutual friend who has many of the same contacts can also help spread the word through a social site or their e-mail address book.
  2. Once you've warned everyone, then you have to work on getting control of your account again. For many sites, you can use the "reset my password" function to regain control, but if that doesn't work for any reason (such as the case where it's your e-mail that's been hacked and you didn't set up an alternate e-mail that they can contact you at), you'll need to contact the company directly.

    LA LA LA! Not listening!

    Contacting a company can be hard because the last thing they want is to spend their valuable time talking to the unwashed masses (that would be you). For some of the most common webpages, here's a starter list of contact methods you can use:

    For each of these links, I just did a Google search for "[name of service] account hacked" and tried a few of the links till I found one that looked good. If these links go bad or for a service that is not listed, try doing a search like I did.
  3. Change your password to something that doesn't stink and don't fall for the variety of tricks that make people give the password away when they didn't mean to (or didn't realize that it would be a problem). See my passwords guide to read about how to make and keep safe your passwords.
  4. Fix your computer's security! In some cases, the hacking of your account doesn't have anything to do with them getting into your computer, but it often does. Make sure you have the right security set up and run scans to look for problems. In the worst cases, seek geek help or professionals.

If you can still log in

If you can still log into your account, you'll do most of the same steps, just in a different order.

  1. First, CHANGE YOUR PASSWORD! For as long as they know your password, they can do anything they want. Lock them out as soon as possible.
  2. Next you'll let everyone know, but unlike above, it's just a matter of sending out another e-mail to your address book warning them of the problem (which is much easier than having to go to the phone or through other channels). Here's a sample e-mail you can use:

    Subject: WARNING! My account was hacked! DO NOT OPEN THE LAST E-MAIL FROM ME!

    E-mail: I'm sorry to say that my account got taken over and used to send a fake e-mail/message! I've already regained control of my account so you can just delete and ignore it and there shouldn't be any more problems.

    If you clicked the link, downloaded any attachments, or installed any software the bad message recommended, I recommend you check your system security and change your passwords like I did. Here's a helpful guide online that you can use:

    What To Do When Your E-mail Has Been Hacked

    And by the way, so that you know this is really me and not another bogus e-mail; I drive a [insert the kind of car you drive here]

    Clearly, that last little verification detail could be anything so long as it's something that people would know was you. By the way, I recommend using that little e-mail personalization trick for all e-mails all the time.

  3. Check your computer security. They got your password somehow. If you read my passwords guide and know you're doing that right, they may have gotten your password through some spy software on your computer. You'll need to find and remove it (or more specifically, let your security software do it for you.

Prevention

As listed above, this is a problem of passwords more than anything. Hackers don't attack the company itself (like Yahoo etc) because that's hard, likely to fail, and, most of all, they don't have to!

It's much easier to trick you into giving away your passwords or eavesdrop on your computer using spy software and then log into your account using the normal login procedures.

To avoid becoming a statistic, protect your computer with the right security software and learn how to make good passwords and keep them safe. Do these and the chances of your account getting hacked are comparatively very small.

seminar destroy Tutorial
prev: Tricks and Scams|INDEX|next: Trusting Companies
Online Addiction: From gambling to surfing and online gaming, people can destroy themselves and others with online addiction.
Posting Online: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Protecting Photos: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Getting Tricked: You WERE doing fine... until someone convinced you to install a virus or give away your passwords. Don't fall for it!
Account Hijacking: One of the most common security risks today is people getting their accounts taken over and then used to trick their friends and family.
Trusting Webservices: An online service promises they'll 'Never abuse or misuse your data' and you believe them? Think again.

Share This

Have a Comment or Question?

1 Comment to “Account Hijacking”

» Comments RSS Feed

Well written article and a great public service. Thank-you! 🙂

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

email Tutorial
|INDEX|next: E-mail Viruses

E-mail Dangers

Until we find out who the people are who actually buy things from spammers and kick them off the Internet, you're going to have to learn how to deal with and prevent spam.
E-mail Viruses - Learn how viruses are spread through e-mail and how to stop them
Phishing - Spot and avoid lures that pull you into the dark side of the web
Don't be one of those people that loses thousands of dollars to the classic Nigerian Scam.

E-mail Etiquette

Use CC only when necessary and BCC the rest of the time.
Use Reply-All when you mean to and never when you don't.
Practice proper E-mail Forwarding to protect privacy and make e-mails more readable.
Always personalize your e-mails to make it obvious to your recipient that it's valid.

E-mail Tips and Tricks

Using E-Mail Aliases Properly - Be careful about using sensitive data (like your real name) in an e-mail account.
Remember to treat your e-mail account with the security it deserves.
Use a decoy e-mail account to keep your main e-mail account free of spam.
Avoid using any Internet provider's default e-mail.

... or check out any of my other guides and tutorials by clicking here!

Personalize E-mail

Follow this simple rule of e-mail etiquette to help prevent your friends and family from falling for phishing scams.

[Click for full description]

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Photo Safety

You can reveal far more than you intended when you post a photo online. Don't make a critical mistake and check your photos before they're online.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Trusting Companies

Store, online or off, are not known for being fair and helpful unless it benefits them to be so. Good deals exist, but many are bad deals in disguise. It's not in your best interests to be too trusting with any of them.

[Click for full description]

Preventing Spam

Spam is annoying and worthless, but you still see it every single day. Here are some tips for preventing and reducing spam.

[Click for full description]

E-mail Viruses

Make sure that viruses don't sneak onto your computer through your e-mails. Read some simple tips to prevent that from happening.

[Click for full description]

Phishing

By far the most dangerous thing you'll find in e-mails is a lie. Sending a bogus e-mail to someone is generally called phishing, but can also be referred to as a Nigerian scam (depending on the goal of the e-mail). Learn to recognize and deal with phishing before it's too late.

[Click for full description]

Nigerian Scam

Many people have lost thousands and even hundreds of thousands of dollars to the classic Nigerian Scam. Don't fall for it!

[Click for full description]

How to Use "CC" Properly

Don't violate people's privacy and invite spam into their accounts by CC'ing all your contacts. Learn the proper way to send mass e-mails first.

[Click for full description]

Reply-All

It's easy to embarass yourself or harm your career when you don't know how to use Reply-All appropriately.

[Click for full description]

How to Forward E-mails Properly

Don't forward e-mails carelessly or you risk looking foolish as best and violating the privacy of all your contacts at worst.

[Click for full description]

Personalize E-mail

Follow this simple rule of e-mail etiquette to help prevent your friends and family from falling for phishing scams.

[Click for full description]

Using E-Mail Aliases Properly

It can be hard to find a good name to use in an e-mail account that hasn't been used and doesn't give away too much information about you.

[Click for full description]

Protecting E-mail Passwords

Your e-mail account is the most important online account you have. Remember to treat it as such!.

[Click for full description]

Using a Decoy E-Mail Account

Why it's very important to use a buffer e-mail account to shield your main account from people and companies that you don't trust.

[Click for full description]

The ISP E-mail Trap

Don't fall for the trap of using the free e-mail account provided to you by your Internet service!

[Click for full description]