Published in the Clarion-Ledger on March 25, 2015.
PDF:Hi How are you
Yesterday, I was looking through my inbox and I noticed a couple of messages, from people I knew. Both had been flagged as spam by Gmail, and started, “Hi! How are you?” If experience has taught me anything, it’s to be suspicious of emails that begin this way, so my next step was to move them to the trash folder and delete them. But before I did, I looked at the message previews and noticed that the subject line included gems such as “Have you seen this?”, and referencing Oprah.
Fortunately for me, Gmail is pretty good at spotting these; most never actually make it into your inbox at all. But many people click on these messages every day, unwittingly opening the door to potential victimization. Once you open a message like this, it’s like you’ve thrown open the front door of your house; every dog, cat and crook can come in and look around. Often, clicking starts an upload of spyware or malware, which can not only let others see what’s on your computer, they can in some cases actually destroy or hijack your information and hold it for ransom (ransomware).
And on the other side of the equation is your friend, who probably doesn’t know this even occurred. In many cases, their account has probably not actually been “hacked”; scammers can find their names and email addresses, making it look like it’s from them (spoofing). Still, the damage has been done with the first click. Hacking your account is a form of identity theft. A crook somewhere is using your friend’s good name to get past your natural skepticism by using the name of somebody you probably know and trust.
So, how do you know? How can you tell if your account has been hacked?
The folks at onguardonline.gov (a combined effort among at least 16 federal agencies to help combat online crime) suggest that the following may be red flags that your email has been hacked:
- Friends and family are getting emails or messages you didn’t send.
- Your “Sent messages” folder has messages you didn’t send, or it has been emptied.
- Your social media accounts have posts you didn’t make.
- You can’t log into your email or social media account.
In addition, if your device was lost, stolen or part of a known data breach incident, you may need to take some steps. The National Cyber Security Alliance, on its website Staysafeonline.org, has these tips for dealing with hacked accounts:
Notify your contacts that they may receive spam messages that appear to come from your account and tell them not to open messages of click on any links from your account.
Update your security software, and run a scan for malware.
Change your passwords on all your online accounts. Passwords should be strong, not easily guessed, and unique to each account.
Also, it’s a good idea to contact the help desk at your email provider, to report the problem and get advice on how to proceed.
Perhaps the best advice I’ve seen is to minimize your risk of being hacked in the first place. Use a solid, well-known security software, and keep it up to date. Set it to automatically update on a regular basis. Many experts recommend not using public computers at all, but if you have to, obtain a separate email address only for those usages. And above all, be skeptical and trust your instincts. They’re often proved to be right.