By now we’ve probably all had some sort of spam/scam email.
You know the ones. A long-lost relative has died and you are the only living heir to millions of USD. The sender is on his/her deathbed and has chosen to leave you their humongous estate. Or perhaps the sender is being persecuted in their country of origin and will reward you handsomely for helping them get their millions out of their country.
I had a somewhat more interesting one the other day. They knew one of my passwords and knew that I was watching videos at a XXX-rated porn site. Not only did they have record of the porn I was watching, they had commandeered my computer camera and had video of me watching said porn.
Needless to say, for a small “donation” of $967 USD via Bitcoin, all evidence of my nasty little secret would be erased. (Yeah, right!)
Before you raise your eyebrows that I’m willing to divulge such a secret voluntarily, let me assure you porn is not my cuppa tea. For that simple reason, I could dismiss the email quite handily.
Except for the fact that the password they showed me was a valid password that I had used on several occasions. That fact did get my attention. That fact did send me into action! That fact made me a little nervous because, while it was easy for me to remember, I felt the combination of upper case, lower case and numerals made it harder to figure out.
I now know they don’t have to figure out anything. The smart hackers just found a way into the databases of companies like Marriott, Aetna, FedEx and Equifax, just to name a few. Once breached, they had access to not only passwords but email addresses, credit card numbers and other personal data. No doubt my password was attached to my email address at some breached company and, while the hacker took a shot in the dark with the porn connection, he/she didn’t really have access to anything important of mine on line, they just thought it might cause enough of a stir to get some money out of me.
What To Do?
So… what to do, what to do, what to do?
This post is not meant to frighten you, but to educate you.
The first thing you need to know is that you can protect yourself quickly – and don’t ever think you, your info, your websites are too small to care about or interest hackers.
Here are my suggestions:
- Go to https://haveibeenpwned.com/ and check if any of your email addresses have been compromised. If it’s a Yes, there might not be anything you can do, really, except change your password and put up with spam.
- Next link to the password page: https://haveibeenpwned.com/Passwords and enter your passwords one at a time and see if they were included in a data breach. If yes, it’s important you start changing your passwords.
- The best way to do that is to purchase a password management service. I use LastPass, but there are several out there. At LastPass you pay $36USD annually and that is nothing compared to the pain of reorganizing your online life if you get hacked. It’s only $48USD annually for a family of 6.
Not only are all your sites logged, sorted and secure behind a password that only you know (you only need to remember one password!) so is any information you want to note about that account and the password used there.
When your vault is open, all your login info auto-loads.
There are other features as well, such a password generator, a list of reused passwords, and a list of old passwords.
- Once you’ve purchased a password management service, go to each website you have logins for and ask for a complex password with as many characters as the site allows. The longer it is, the less likely the chance of hacking.
Sound like a lot of work?
In case you’re thinking this is a lot of work for the off-chance someone discovers one of your accounts, there are a few other things I’d like you to do.
- Go to this Wiki site and review the list of breached companies. Any chance any of these companies might have an email address or a password of yours?
- Go to this site, pop in your passwords and see how long the sophisticated hackers might need to possibly figure it out. I’m so much more comfortable with centuries than hours, or fractions of minutes.
Too small to be of interest?
Finally, please don’t ever think you are too small to be of interest. I have security on my websites that tracks attacks. Here are some real time screen shots! I did tighten up my tolerance levels this past weekend so I’m hoping the numbers will come down on a go forward basis.
This post has gone a bit longer than I intended, but your security is of vital importance.
Please leave nothing to chance, secure your accounts with complex passwords as though they housed the family jewels. Honestly, I also bookmark the “pwned” links and check in every once in a while, as an extra precaution.
Very informative post. I make sure that I don’t click on links, especially if it has come from a stranger. Because phishing is considered to be the most popular way for hackers to wreak havoc.
Links in communication have to be treated with care, for sure. I sometimes get weird links from friends on Skype that are ‘phishing’ too. The friends are real – their accounts have definitely been compromised though. Learned that lesson the hard way.
Any emails from places where I do have an account are closed, then I open a new tab and go in to check myself without clicking links.
It’s a sad state of affairs that we have to concern ourselves with being hacked, but it is a real concern. I appreciate you sharing your experience and recommendations.
In reality, Christie, most of us probably aren’t even aware of what a large footprint we have online. It’s easy when they accuse you of something random – you can laugh it off, but when reality comes knocking… you have to listen!
This was an informative and timely reminder Agnes, so thanks very much for sharing examples of can happen and what to do about it. Shared on SM for #MLSTL
As Mother used to say: Fore-warned is fore-armed. Unfortunate, but the new reality. Thanks for the share, Debbie!
My husband is extremely diligent when it comes to this sort of stuff. I’m more laid back about it. I guess it boils down to the fact that once you see how easily you can be hacked, you start to lift your due diligence. I’ll be giving it some thought.
Thanks for linking up with us at MLSTL and I’ve shared on my SM 🙂
I used to be laid back about it too, Leanne. But a techie friend nagged me to tighten things up, which I mostly did. It was the above-mentioned email that jolted me though – that they had a valid password! Go give your husband a(nother) hug!!
Some fantastic tips here Agnes, thank you! Unfortunately some of the examples you’ve used here have happened to me! It’s a scary online world sometimes! Gotta be careful so thanks for the links and tips!
You’re very welcome, Min. I find so many people don’t realize how easy it can actually be to protect yourself online. If these tips help just a few people I’m happy!
OMG Thank you Agnes for this timely reminder!
I’d like to say “It’s a pleasure, Robin” but I wish the whole thing wasn’t necessary!! Safe passwording!