Last week, I was the victim of an Email Hacker. For the first time in 12 years of having my Yahoo email, someone managed to get in and change my email password. As I tried frantically for days to get control of my account back, I realized that I had made several small mistakes that - if I had known better - could have prevented the nightmare it quickly became. You see, not only do I have a Yahoo email account, but I also have Yahoo Messenger, a Yahoo Website, a secondary Yahoo email, the customized Yahoo Page, but I am also on many Yahoo groups. And while I LOVE Yahoo because everything can be accessed via one email and one password, you can imagine how frantic I was to suddenly not be able to contact anyone I know and tell them what happened. Here's what I learned, and what you should consider when thinking about your own email account, messenger account, and social networking sites:
- 1. Get a secondary email account with another email provider. This was the first lesson I immediately learned. You see, when I got locked out of my account, I immediately tried to change the password via the "Forgot Your Password?" link that every email account offers. The only problem was - my secondary email account was the email account linked to my main account. That means, I was locked out of both accounts and could not "click on the link" that Yahoo would send to my secondary email account for identity verification. For the first time, I realized how stupid I had been to not link this account to an outside email, but like I've already said, this was the first time this has ever happened to me - ever. Needless to say, I now have a gmail account as well, even though I will probably never use it.
- 2. Upload your contact list to your secondary account. The second thing I realized after being locked out of my email account was that I was locked out of my contact list. While I still had phone numbers of all the most important people in my life, there were a lot of emails I wanted and needed. Even worse, what if the hacker was spamming all my friends or colleagues. What if I was about to lose valuable networking contacts because of this? Thankfully, my iPod Touch had uploaded all of those contacts the first time I had set it up, but it took a couple days of email silence before I remembered that I had that backup list at all. I was saved by an amazing little electronic, but considering how irritating it is to send a message on such a small screen, I've definitely transferred my email to my secondary email account.
- 3. Never have one of your security questions be, "What is my favorite...?" This was my third mistake. Yahoo let me pick my own email security questions, and the question I chose was, "Who is my favorite author?" as my security question. While this would seem like a very personal and reasonable question to pick, I chose the question more than a year ago. Suddenly, I couldn't remember who my favorite author had been last year. I typed in the name of every author I would have possibly answered, and they all came back with a big fat "Try again." Needless to say, the first thing I did when I got in was change the security question to something that doesn't change...like "what is your second child's middle name?" or "what was the name of your childhood pet?" Those kinds of questions have consistent answers year after year.
- 4. Never have your password related to something that can be found at a social networking site. After many, many failed attempts - I mean, I was even purposefully spelling names wrong just in case I spelled them wrong a year ago - I thought to myself, "Who was my favorite author a year ago - when I set up the question?" I remembered that I had put my favorite books in my social networking site profiles at various periods of my life. So I checked Facebook and MySpace, and sure enough, there were my favorite books listed on both sites for the different years that I opened or updated those accounts. Then I realized, I generally use the same ID on all sites - after all, my profile ID is my brand - thus, it would be easy for a hacker to find those answers, especially a "Friend." That may be how my hacker got in, because they found the answers at my networking sites. So, when choosing a security question, don't pick something that can be found through those sites. So, questions like, "what city was your father born in?" or "where did you graduate high school?" would be bad questions to ask. After all, your father is probably your friend on Facebook / MySpace, and you've probably listed your graduation year and high school on a site like Classmates.com - I mean seriously, who doesn't want to be contacted by old high school friends?
- 5. Convert your private contact information into codes. One of the scariest things for me on the financial side was the realization that I keep a lot of login and passwords in my private email contact list. I find it useful because it can be accessed from anywhere, and it's harder to lose this way. (I used to keep it in my contact list on my phone, but when you lose your phone a few times, you quickly realize what a bad idea that is.) I still maintain that this is a good way to keep logins and passwords, but I acknowledge that maybe those passwords and logins should be dummies in case this happens to you. Thus, instead of listing a password as "tunafish" for an example, you could say, "The food I hate the most" or "Marine Biology" as a hint. That leaves a lot of answers that most people won't guess at, and it allows you to just glance at and go "Oh yeah!"
- 6. You CAN lock your account from outside the account. This was a blessing in disguise. When I failed to get into my account, I was able to lock it from the outside for a 24-hour period. Yahoo offered this as a manual selection, but for many accounts, when you enter the wrong password 5 times, that account will automatically lock. I locked my account and came back every day and re-locked it until I was able to talk to customer service on the phone. By doing this, the hacker only had enough time to hack one personal account from my emails and contacts before they were kicked out. Thus, when I got my email access back and saw the "confirmation" email that Upromise had sent me, I was able to quickly head over there and change all of my security information, passwords, and notify their customer service department before my kids' college funds were drained.
- 7. Immediately begin changing all of your passwords on all of your private accounts. As a bookkeeper who deals with fraud a lot, the very first thing I did was head over to all of my accounts that had money balances and change the passwords and security questions - after locking the account, of course. Thus, the hacker was only able to get into one account, and that was the one account I forgot about. So, if this happens to you, be smart and head immediately to your bank and credit card websites and change those passwords. That way, you can head a thief off at the pass.
0 comments:
Post a Comment