Recently, I’ve been getting suspicious emails purporting to be from a high-up in my company. I have faith in this person and therefore would assume if (s)he wanted to push hot webcam videos on me, (s)he’d have the decency to text me with the hott linkks instead of using poor grammar in work emails. My suspicions were confirmed when I saw the same emails coming from – gasp! – my own email address. Now I knew it had to be a scam; surely I wouldn’t have to tell myself about some hot new webcam girrllss I’d discovered on an .ru domain, I’d have that shit deliciously bookmarked on my own machine.
Being incredibly careful with my logins, I knew I couldn’t have slipped up and gotten phished. Had I been hacked?
Whenever someone says “I got hacked!” I have to admit I always feel a bit of “blame the victim” is in order. After all, I find it a bit hard to swallow that some hardcore hackers in Russia are all that concerned with your personal Facebook page. To say “I’ve been hacked” implies that some outside source did some work to break through your rock solid security and gain entry, and makes no implication that the user themselves likely opened the door and let the “hacker” in, if unwittingly. More often than not, “I got hacked” means “I unknowingly gave up my password in a phishing scheme” or “I screwed up and clicked an unbelievable posting on Facebook that stole my login info because I never read the permissions I give third party apps.”
It’s been done a million times but for your sake, here are a few tips for staying safe out there in the big scary Internets.
Make sure your contact info is up to date. If an unscrupulous individual ever gains access to your Facebook account, you may be forced to lock it down, in which case you’ll need access to the email address you use to sign in to receive communications from Facebook to get your account back. Make sure you’re using an email you have access to, even if it’s one you don’t use often.
Diversify your passwords. It goes without saying that a good password is one that isn’t found in the dictionary but isn’t so difficult you have to keep it written on a sticky at your desk. Dennis Howlett recommends a LastPass account (via AccountingWEB UK) for harder to remember passwords if you must. Substitute numbers for letters (like “1” instead of “I” or “3” instead of “E”) and throw in some punctuation just to be safe.
If you aren’t sure, don’t click it. Spammers have gotten pretty smart since the days of the “ILOVEYOU” virus (which happens to turn 11 this week) and even the most technologically-adept can fall for their tricks. If you aren’t expecting an attachment, don’t open it. Common attachment scams include spoofed emails from UPS or USPS claiming to contain your tracking number or a package exception – while UPS may send you emails, they’d never send you a zip file (tracking numbers are always included in the body of any UPS communications sent on merchants’ behalf). Be wary!
And if you have been hacked, phished or otherwise compromised, delete any offending posts from your hijacked social media pages and issue an apology. You don’t have to beg for forgiveness, just let everyone know you got compromised and are sorry, it won’t happen again.
In my case, I just got spoofed, which isn’t really my fault at all. That’s where a nice email from the tech support department to the rest of the team comes in handy.