Tips to protect your online profile
Social networking and email account takeovers are a fast-growing form of fraud—and they’re netting criminals big bucks. Why? When they hijack a Facebook, Twitter or LinkedIn account, hackers hit more than one victim: the account holder plus all his contacts.
How it happens
Crooks get account passwords through phishing, viruses or malware. Once inside a social network account, they hit up the owner’s contacts for cash. They go into his email, troll the inbox for sensitive information—such as a financial statement—and access funds.
Email addresses—the account holder’s and all his contacts’—serve as a gateway to other accounts because they’re used for authentication and communication with banks, online retailers and social networking sites.
Victims often are locked out of their accounts. The perpetrator has changed their password, security questions and other personal information. They may not be able to prove the account is theirs.
Meanwhile, the victim’s contacts get hit up for money. Crooks assume the victim’s identity and send mass emails asking for cash. They tell stories of being stranded in London, Paris or Peru. We’re sure you all know someone who this has happened to. No one’s data is completely safe on the Internet.
What to do
Hijacked account owners and contacts alike should sweep their computers for viruses and malware, scrutinize all accounts for changes to security questions and other options that could let hackers back in later and regularly check all online financial accounts.
Hijacked account owners who get locked out should:
- Contact the provider to explain what happened.
- Request a new username and password.
- Change all security questions.
- Consider opening a new account and inform all contacts.
Hijacked account owners who can still access their account should:
- Immediately change the password and username.
- Alert contacts.
- Check providers’ websites for recovery instructions. The following are links from the different social media channels, aimed to help you regain control of your account in this type of situation:
Hacked on Twitter, click here
Hacked on Facebook, click here
Hacked on LinkedIn, click here
Hacked on YouTube, click here
Hacked on Google Plus, click here
Contacts and friends of hijacked account owners should:
- Never respond to unconfirmed emails from contacts requesting money.
- Print the suspicious email, and then delete it.
- Inform the contact from whose account the email was sent.
Seven ways to protect your online security to avoid account hijackings:
To improve online safety, users need to step up their vigilance. Here are seven things we can do — today — to better protect ourselves and keep hackers’ paws off our personal life.
1. Create strong passwords. It’s still your best defense, though good passwords are most effective in the context of a larger strategy. They should be at least 10 digits long, use a mix of upper- and lower-case letters, numbers and symbols — and you should never use the same password for more than one website.
You can also use an automated password manager, which generates baffling strings of characters, all controlled by one strong password that you create. Because you will need to remember this password — as well any other complicated passwords, you should devise a system that’s intuitive for you (but not obvious).
Don’t use your name or initials, even if you substitute 3 for E or 1 for i. Write down the passwords and keep them in a safe place, like a locked drawer or, if you need them while away from home, your wallet. Should you lose your wallet, immediately change your passwords, something you should do every few months anyway.
2. Rethink answers to security questions. Between Facebook, LinkedIn, whitepages.com, classmates.com and ancestory.com, a lot of your personal data is out there. Hackers use these sites to get past your security questions. Stay one step ahead by outsmarting them. Your hometown? Pick a place that’s meaningful to you, like where you got engaged. Or use something unrelated, like the name of your favorite old TV show.
3. Opt for double-verification when available. Google has pioneered this. To access Gmail and other Google accounts on any device for the first time, users need their own password plus a onetime password that Google sends to the cell phone number on record. Yes, this system could be cracked, especially if you’ve lost your phone, but it’s a step in the right direction.
4. Set up a dedicated password-recovery email. Some sites request a second email address where they can send a new password should you lose yours. Create an address just for this purpose. Do not use your name or initials — hackers know that people tend to use some variation of their name for email addresses.
5. Protect your Wi-Fi with a password. An unsecured network is like an unlocked house. But a secure Wi-Fi network is like a firewall around your personal data. Should a hacker get into it, he can use your Wi-Fi to control your computer and send spam, break into your bank account or even steal important password information from sites you visit. So follow the rules in No. 1 and create a strong password known to just you and your chosen users.
When using any public Wi-Fi — from Starbucks to your hotel — always log out of accounts when you’re done. Another level of security is something called a VPN (virtual private network), which will make your information even more secure from criminals.
6. Don’t click on unfamiliar links. We all get them — from unsuspecting friends whose accounts have been compromised. Most of us know to never click on them, but spammers are getting more clever. A good rule of thumb: If a “friend” sends a link with no personal note, you can be sure it’s bogus. Clicking on it will turn your email into a spamming machine by getting into your address book and sending the link to people you know. At their worst, these links can crash your hard drive. What to do? Just delete, and never be tempted to click. And when you do get one, contact the sender, who’ll need to change his password.
7. Always back up your data. To avoid losing your photos, documents, music and programs (to a hacker or a crash), get an external hard drive, ideally one that automatically backs up your data every day or at least weekly. You can also store your files in the “cloud,” through options like Dropbox, Apple’s iCloud or Rackspace.
Cloud computing or cloud storage is great — but what if you don’t have access to the Web, or experience a service interruption? This is where “redundancy,” or multiple backup systems, come into play. If you have a lot of important or irreplaceable data, you might even consider keeping an external drive in a safe deposit box (away from fire or theft) and back it up every month or so.
If you’re thinking, “I don’t need to do this because no one would want my data,” think again. Your personal identity is priceless, and you don’t want someone stealing it. As the criminals say, “It’s not personal; it’s business.”
Sources: Identity Theft 911; Next Avenue