By now we’ve probably all had some sort of spam/scam email.
You know the ones. A long-lost relative has died and you are the only living heir to millions of USD. The sender is on his/her deathbed and has chosen to leave you their humongous estate. Or perhaps the sender is being persecuted in their country of origin and will reward you handsomely for helping them get their millions out of their country.
I had a somewhat more interesting one the other day. They knew one of my passwords and knew that I was watching videos at a XXX-rated porn site. Not only did they have record of the porn I was watching, they had commandeered my computer camera and had video of me watching said porn.
Needless to say, for a small “donation” of $967 USD via Bitcoin, all evidence of my nasty little secret would be erased. (Yeah, right!)
Before you raise your eyebrows that I’m willing to divulge such a secret voluntarily, let me assure you porn is not my cuppa tea. For that simple reason, I could dismiss the email quite handily.
Except for the fact that the password they showed me was a valid password that I had used on several occasions. That fact did get my attention. That fact did send me into action! That fact made me a little nervous because, while it was easy for me to remember, I felt the combination of upper case, lower case and numerals made it harder to figure out.
I now know they don’t have to figure out anything. The smart hackers just found a way into the databases of companies like Marriott, Aetna, FedEx and Equifax, just to name a few. Once breached, they had access to not only passwords but email addresses, credit card numbers and other personal data. No doubt my password was attached to my email address at some breached company and, while the hacker took a shot in the dark with the porn connection, he/she didn’t really have access to anything important of mine on line, they just thought it might cause enough of a stir to get some money out of me.
What To Do?
So… what to do, what to do, what to do?
This post is not meant to frighten you, but to educate you.
The first thing you need to know is that you can protect yourself quickly – and don’t ever think you, your info, your websites are too small to care about or interest hackers.
Here are my suggestions:
- Go to https://haveibeenpwned.com/ and check if any of your email addresses have been compromised. If it’s a Yes, there might not be anything you can do, really, except change your password and put up with spam.
- Next link to the password page: https://haveibeenpwned.com/Passwords and enter your passwords one at a time and see if they were included in a data breach. If yes, it’s important you start changing your passwords.
- The best way to do that is to purchase a password management service. I use LastPass, but there are several out there. At LastPass you pay $36USD annually and that is nothing compared to the pain of reorganizing your online life if you get hacked. It’s only $48USD annually for a family of 6.
Not only are all your sites logged, sorted and secure behind a password that only you know (you only need to remember one password!) so is any information you want to note about that account and the password used there.
When your vault is open, all your login info auto-loads.
There are other features as well, such a password generator, a list of reused passwords, and a list of old passwords.
- Once you’ve purchased a password management service, go to each website you have logins for and ask for a complex password with as many characters as the site allows. The longer it is, the less likely the chance of hacking.
Sound like a lot of work?
In case you’re thinking this is a lot of work for the off-chance someone discovers one of your accounts, there are a few other things I’d like you to do.
- Go to this Wiki site and review the list of breached companies. Any chance any of these companies might have an email address or a password of yours?
- Go to this site, pop in your passwords and see how long the sophisticated hackers might need to possibly figure it out. I’m so much more comfortable with centuries than hours, or fractions of minutes.
Too small to be of interest?
Finally, please don’t ever think you are too small to be of interest. I have security on my websites that tracks attacks. Here are some real time screen shots! I did tighten up my tolerance levels this past weekend so I’m hoping the numbers will come down on a go forward basis.
This post has gone a bit longer than I intended, but your security is of vital importance.
Please leave nothing to chance, secure your accounts with complex passwords as though they housed the family jewels. Honestly, I also bookmark the “pwned” links and check in every once in a while, as an extra precaution.