True Story – Hacker Using Users Email Account to Steal

A person I know recently received a phone call from his bank asking him if he had sent a particular email. The email asked for some banking information but asked the reply be sent to a different email account. The bank was calling to see if the information was correct.

It turns out his email account had been hacked because of a poor password. Once the email account had been hacked, the thieves set up a rule in account to send a copy of all emails to the email account they created. (He was using an account that uses an online version of Outlook to manage the email.( The thieves (or would be thieves) were actually sending emails from his account to make the emails look legitimate.

So the lesson here is if you have any account online, please you good passwords. Also if you have accounts that use a mail manager that allows you to create rules or auto-forward email that you check it periodically. You might find your email going to someone else.

 

KeePass – Free & Easy Password Protection

KeePass Logo
KeePass Logo

If you have an online account, most likely you have to have a password to access that account. The trick is how do you create a password that is easy to remember, but not easy for someone else to guess?

Some of us have used important dates in our lives, maiden names, names of our kids, phone numbers, street addresses, or things like password123, letmein, or 1234. Unfortunately, in this age, it is easy for criminals find all this information, and they know to try to words like ‘password’ or ‘letmein.’ Thanks to social media, and public access to many records, it doesn’t take long to search out maiden names, birthdates, anniversaries, etc.

So we are then forced to come up with complicated passwords such as r9G3jc9vVnw23da3. Unfortunately, this random password is a challenge to remember. So we write it down and hide it under our keyboards or in a nearby desk drawer.

Unfortunately, criminals know about our inability to remember passwords and our need to write them down and have them handy. So they will take the time to look under keyboards and in desk drawers to find them.

While this is an aside from the purpose of this article, I want to share a true story with you. I had a coworker who kept her password list on her desk. She told me that because she had about 16 potential passwords written on list, someone wanting to get on her computer would have a hard time guessing her password. I looked and her list and then entered on of the passwords on her list. It immediately opened her computer and I had complete access to her files.

So what is a person to do? My recommendation is get yourself a password vault like KeePass. While you can buy a password vault from a commercial company, KeePass is a popularly recommended password vault that is absolutely free.

What a password vault does is it securely stores your passwords in an encrypted format. These means, unless you are the NSA or have access to sophisticated computer hardware, the passwords cannot be unencrypted unless you have the password for the vault.

To use the KeePass vault, you first create a data file that can be stored on your computer, a flash drive, or even on a cloud drive such a Dropbox. Then you assign a key password for that file. Without this password, you will not be able to access the vault file. So if you forget it, all your passwords will be lost to you. There is no reset option for the vault password.

There is another risk with using a password vault. If your vault password falls into the wrong hands, the will have access to all the passwords you have stored in the vault. So make sure if you write down your password, you keep it in a safe place far from your computer. You will also have to make the password that is hard to guess.

Once you pick a good password, can enter the information about the web account and have the have the program generate a random password for you. Then cut and password into the password entry field of the account when you create the web account or into the password field after you go through the steps to change your password for that account.

If you have a hard time remember complicated passwords, try KeePass. For more information visit  http://keepass.info/help/base/index.html and http://keepass.info/screenshots.html

Qualys Browser Check

Screenshot of Qualys Scan
Screenshot of Qualys Scan

Those who design malware, viruses, etc. know one of the best ways to infect a computer is through the web browser. After all, there are literally thousands if not millions of people surfing the web each day.

So what can you do to defend yourself? A: Stay away from questionable sites and B: Patch you browser and all your add-ons.

If you set you computer is set to “Automatically Update Windows” you get all the latest patches for Windows. But unfortunately, it doesn’t do anything for your add-ons and you non-Microsoft browsers such as Chrome or Firefox. Fortunately, there is an easy way to see if you have everything up-to-date.

Looks like I need to update
Looks like I need to update

I have been using Qualys Browser Checker and it has been great letting me know if there is a newer version of a browser out there as well letting me know there are updates to Apple Quicktime, Java Runtime, Adobe Reader, Adobe Flash….and more.

In most cases, if you need a update, all you need to do is click on the blue “FIX IT” button and it will either take you to the site to download the update or it will run the update for you. There are times you are taken to a site, such as Chrome, and it will tell you that Chrome is set to update automatically and you just need to wait for the update to be pushed out to your computer.

While patching does not guarantee your computer will not be infected by a website, but it can prevent some infections and can limit the damage done by a virus.

 

What is Layered Security

Drawing of Castle
Wikipedia Public Domain

Earlier, I mentioned “layered security,” and felt it would be good to expand what I mean when I use that term.  Layered security, to me, means that you do not depend on one method of protecting your computer, laptop, or phone.

Often I have heard people say, “I have an antivirus program, so I am protected.” Well, yes you have protection, but an antivirus program is not a 100% guarantee that your computer will not get a virus. Why? Because it is a cat and mouse game when it comes to virus protection. Antivirus companies work hard to make better ways to stopping viruses,  but the problem is that there are people working hard to make better, sneakier, and stronger viruses.

Am I saying don’t get an antivirus program? No! Just don’t act like bulletproof when you read emails, downloading, and surfing the web. One of the first layers of security I recommend is being smart and on the defensive when using your computer. (More on this in another post. Also see my post on WOT – Web of Trust.) Note: MAC users, despite what you might thinks, MACs get viruses too! See http://www.maximumpc.com/article/news/flashback_trojan_responsible_nearly_600000_mac_attacks_and_counting**

Another layer I always recommend is patching your software aka installing updates. While most of the newer OS (Operating System like Windows) have the auto update setting turned on, your other programs may not automatically update. So it is a good idea to check your software vendor’s website from time to time to see if there is an update for your program.

So now you have three layers of security, not just one protecting your computer. In the future I will share with you even more.

** Footnote: Don’t use more than one antivirus program. In other words, three antivirus programs are not better than one. Just like taking more than the prescribed medication can be bad for you, too many antivirus programs can be hazardous for your computer.