CrexTechs Blog

I have a confession to make.   I often do not follow my own advice.  Okay, it is out there for everyone to see.  I finally got zinged and rightly so.   That I have not been zinged until now only encouraged me to continue foolishly thinking I was immune.

My personal email account is with Yahoo.  I've had this account since 1999.  I will confess that I  have had the same password since 1999.   Not anymore.

If you read the last blog entry, I got hacked.  The entire content of my address book got nabbed and spam went out to everyone in the form of a link.

I went to the Yahoo Forum to try to find out how I was hacked, if through an email attachment or a link or....

On the  forum,  Richard gave another hacked Yahoo user a great answer about email getting hacked. I copied it here for you.

Best Answer - Chosen by Voters

Source(s):

Thanks Richard.

I am guessing the cookies thing is probably right.  I've cleaned out my browser data including all cookies, history, saved passwords (which I never do) and auto fill.

I did change my password and will change it again.  I'm running scans like crazy to be sure I am not infected.  I purged my contact list so that most of my contacts are people who know me well enough to know what I sent and what I write (I always use subject lines and I always tell people what I am sending. )  I am grouping my contacts into categories so that if this happens again I can send out apologies via groups--Yahoo doesn't give the option to send to everyone as a security precaution.

It appears that not much harm has been done by this hacker.  It has been an inconvenience to me, but what really makes me feel victimized is that all the people who received these links, and especially the ones who don't know me very well,  may think less of me because of it.

The internet is a blessing and a curse.  I just got a bit of the curse today!!

My personal email address got hijacked by a spammer so my entire address book (I am presuming) received an email with a link in it.  Nothing else, just a link.  Some recipients, thinking I sent them a link, opened it and let me know that it was some kind of ad for that little blue pill.  One friend sent a note wondering if I was nuts, not realizing, I guess, that I would never send such an email.

Since it is possible the link also contained a virus, I advised the recipients to run their anti-malware program just to be sure.  My email address should be safe for awhile, these spammers usually do a one time blast then move on to a new hijacked address.

What a bother to have all my friends and relatives receive such an email.  But, I would never send just a link without any kind of a note explaining what I am sending.  I would hope my family and friends know this and exercise caution but we all get a little careless sometimes when we recognize the sender's name.

So here is a word to the wise.  If you receive an email from a family member or a friend and it just doesn't look right, sound right or is just a link, don't open it, don't follow any links, don't open any files or pictures or videos.  Email your friend to be sure they sent it and ask them what it is.

Better to be safe than sorry!!  Oh bother!

Addendum to this post:  I changed my password and was just informed that there was an attempt at 4am this morning to recover my old password.  It wasn't me, I was sound asleep at 4am!  I guess they weren't done with me yet.  Off to check on my bank and credit accounts!!

The following list was suggested as a way to take a step back to assure you are doing all you can to prevent data loss.  It comes from CBL Data Recovery Technologies Newletter for May 2011

Data Loss Prevention To-Do List

1. Schedule regular backups.
2. Perform regular backups.
3. Verify that your backups are functional.
4. Store your backups somewhere away from the office (or home--safe deposit box?).
5. Leave your computer in an environment free of humidity, dust and smoke.
6. Use power surge protectors.
7. Update anti-virus software frequently to scan and screen all incoming data and emails with attachments.
8. Handle your computer with care and protect it from mishandling.
9. Turn off your computer if it makes any unusual noises.
10. Prevent children and volunteers with good intentions, but lacking computer knowledge and skills, from "fixing" computers with important data, for human error can be unkind.

#6 Surge protection will be featured in our next 5 minute interview on WCMP!!

We posted the following last year but though it might be good to post it again.

Many of us use Outlook or Outlook Express as our "local mail client."  With Outlook you must download your mail from your Internet Service Provider onto your computer.  (Windows 7 no longer supports any local mail client such as Outlook Express or Thunderbird. However if you purchase Office you can still use Outlook).

At CrexTechs we recommend you do not use a "local mail client" such as Outlook for the following reasons:

1) The very act of downloading mail onto your computer leaves you vulnerable to mail born viruses and malware. You could be downloading viruses, spyware and other malware contained with your email along with spam and other unwanted advertising.

2) Not only does your email have to be filtered, it must also be scanned.  Your service provider has filters that catch some of the bad stuff but not everything.  Vipre (CrexTech's recommended Antivirus/Junk protection) or other anti-virus programs scan each piece of email as it is downloaded to help insure that is safe.  Scanning for viruses during downloading is affective and absolutely necessary but ...

3) ...you will notice that downloading and scanning takes time and robs you of computing power just when you are  getting down to business. You will notice this slowdown on "High Speed" Internet, but if you have dial up Internet Service this process becomes down right painful.

Why does it have to be so slow?

Every email needs to be scanned, including attachments.  Some of these files, ones you may not even want, can be very large and will really slow you down as they are downloaded and scanned.  So if you use a "local mail client" plan to give Vipre time to do its thing.  Go get a cup of coffee or chat with your kids.

Or, you can do what we recommend....

CrexTechs recommends reading your mail on-line.  Here is why and how:

Why: You will be safer and you will not have to spend time waiting for your mail, even the stuff you don't want, to download and be scanned.

How: You can access your mail through your Internet Service Provider on their website or you can set up an email account through Google (Gmail) or Yahoo or any other trusted web portal that offers email.  These email accounts are almost always free of charge.

CrexTechs recommends Gmail:

1) It is easy to switch over and you will enjoy the functionality.

2) Gmail in particular has a great spam and junk mail filter which you can train to reduce junk mail to near zero!

What about your contacts?

• You can export your contact list from Outlook into a file that you can then import into your new email account.  The data is not always perfectly imported so you may have to spend a little time inputting some of your contacts.  However, if you send out an email from your old account to everyone on your contact list, giving them the new email address and asking them to send you an email at that address, you will be able to easily add them to your contact list on the new account.
• Or, you can keep your old account and receive your email from your old account through your new Gmail account.  You will need to configure your old account POP or IMAP to have this mail sent to your Gmail or Yahoo mail account. For a small fee, CrexTechs can help you with this process .
• And here is another advantage to using a web based email provider.  You can access your email and your contacts and use your familiar interface from any computer in the world!

One more "word" to the wise (or one less word):   No matter what mail system you use - DO NOT USE WORDS FOR YOUR PASSWORD! It is best to use a mix of letters, numbers, and symbols. Such as your initials with letters numbers and symbols #jlsdjd2010 (two persons initials and a significant year plus a symbol.)

Vaughn Scheunemann (PC Gamer) created this video to help folks get more out of their machine.  It is not for the beginner however, even if it says 5 easy steps!!

Start the video by clicking the arrow in the middle or at the bottom left corner.

After the video is running, make the screen larger by clicking the icon (four corner arrows) in the bottom right of the screen.

For a higher resolution video, go to 5 Easy Steps.

We also have a YouTube link on the right margin (Under Get It Done) for easy access.

If you have a facebook account and you don't want advertisers and hackers to have access to your information and the ability to post on your wall or to your photo gallery, it might be a good idea to change your password ASAP according to an article in PCWorld magazine.  A flaw in the iframes of Facebook evidently allowed "tokens" to be leaked.  These tokens allow possessors access to Facebook accounts.   Facebook announced that the flaw has been corrected but the tokens are still out there.  Symantec, who discovered the problem and reported it to FB, advises users to change their password ASAP.

Read more about it.

Thanks to Nicki at Crosstown Creative Solutions for this heads up!

I just learned that the FBI has an on-line site for rep0rting cyber scams and frauds.  This site allows you to launch a complaint that may also involves telephone fraud as often cyber attackers make first contact via telephone.  Don't be afraid to launch a complaint even if you are not sure that any fraud has taken place.

You may not be contacted and your case may not be resolved by this action but it helps the FBI track down these scams and frauds and shut them down, prosecuting where possible.  They also alert the media to new techniques being employed to dupe unsuspecting citizens.  They learn of these new techniques via savvy citizens who report suspicious cyber or telephone activity involving personal financial and account information.

Learn more at  http://www.ic3.gov/default.aspx

Check out the press room which is an archive of press releases on various fraud attacks:  http://www.ic3.gov/media/default.aspx

Here are a few points (paraphrased from the Sunbelt Security (Vipre) Newsletter) to serve as a reminder when using public computers and WIFI at places such as coffee shops, hotels, airports and libraries.   I have changed the order to reflect what I believe to be most important to less important.

1. Never, ever, ever log onto your banking or credit accounts from a public computer or using public WIFI.  If for some reason your absolutely must, be sure to check your account and change your password from a secure machine at your home or office ASAP.
2. Uncheck the little boxes that pop up to save your user name and password on any machine that is not your own (or even if it is your own--your machine could get stolen!).  If you accidently log on somewhere and realize you did not uncheck the box, look in the browser tools for options to clear browser data (see link below).   Consider changing your password when you get home.
3. Be sure you are not being observed when you enter user names and passwords in a public place.  It is not enough to block your screen.  Be aware that people can follow and record your fingers as you type the letters.  (Sunbelt Security warns to look for folks with binocular in places where birdwatching is not likely!)
4. Be sure to always log out of any sites you have logged in on using a user name and password.  This is a good practice at home as well.
5. It is a good idea to erase your browser history when using a machine that is not your own.  Look in Tools or Options to delete history.  Or use an" in-private" or "incognito window" so that your browsing history is not recorded.

Always be security minded when you are on-line whether at home or out in public. A little paranoia can go a long way.

Check out the link below for a tutorial on browser tools and options.

More Chrome, FireFox and Internet explorer safe browsing information.