E-Mail Hacked? An Ounce of Prevention……
Recently, some unsuspecting e-mail users may have experienced dismaying and
shocking notifications suggesting that his or her e-mail has been hacked and
used to send spam (or worse), even if the e-mail system is web-based rather than
downloaded directly to one’s computer via a local application like Microsoft
Mail, Outlook, Outlook Express, MacMail, Entourage, Thunderbird, etc. (and
hence, susceptible to operating system-level vulnerabilities). The primary
suspect is the password used to access the account.
Lee Seidman, Vice-President
Business & Professional
Micro User Group
People tend to try to keep things simple by using the same password to access a
variety of sites, but at the risk of security. People’s e-mail account password
should never be used for any other account or web site. Generally, email can be
compared to a postcard; although the message is destined for a particular
recipient, it has the potential to be read by anyone as it traverses the
Internet. Additionally, if one joins a web site that requests a password to
subscribe, a confirmation e-mail is often generated clearly presenting the
username (often an e-mail address) and the proper password. The postcard analogy
applies to that non-encrypted e-mail – it is open for anyone to read. A typical
malicious-minded hacker (the “Black Hat”) who either intercepts that e-mail or
accesses that web site’s consumer database would first attempt to use that
password associated with that e-mail address to access the e-mail account. For
example, if someone is firstname.lastname@example.org registers to join community web site or
message board site-whatever.com, generally he or she is asked to use his or her
e-mail address as the user name. Sitewhatever.com will ask the person to
generate a password and often will send a confirmation e-mail identifying the
username and password in clear text (meaning it is not obscured). The first
thing a third-party (in other words, someone who is not the subscriber or a
representative of the web site) may try to do is use the password contained in
that e-mail to access email@example.com itself.
Once a hacker with bad intentions gets into the e-mail, he or she may start
slowly to not get noticed, however, it does not require much effort for the
“Black Hat” to change the password AND security questions (for password resets)
to effectively lock the account owner out of his or her own e-mail. If nefarious
activity is suspected to take place with one’s e-mail account:
- Inform those in your contact list of the circumstances, preferably by voice
or an alternate e-mail account and make sure they understand not to engage the
questionable content (usually seeking money in one form or another – especially
via embedded hyperlinks); get as much help to act as quickly as possible as time
is of the essence and everyone in that contact list is potentially at risk since
they trust the e-mail is coming from you when in actuality it does not
- Change the password to access the e-mail account (and make it complex and
very difficult to guess)
- Change the security questions to change the password
- Notify the e-mail provider
- If this is a commonly used password for online financial transactions
(banking, purchasing, etc.), change the password for those e-commerce sites
- Keep all correspondence between the “Black Hat” and any contacts as evidence
- If money is involved, contact local and federal authorities at the Internet
Crime Complaint Center (http://www.ic3.gov/default.aspx), especially if the
“Black Hat” actually defrauded someone out of money.
In general, it is a good idea to have an e-mail account for personal
correspondence and a separate one for webbased subscriptions (or use a
temporary/disposable e-mail address offered by the majority of providers). The
key is to use distinct passwords; the online world can be a dangerous place in
which to operate, but one’s own behavior usually determines the level of
jeopardy one will risk in such an environment. A little forethought can prevent
a whole lot of hind-sight consternation.
A Little Computer Quiz
1. Steven Sasson was the first to do something in December, 1975 that we now do
all the time. What did he do?
Answer: He took the first photo with a digital camera.
2. How long did it take?
Answer: It took 23 seconds to record a 100x100 (0.01 megapixel) pixel image to
3. What was the first digital camera sold in the US?
Answer: The Dycam Model 1
4. In what year was it first sold?
5. At what resolution were the pictures?
Answer: The 256 grey level photos were 0.09 MP (376x240 pixels)
6. When and where did your Region 1 Advisor see his first digital camera?
Answer: September, 1990 at Rochester Institute of Technology
Hartford User Group Exchange
East Hartford, CT
Acronis True Image Home 2011
Every computer should be backed up so that your computer’s hard drive is
adequately protected and can recover from any unforeseen events, such as hard
drive failures, viruses, or unstable software downloads. By having and
implementing a well thought-out backup and recovery plan, you can put your
system together again fairly quickly—instead of days or weeks to rebuild the
system. Gene Barlow demonstrated Acronis True Image Home 2011, the latest
version of this popular computer backup and recovery program. At the end, he
also spent a few minutes focusing on the best way to organize your hard drive.
This was a very important meeting for our members.
Richie Nayman, President
Westchester PC User Group
White Plains, NY