Keeping your email account secure

Posted on July 2, 2012. Filed under: Steve Peplinski |

“Urgent Funds Transfer Request!”  This recently arrived from a customer by email along with instructions to wire funds out of their account.  The email was from the customer’s personal account, but since the transfer was out of character for the customer, we called and thus found out that their account had been hacked.  The email was actually an attempt to commit fraud.  We were able to protect the customer, but it raised a lot of questions about the safety of email. It also got me thinking about how vulnerable we all are to identity theft, and what we can do to protect ourselves.  Here are some questions that frequently come up.

Is it dangerous to open email?

Not if you keep your computer up to date, and you don’t give permission to run an add-on or script.  Be wary when you’re asked for your permission.  Getting malware by simply opening an email or going to a website is often referred to as a “Drive By Infection”.  When this type of vulnerability is discovered, software publishers release an update or “patch”.  You can protect yourself by keeping all of your software updated.  This includes your operating system (Windows, Mac, or Linux) as well as third party software (Adobe reader, Microsoft Office, Java, Flash) and anti-virus software.

I just clicked on a link I shouldn’t have!  Am I infected?

It’s unlikely.  Most attacks require that after you click the first link, you take additional steps to get infected.   If you have current Anti Virus software running, and you keep your operating system and third party applications (Adobe Reader, Java, Flash) up to date, you will have some protection.  But make sure you ALWAYS pay attention to warnings that pop up when you click on a link.  On the other hand, if you are careless about keeping your computer up to date, your risk increases dramatically. 

How do hackers crack email passwords?

There are a variety of ways. 

  • If you choose an easy to guess password, they may simply guess it by trial and error.  That’s why it’s important to use a password at least 8 characters long, and to use letters (both upper and lower case), numbers, and special characters. 
  • Another way is to steal it from an insecure web site.  For example, lots of web sites request that you register and create a free account just to access their content.  If you use the same password all the time, it could be stolen from one site and then used to compromise your security.  Recently LinkedIn had a data breach and millions of customer credentials were stolen.  If you had used the same password for your LinkedIn account as for your email, that breach would put your email at risk in addition to LinkedIn and any other sites where you used the same password.  Not all web sites that request that you register have top notch security either.
  • If you use public Wi-Fi access points, someone may be eavesdropping.   Passwords are not always encrypted when you enter them, so a hacker could be monitoring a poorly secured Wi-Fi access point and harvesting passwords.
  • They could just ask you for it, and if your guard is down, you may give it to them.  Be careful about providing confidential credentials as you surf the web or if anyone asks you.  It is almost always possible to troubleshoot and provide support without having to know a user’s password.

If they steal my password, what will they do with it?

Within the past year, I have received several suspicious emails from friends.  You know the kind.  Pitching Viagra, or urging me to click on a link to see some “unbelievably interesting” content. That’s a dead giveaway that their account has been hacked. The bad guys then use that account to send spam.  More insidious is the danger you’re exposed to by keeping too much confidential information in your email account.  Would you want a stranger with bad intentions rooting around in your email message store?  Attachments with information about your finances (including account numbers or transaction details) give them fodder to attempt some kind of fraud.

What are some safe practices that I can use to protect myself?

1)      Use a unique, secure password for each on line account.  To keep track of them all, use a password manager that stores them in an encrypted database on your computer. 

2)      Be aware that when you send email, if it is not encrypted (and it’s not by default encrypted) there is always the possibility that some one will eavesdrop.

3)      Don’t use your email account as a database to store confidential information such as bank statements or account credentials.  Instead save that type of information to files on your local hard drive

4)      Make it a practice to keep all of your software up to date.  In addition to Windows, Adobe reader, Adobe Flash, Sun Java and your anti-virus software all need to be kept up to date.

You can protect yourself with a few simple precautions.  Risk is ever present in our lives, and managing it needn’t be terribly scary.

Advertisements

Make a Comment

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: