How your Hotmail, Gmail or Yahoo email account may have been hacked
If your online email account was recently hacked and you don’t know how it happened, you really need to give some thought as to how it might have occured to prevent it from happening again. Even if your home computer is fully patched, your anti-malware software is up-to-date, and you’re mindful of what email you open and Websites you visit, you may still be at risk. Here are some ways that your password might have been stolen that you may not have considered.
1. Using a friend’s or family member’s computer. Never assume that your friend’s or family member’s computer is properly patched, up-to-date on antil-malware signatures and free of malicious code. Are you assuming that the computer is kept as up-to-date as your computer? Are you assuming that the owner is being careful of what email he (she) opens, what Websites he visits and what programs he installs? Are you assuming the owner is going to know if their system has a password stealing Trojan on it?
2. Using your computer at work. Yes, I know what you’re thinking, “We have people that manage the computers at work, so they must be secure, right?” Yes and no. Even the Fortune 500 has fallen victim to botnets, Trojans and other malicious code. The really smart hackers know how to avoid detection and so there is no reason to assume that those same hackers are not on your company’s network as well. Are you also assuming that the system administrator is going to know your computer has a password stealing Trojan on it?
3. Using simple to guess password recovery questions and answers. Hackers write programs that they can use to guess the answer to your password recovery question. If possible, make the answer so obscure, that it’s impossible to guess. Don’t use one word answers. Don’t use an answer that can be guessed by using a well-known list of answers, such as favorite cars. Make the answer something that only you will know. For favorite color, for example, don’t use the primary colors. Use something like “ripe tomato” for red, “banana boat” for yellow or “Mountain Berry Blast” for blue. Don’t use a question that can be answered by viewing your Facebook or blog page.
4. Using the same password and recovery question/answer for other Websites. I know that trying to remember so many different passwords and answers to different recovery questions can be a pain, but keep this in mind: When a hacker breaks into some other Website you use and has your email address, password and password recovery question/answer, he is going straight to the email login screen to if he can use that information to get into your email account.
5. You keep passwords in a file on your computer. I really hope you don’t have a file on your computer named passwords. Some malware will look for file names containing the word password or files containing the word password – and transfer those files back to the hacker.
6. Your system has a password stealing Trojan on it. Are you assuming you’re going to know if your system has a password stealing Trojan on it? Your system may be infected with something that doesn’t have a signature and can avoid the heuristic detection engines. Don’t assume that your one anti-malware software will detect anything and everything. All anti-malware products are not created equal, and detection rates are not 100%. You need to use several different products and scan your system on a regular basis.
To better protect yourself against password compromise, just think about what changes you need to make in your behavior that will minimize a hacker’s opportunity to capture your password, guess your password or guess your password recovery answer. It requires you to be a lot conscientious about what you’re doing, but that’s what it takes to keep your online email account secure.
Are you fascinated by all of this? Want to learn more? Want to know other ways hackers can steal passwords without someone knowing about it? Read my book!