Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Read a little about the book here:

Employees are allies, not the adversary

--OR--

Check out the Kickstarter here (click)
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

Account Hijacking

Yesterday my wife received an e-mail from a friend that had a generic subject and only a link as the content. Fortunately, she knows enough to suspect that her friend's account was likely hacked to send bad e-mails. After a quick phone call we were able to confirm with her that was the case.

This same advice works for any online account; e-mail social network, etc

Her poor friend was now stuck with the embarrassment of handling an e-mail that contains a virus-laden link that was sent to all her friends, family, and business contacts (several hundred in her case).

And of course, the worst part is that she had no idea how to handle the problem. For anyone else who runs into this problem, here's what you need to know:

Why People Do This

Account hijackers are like...

Anything from pranks to making money to stealing corporate/government secrets… take your pick. The point is that it's easier to trick people out of information than to break into secured facilities or even an average person's home (that's why there are phishing attacks (before) and hijacking now.

The reason that account hijacking has become the new "in fashion" thing is because you're much more likely to believe and respond to a message from a friend than a random stranger. Regardless, the key is to not immediately believe what you see.

How to Know You've Been Hacked

The first and most obvious sign is that you can't access your own account anymore even though you're sure the password is correct (though make sure that your CAPS-LOCK key isn't on!).

Another is that people call you to ask about your "status update" or a strange e-mail with a link or attachment.

If it was your e-mail that's been hacked, you might even get a series of "out of office" replies from business contacts.

What to Do

If You Are Locked Out Of Your Account

The process is much harder if you've been locked out of your account since regaining control may be difficult or impossible. Regardless, here is what you would do in order:

  1. The very FIRST thing to do is contact everyone you can by phone or using an alternate e-mail. A mutual friend who has many of the same contacts can also help spread the word through a social site or their e-mail address book.
  2. Once you've warned everyone, then you have to work on getting control of your account again. For many sites, you can use the "reset my password" function to regain control, but if that doesn't work for any reason (such as the case where it's your e-mail that's been hacked and you didn't set up an alternate e-mail that they can contact you at), you'll need to contact the company directly.

    LA LA LA! Not listening!

    Contacting a company can be hard because the last thing they want is to spend their valuable time talking to the unwashed masses (that would be you). For some of the most common webpages, here's a starter list of contact methods you can use:

    For each of these links, I just did a Google search for "[name of service] account hacked" and tried a few of the links till I found one that looked good. If these links go bad or for a service that is not listed, try doing a search like I did.
  3. Change your password to something that doesn't stink and don't fall for the variety of tricks that make people give the password away when they didn't mean to (or didn't realize that it would be a problem). See my passwords guide to read about how to make and keep safe your passwords.
  4. Fix your computer's security! In some cases, the hacking of your account doesn't have anything to do with them getting into your computer, but it often does. Make sure you have the right security set up and run scans to look for problems. In the worst cases, seek geek help or professionals.

If you can still log in

If you can still log into your account, you'll do most of the same steps, just in a different order.

  1. First, CHANGE YOUR PASSWORD! For as long as they know your password, they can do anything they want. Lock them out as soon as possible.
  2. Next you'll let everyone know, but unlike above, it's just a matter of sending out another e-mail to your address book warning them of the problem (which is much easier than having to go to the phone or through other channels). Here's a sample e-mail you can use:

    Subject: WARNING! My account was hacked! DO NOT OPEN THE LAST E-MAIL FROM ME!

    E-mail: I'm sorry to say that my account got taken over and used to send a fake e-mail/message! I've already regained control of my account so you can just delete and ignore it and there shouldn't be any more problems.

    If you clicked the link, downloaded any attachments, or installed any software the bad message recommended, I recommend you check your system security and change your passwords like I did. Here's a helpful guide online that you can use:

    What To Do When Your E-mail Has Been Hacked

    And by the way, so that you know this is really me and not another bogus e-mail; I drive a [insert the kind of car you drive here]

    Clearly, that last little verification detail could be anything so long as it's something that people would know was you. By the way, I recommend using that little e-mail personalization trick for all e-mails all the time.

  3. Check your computer security. They got your password somehow. If you read my passwords guide and know you're doing that right, they may have gotten your password through some spy software on your computer. You'll need to find and remove it (or more specifically, let your security software do it for you.

Prevention

As listed above, this is a problem of passwords more than anything. Hackers don't attack the company itself (like Yahoo etc) because that's hard, likely to fail, and, most of all, they don't have to!

It's much easier to trick you into giving away your passwords or eavesdrop on your computer using spy software and then log into your account using the normal login procedures.

To avoid becoming a statistic, protect your computer with the right security software and learn how to make good passwords and keep them safe. Do these and the chances of your account getting hacked are comparatively very small.

seminar destroy Tutorial
prev: Tricks and Scams|INDEX|next: Trusting Companies
Online Addiction: From gambling to surfing and online gaming, people can destroy themselves and others with online addiction.
Posting Online: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Protecting Photos: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Getting Tricked: You WERE doing fine... until someone convinced you to install a virus or give away your passwords. Don't fall for it!
Account Hijacking: One of the most common security risks today is people getting their accounts taken over and then used to trick their friends and family.
Trusting Webservices: An online service promises they'll 'Never abuse or misuse your data' and you believe them? Think again.

Share This

Have a Comment or Question?

1 Comment to “Account Hijacking”

» Comments RSS Feed

Well written article and a great public service. Thank-you! 🙂

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

computer security Tutorial
|INDEX|next: Spyware Scanners

Security Software

Make sure you have a up-to-date Anti-Virus Program to protect you against bad websites or files.
Sometimes spyware gets in your computer and the anti-virus won't stop it. Use a spyware scanner to find and remove spyware and adware.
Use a software firewall to detect bad code on your computer when it tries to connect to the Internet.
Always keep your system up to date with security patches or none of the rest of your security software will matter.
Use an encryption tool to protect your important data when storing or transmitting it.
Switch to Firefox for your web browsing and you'll be better protected from Internet threats.

Safe Computing Practices

Don't get tricked by fake alerts or clever webpages into downloading viruses or spyware!

... or check out any of my other guides and tutorials by clicking here!

Personalize E-mail

Follow this simple rule of e-mail etiquette to help prevent your friends and family from falling for phishing scams.

[Click for full description]

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Photo Safety

You can reveal far more than you intended when you post a photo online. Don't make a critical mistake and check your photos before they're online.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Trusting Companies

Store, online or off, are not known for being fair and helpful unless it benefits them to be so. Good deals exist, but many are bad deals in disguise. It's not in your best interests to be too trusting with any of them.

[Click for full description]

Anti-Virus

A virus can come from files, e-mails, web pages, or even devices you plug in (like thumbdrives or printers) and destroy your files or your computer once they get in. An anti-virus is software designed to detect and prevent that from happening.

[Click for full description]

Spyware Scanners

Learn how to detect and remove spyware and adware using a free scanning tool.

[Click for full description]

Software Firewall

Learn what a firewall is and why you want one on your computer.

[Click for full description]

Operating System Updates

Make sure to keep your operating system up-to-date with security patches or else none of the rest of your security software will be able to protect you.

[Click for full description]

File Encryption

Learn how to protect your important files on your computer or when transmitting them with free tools for file encryption.

[Click for full description]

Mozilla Firefox - Internet Browser

There are many browser choices out there. Read why I think Firefox is one of the best.

[Click for full description]

Fake Alerts

Maybe you've done everything right and you're computer is sufficiently fortress-like, but then you or someone in your family falls for a simple scam that tricks them into directly installing the bad guy's virus! Learn how to spot and ignore fakes!

[Click for full description]