Thursday, October 8, 2009

Ways to keep phishers out of your email

A few days ago, I wrote about how phishing (Password Fishing) attacks exposed a lot of Hotmail user accounts. It turns out the attacks were much bigger than Hotmail -- Google's Gmail (which is my go-to email system) got compromised, along with Yahoo, Earthlink, Comcast, and AOL.

Shoot, it might be easier to list the major email carriers that didn't get hit.

Meanwhile, the major email carriers are in damage control mode, and many put out statements and how-to's for self protection.

Here are some basics, courtesy of Mashable. Most of these involve passwords, the user's first line of defense:

*****

Use different passwords on different sites After all, if you use the same login credentials for multiple sites and one gets compromised, they all are. Since many of us use umpteen web services daily, it’s worth checking out a good password manager tool to help you keep the all straight — and safe.

Don’t use common words or sequences — Simple dictionary terms or sequential numerical sequences won’t cut it. You should make sure your passwords are a mix of letters, numbers and symbols.

Don’t base passwords on personal data — Hackers often use “social engineering” techniques to greater effect than running actual lines of code. Since we routinely share various bits of personal data with others, things like pet names, middle names, birthdays and so on don’t make a good basis for passwords.

Don’t leave your password somewhere visible — If you simply must write it down, don’t put it on a post-it attached to your monitor. Relatedly, if you keep a list of passwords on your computer, name the file something more cryptic than "password file."

Make sure your password recovery questions are also secure — Strong passwords that lack semantic meaning are unfortunately also easier to forget. Many sites allow you to reset your password over email or after answering one or more Security Questions you set up when creating the account. Make sure these aren’t based on common-knowledge personal data either — try to make them difficult to guess, and avoid any information you’ve posted publicly online anywhere as well.

*****

Good advice, that. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.' I mean, duh! You don't need expensive software to crack that password, and it appears there are quite a few folks around that have no business running a computer. But that's fodder for another rant.

Here's more, from gHacks:

*****

The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.

If you are not a customer of the site delete the email immediatly. Don´t click on the link or reply.

If you are a customer and you are not sure if the email is legit do one of the following:

Contact the institute by phone or contact at the official website ( do not use the email link of course) and ask if the mail is official.

Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time).

*****

There's plenty more on that site. I highly recommend checking it out.

If you're using Firefox (as I am), go into the Tools > Options > Security in the Firefox options to set up your protection levels. I really recommend you do this now, while you're reading this. If you don't find these options, you're probably using an older Firefox. You'll find more Firefox phishing protection and testing tricks here.

Also, I did download LastPass, though I haven't installed it yet. I see where it involves creating an account online, though it's free for private use. According to the manufacturer, the password information is stored on your own computer. Still, I'm a little chary of using any Web-based password keeper. I'll install it and take a look at it, but my instincts tell me it's not a perfect solution.

In the meantime, enjoy your computer. It's a great tool, and the more plugged-in the world is, the more your computer will become a part of your life. But be careful. It's a jungle out there.



No comments:

About YOU