Friday, September 16, 2011

Protect Yourself from Hackers

As many of you probably know by now, my Facebook and Hotmail accounts were recently hacked. Although I am careful to not keep very personal or financial information in these accounts, it was nonetheless disturbing. The hacker started conversattions with a number of my friends, asking for money - luckily, they all realized what was happening, because I was not in England, and I would NEVER have a conversation that did not include capitalization and proper punctuation :)

It took me quite some time to gain back control of my accounts and to clean up the mess he had made. As such, I have become more aware of what I should be doing to help protect myself. Here are some tips for you from the CNBC report "6 Ways to Protect Yourself from Online Hackers" (along with some of the new tricks I have employed):

  1. "Don't use the same passwords. Consider creating an excel spreadsheet with your various accounts, usernames and passwords. Just be certain to password protect that file and ensure that your own computer's security is rock solid. "

    I am definitely guilty of this one. I have passwords for literally dozens and dozens of websites. As such, I tend to use the same one - or a variation on one - to make them easy to remember. So, after my hacking incident the trick I have employed is to create complex passwords for the sites that I want to keep most secure - those that would contain the most personal information or cause the most harm if hacked (such as my webmail accounts, Facebook, and my online banking). For all the other sites (such as gaming sites, survey sites, etc) where there is no personal or financial information stored, I use one password that can be remembered easily. This way I only need to remember a few different passwords, but am still protecting myself.

  2. "Don't use the same security questions. Just as people use the same passwords, they also tend to pick the same security questions—and thieves can use those to brute force their way into other accounts in your name, even when there's a flag on the account to watch for possible fraudulent activity."

    Whenever possible I try and make up my own security questions. This is not as difficult as making up new passwords for every account because as long as you can access the question, you should know the answer. Try and make it something only you would know.

  3. "Beware your history. Online shopping is one of the fastest-growing segments of retail, but people often don't think about what happens after they complete a purchase. One of the biggest problems facing online shoppers is everyplace you’ve done business, you've left your personal information behind. Luckily there are now some tools to help you combat this problem. Services like ShopShield allow shoppers to keep their address, credit card information and more at a single location, instead of multiple e-tailers. And FirstData is experimenting with card readers that are designed to attach to consumer’s computers, letting them swipe credit cards at home and not have to leave that data on file with an online retailer. "

    I don't do a whole lot of online shopping, but realized after my email was hacked how vulnerable I was. A number of online retailers will store your credit card information on file so that you don't have to enter it every time you want to purchase. Because I store website logins in my email (another change I have made) I realized that the hacker could easily have used these to do some major purchasing on my credit card. As a result I immediately replaced my credit and bank cards.

  4. "Share less. As social media grows, people have become a lot more open with personal information. You've probably heard not to announce on Facebook when you'll be out of town (it's an open invitation for thieves). But too many people don't realize they could be handing out their passwords without meaning to.

    Here's how it happens: People often choose a favorite pet or their child's name as a password, to help them remember it (and thinking that a stranger wouldn't know that sort of thing). But on their Facebook page, they've got all that information available and may not block access to it adequately via the site's security settings."

    I have always tried to use passwords that I thought very difficult to guess - certainly not something that would be even remotely available on my Facebook page. But somehow the hacker got in anyways. I see a lot of my Facebook friends sharing information that I wouldn't dream of - putting up their work schedules, or announcing they are leaving on vacation. Some Facebook users even like to announce that they'll be away from Facebook for a while. I've advised against this for 2 reasons: 1) It indicates that you are likely to be away from your house too. 2) It lets hackers know that they can probably take over your Facebook account for a while without you even noticing.

  5. "Read the fine print. Living our lives online has made us a much more fast-paced society. So fast, in fact, that most people don't bother to read the policies they agree to at many sites. Most assume the language is basically the same everywhere and is meant to protect them, but often they're signing away their rights.

    Major corporations, for instance, might include a clause noting that by accepting the terms of their agreement with one subsidiary, you give them the right to share that with all of its holdings, meaning all of a sudden, your data is at dozens, hundreds or even thousands of sites without your knowledge.

    Read privacy policies closely and see with whom the companies you do business with share their data. "

I would suggest also ensuring you have anti-virus software on your computer and up-date it regularly. After my hacking incident I had my computer scanned for any malicious software that might have enable the hacker to read my keystrokes (nothing, by the way).

Also, be aware of using public computers. When I am away at conferences or on vacation I am constantly looking for computers to check my email and Facebook. I may rethink that now.

I have also looked into the security measures I can take on all my accounts. For example, with Facebook you can choose to have it notify you when someone logs into your account from an unrecognized computer. For bank accounts, you can choose to be notified when your bank or credit cards are used for over a certain amount of money.

One last tidbit of information for you. After I finally regained access to my accounts (no easy feat), I had to really do some cleanup. If you're not careful you could continue providing the hacker with personal information without even knowing it. Here are some of the changes I had to make:


  • The hacker had set all of my emails to forward to his account. Hotmail notifies you with a bar across the top of the screen if this is happening. Thank goodness I noticed it so I could stop the forwards.

  • The hacker's email address was added to my hotmail account as an alternate - giving him easy access to change my password at anytime. Obviously I had to remove it after changing my password.

  • I also ensured that I checked all of my sent mail and notified those friends that had been contacted by the hacker to let them know what had happened. I also sent a warning to my entire address book - the hacker now had their email addresses.


  • I had to add back Friends who the hacker had blocked and removed from my account. These were the friends who recognized what was happening and tried to warn myself and my other Facebook friends.

  • I had to change my settings back so that my posts would again be visible to other people. This one took me a while to figure out. He had changed my defaults so that my friends could not see any posts that I made warning of the scam.

  • I contacted any of the friends he had contacted via Facebook to let them know, again, that I was okay, and that I did not require money to be sent.

I don't think it's possible to not have an online presence these days. After this incident I was tempted to quit Facebook altogether - but realized that doesn't keep me completely safe; my email account contained more personal information than my Facebook did. Instead, I am even more diligent in ensuring that I don't post personal information that is not otherwise easily accessible anyways, and that I follow the advice above. Lesson learned.

(Source: "Six Ways to Protect Yourself from Online Hackers",, Accessed September 16, 2011. Available at:

1 comment: