Welcome!
If you have an account, please:
Log in
Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Check out the Kickstarter here (click)

--OR--

I want info first...

Fair enough. Click the thumbnail below:

Employees are allies, not the adversary
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

Account Hijacking

Yesterday my wife received an e-mail from a friend that had a generic subject and only a link as the content. Fortunately, she knows enough to suspect that her friend's account was likely hacked to send bad e-mails. After a quick phone call we were able to confirm with her that was the case.

This same advice works for any online account; e-mail social network, etc

Her poor friend was now stuck with the embarrassment of handling an e-mail that contains a virus-laden link that was sent to all her friends, family, and business contacts (several hundred in her case).

And of course, the worst part is that she had no idea how to handle the problem. For anyone else who runs into this problem, here's what you need to know:

Why People Do This

Account hijackers are like...

Anything from pranks to making money to stealing corporate/government secrets… take your pick. The point is that it's easier to trick people out of information than to break into secured facilities or even an average person's home (that's why there are phishing attacks (before) and hijacking now.

The reason that account hijacking has become the new "in fashion" thing is because you're much more likely to believe and respond to a message from a friend than a random stranger. Regardless, the key is to not immediately believe what you see.

How to Know You've Been Hacked

The first and most obvious sign is that you can't access your own account anymore even though you're sure the password is correct (though make sure that your CAPS-LOCK key isn't on!).

Another is that people call you to ask about your "status update" or a strange e-mail with a link or attachment.

If it was your e-mail that's been hacked, you might even get a series of "out of office" replies from business contacts.

What to Do

If You Are Locked Out Of Your Account

The process is much harder if you've been locked out of your account since regaining control may be difficult or impossible. Regardless, here is what you would do in order:

  1. The very FIRST thing to do is contact everyone you can by phone or using an alternate e-mail. A mutual friend who has many of the same contacts can also help spread the word through a social site or their e-mail address book.
  2. Once you've warned everyone, then you have to work on getting control of your account again. For many sites, you can use the "reset my password" function to regain control, but if that doesn't work for any reason (such as the case where it's your e-mail that's been hacked and you didn't set up an alternate e-mail that they can contact you at), you'll need to contact the company directly.

    LA LA LA! Not listening!

    Contacting a company can be hard because the last thing they want is to spend their valuable time talking to the unwashed masses (that would be you). For some of the most common webpages, here's a starter list of contact methods you can use:

    For each of these links, I just did a Google search for "[name of service] account hacked" and tried a few of the links till I found one that looked good. If these links go bad or for a service that is not listed, try doing a search like I did.
  3. Change your password to something that doesn't stink and don't fall for the variety of tricks that make people give the password away when they didn't mean to (or didn't realize that it would be a problem). See my passwords guide to read about how to make and keep safe your passwords.
  4. Fix your computer's security! In some cases, the hacking of your account doesn't have anything to do with them getting into your computer, but it often does. Make sure you have the right security set up and run scans to look for problems. In the worst cases, seek geek help or professionals.

If you can still log in

If you can still log into your account, you'll do most of the same steps, just in a different order.

  1. First, CHANGE YOUR PASSWORD! For as long as they know your password, they can do anything they want. Lock them out as soon as possible.
  2. Next you'll let everyone know, but unlike above, it's just a matter of sending out another e-mail to your address book warning them of the problem (which is much easier than having to go to the phone or through other channels). Here's a sample e-mail you can use:

    Subject: WARNING! My account was hacked! DO NOT OPEN THE LAST E-MAIL FROM ME!

    E-mail: I'm sorry to say that my account got taken over and used to send a fake e-mail/message! I've already regained control of my account so you can just delete and ignore it and there shouldn't be any more problems.

    If you clicked the link, downloaded any attachments, or installed any software the bad message recommended, I recommend you check your system security and change your passwords like I did. Here's a helpful guide online that you can use:

    What To Do When Your E-mail Has Been Hacked

    And by the way, so that you know this is really me and not another bogus e-mail; I drive a [insert the kind of car you drive here]

    Clearly, that last little verification detail could be anything so long as it's something that people would know was you. By the way, I recommend using that little e-mail personalization trick for all e-mails all the time.

  3. Check your computer security. They got your password somehow. If you read my passwords guide and know you're doing that right, they may have gotten your password through some spy software on your computer. You'll need to find and remove it (or more specifically, let your security software do it for you.

Prevention

As listed above, this is a problem of passwords more than anything. Hackers don't attack the company itself (like Yahoo etc) because that's hard, likely to fail, and, most of all, they don't have to!

It's much easier to trick you into giving away your passwords or eavesdrop on your computer using spy software and then log into your account using the normal login procedures.

To avoid becoming a statistic, protect your computer with the right security software and learn how to make good passwords and keep them safe. Do these and the chances of your account getting hacked are comparatively very small.

seminar destroy Tutorial
prev: Tricks and Scams|INDEX|next: Trusting Companies
Online Addiction: From gambling to surfing and online gaming, people can destroy themselves and others with online addiction.
Posting Online: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Protecting Photos: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Getting Tricked: You WERE doing fine... until someone convinced you to install a virus or give away your passwords. Don't fall for it!
Account Hijacking: One of the most common security risks today is people getting their accounts taken over and then used to trick their friends and family.
Trusting Webservices: An online service promises they'll 'Never abuse or misuse your data' and you believe them? Think again.

Share This

Have a Comment or Question?

1 Comment to “Account Hijacking”

» Comments RSS Feed

Well written article and a great public service. Thank-you! 🙂

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

goodbye identity theft Tutorial
|INDEX|next: Credit Freeze

Too Late!

If you've already become a victim, here is a list of things you should do.

Solving ID Theft

Lock your credit reports with a Credit Freeze to prevent credit-based ID theft (90% of ID theft risk).
Learn to protect your information to prevent not only ID theft, but many other kinds of problems (the rest of ID theft risk).

Save Time and Money

cancel credit-monitoring services.
Cancel id-theft-insurance

Who is Responsible?

Sometimes you just have to wonder why it's so easy to steal identities in the first place.

... or check out any of my other guides and tutorials by clicking here!

Personalize E-mail

Follow this simple rule of e-mail etiquette to help prevent your friends and family from falling for phishing scams.

[Click for full description]

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Photo Safety

You can reveal far more than you intended when you post a photo online. Don't make a critical mistake and check your photos before they're online.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Trusting Companies

Store, online or off, are not known for being fair and helpful unless it benefits them to be so. Good deals exist, but many are bad deals in disguise. It's not in your best interests to be too trusting with any of them.

[Click for full description]

The Identity Theft Victim's Mini-Guide to Recovery

If you've already experienced ID theft, here are some tips of what to do next.

[Click for full description]

Credit Freeze

Setting a credit report freeze is the fastest and most effective way to actually block and reduce your risk of ID Theft. And it's free.

[Click for full description]

Out and About Defense

The best defense against non-credit ID Theft and a variety of other risks is to adopt a mindset of protection: Data Defense. Learn how to protect your information with simple and sometimes free countermeasures all based on a simple philosophy that the less people who have your information, the safer you are.

[Click for full description]