How to Avoid Getting Your Email Hacked

Blog, Security0

How Do You Avoid Getting Your Email Hacked?

  • Duplicating usernames and passwords is risky. If you use the same username or password on several different websites, only one of those sites being compromised can make all of your accounts vulnerable. Many hackers use brute force or dictionary attacks in which a program is set up to attempt countless password combinations rapidly. The simpler your password, the easier it will be to “guess” by the program.
    • Suggestions: Set up unique login credentials on each website or service you use, making sure to create complex passwords. To remember all of them, use a program or service such as 1Password, LastPass, or KeePass to help manage and keep track of your information. Once you’re set up with a password manager, creating 40-character passwords (and never forgetting them) becomes a breeze!
  • Keep your software up to date. Out of date software is risky, especially when it comes to web browsers, browser plugins, and other web-based software. Make sure to keep your operating system and antivirus software up to date. Run anti-spyware programs regularly.
    • Suggestions: Many programs update automatically. Still, it is a good idea to set your phone or calendar to remind you to check on these things every few weeks.
  • Pay Attention to Login Sessions. Make sure that you are the only person logging into your accounts. You can often monitor recent activity with popular online services such as Facebook and Gmail.
    • Suggestions: Change your passwords if things seem fishy. Do not create obvious security questions that people can find the answers to simply by searching Facebook or other sites.
  • Think Before You Click! If you receive an ambiguous or unexpected email asking you to click a link, even if it appears to come from a relative or close friend – don’t do it. Contact the person over the phone and ask whether or not they actually sent it. The same goes for attachments.
    • Suggestions: Ignore and delete emails like this, even if they appear to come from friends, family, or banks. Don’t click the link or open the attachment – it’s a surefire way to get your info stolen.
  • Watch where you log in from. Be careful if you are logging in from a public computer or a network that is not secure. Be sure to log out of any services you used and clear the browser’s cache before walking away from any public computer.
  • If Two-Step Authentication is an option, use it! Two-step authentication often requires an extra step, such as inputting a code you are texted, particularly on a new machine. If your email service has this feature, it may very well be worth the effort.

Know that none of this is absolutely foolproof as identity theft and account hacking becomes more rampant. It is best to set up your accounts so that if one gets compromised, the rest remain secure. Have a plan set up for what to do if an email gets hacked or a credit card gets stolen. Keep in mind that this is an extremely common, if problematic.

If your account gets hacked:

  • Scan your computer for viruses, malware, and keystroke loggers. It is important to do this first before changing passwords, or the same problem could occur again if your computer itself has been compromised.
  • Change your passwords and security questions if you can still access your account.
  • If you cannot access your account, follow the directions in the site’s help center – most sites have guides about what to do.
  • Report the incident. You may get access to identity protection services through the site.
  • Let people know you got hacked and not to click any links appearing to come from you until the problem has been sorted out.

IMAP vs POP Mail

Blog, Tech0

IMAP vs POP Mail: Your Choices for Accessing Emails

If you use computer-based email clients like Microsoft Outlook, or you have a web host that gives you email addresses, you may have heard these terms. Their use is pretty straightforward – you plug in the right info, and emails come to your email client for you to read. But just what IS IMAP and POP, and what is the difference? Which one should you choose? Read on for more info!

POP Mail

POP stands for “Post Office Protocol” and this works by downloading your emails, images, and attachments to your computer and Outlook. Once an email message is downloaded, it’s there on your computer, although you can have the server store copies online as well if you wish to access your mail from a webmail client, or another computer. The result here is that the messages will stay on the server and re-download to the new client.

IMAP Mail

IMAP means “Internet Message Access Protocol.” Where POP downloads the emails to your computer, IMAP effectively allows the client to view emails while they are on the server. This means that what you view from your client will be the same from different computers. If you move email messages or delete things, you are deleting them from the server itself. If you leave emails alone, there they stay.

Which Is Better?

The decision to use POP or IMAP depends heavily on your intended use for email. Do you plan on accessing your email from just one computer? Or you may have to access your email at times that you don’t have internet access? POP is the best choice here, since everything just downloads straight to Outlook, or your client of choice.

On the other hand, if you access your email from your phone, your tablet, your laptop, and your office computer, IMAP is almost certainly the way you’re going to want to go. Managing email on multiple devices can be overwhelming – you do not want to view and delete multiple copies of sent and received email. However, if you need to access things away from the internet you may not have access to all prior messages, images, and attachments if you’re using IMAP settings.

Where Does Web Mail Come In?

Web mail – be it your own host, or Gmail, Yahoo, or any other web mail client – is email that you access from an internet browser. You open Internet Explorer or your web browser of choice, go to the webpage, log in your credentials, and view your emails from there.

This email is essentially sitting on the server until you do something to it and is accessible only if you are on the internet. Additionally, many of these services give you optional POP or IMAP access. Plug the appropriate info (which the client’s website will generally provide) into your computer or phone’s email client, and you can use these web mail clients there as well.

Remember that in the case of POP mail, unless you make a point to leave things on the server, everything will empty from your web email’s mailbox onto your computer. In the case of IMAP? Whatever you do in your web mail will be reflected in Outlook or Windows Live Mail, and vice-versa.

Phishing for Paypal

Security0

Have you ever received an email from PayPal, informing you that your account has been limited or compromised, and to click on a link to correct things? Been tempted to follow the instructions to fix the problem? Or did you recognize the scam when you saw it and deleted the email?

Phishing for Paypal

The Paypal Phishing scam is one of the most prevalent email scams on the web today and the spoof emails often look legitimate, using an email address that seems to match Paypal, using Paypal’s own logo and graphics that match the website.

But How Does It Work?

The trick to the scam is to get an unsuspecting user to click on the link. This link takes the user to a spoof site that may look very close to the real thing. Here the user will be prompted to log in (handing over their Paypal login credentials), and then enter personal data including banking and credit card information. This information will be sold later on the internet black market.

How Can I Tell?

How can you spot the scam? It can be tricky to find the clues, and generally it’s just easier to circumvent the problem entirely. Paypal won’t write you an email entitled ‘dear member’ or ‘dear customer’ – the company uses your real name or company name. They also won’t use a variant URL although this can be tricky to spot.  Instead, there are appropriate steps to take if you do think you are receiving a scam email.

What Should I do?

1) Don’t click on the link. This will take you to a spoof site. Instead, if you wish to log into your Paypal account, go to your web browser and type in the Paypal URL by hand.

2) Don’t download any attachments or programs. This goes for virtually any unfamiliar email attachment, but especially Paypal: the company will not send you these things.

3) Go to Paypal’s website and search help for ‘scam’ where the company will provide you with an email to forward to Paypal so they can follow up on who’s putting out that particular scam.

4) If you think your info has been stolen or you find suspicious activity on your account, there are steps to take as quickly as possible, to minimize the damage done.  Paypal has set up a Security Guide on the steps to take to combat fraud, if you believe you have been a victim.

Update 2/24/2015

Google has been sending out emails making reference to Google Play Phishing. This is exactly the same technique we mention above, but it’s directed toward Google Play Developers, designed to get them to click quickly, without thinking.

Remember, when in doubt, navigate through your browser to the proper website and check things out – do not click on readily supplied email links.

Hacking for password

How Do You Prevent Your Email From Getting Hacked?

Security0

Duplicating Usernames and Passwords is Risky

Database vulnerability

The truth is many online databases do not encrypt your username and password at all. So one dishonest employee can have thousands of passwords in one quick database export. If one online shop gets compromised, then all of the places you use that username and password are now vulnerable. Use a different password for every website login you create and use a specialized program to store those big beautiful passwords.

Brute force attacks

Many attacks are brute force attacks in which a computer program is used to try lots of combinations of passwords rapidly. The simpler your password, the easy to ‘guess’ by the program. Again, if your password is figured out and you use the same on multiple websites, your risk is increased exponentially. Use different passwords to prevent getting your email hacked.

  • Use different login credentials and complex passwords on every website you use. We featured an article on our blog featuring more information and tips about passwords.
  • Just say no to browsers storing passwords! When Internet Explorer or Mozilla asks to store a password for you, ALWAYS say NO.
  • To remember all your new passwords, use a service like 1Password or KeePass to create and store login information. KeePass is free!

Keep Your Software Updated

Out of date software is risky, especially web browsers and other web-based programs including browser plugins. Usually updates are released for software in response to a security hole or technology expansion. Many programs update automatically, but set your phone or calendar to remind you to check on these things every few weeks.

  • Keep Windows and your antivirus software up to date.
  • Run updates for your programs when they ask. If a program is asking to access your computer that you don’t recognize, choose No for now and check out Google to see what is suggested for that update name.

Pay Attention to Login Sessions

Some sites will tell you the last time you logged in successfully. Change your passwords if things seem fishy. Some programs such as Facebook and Gmail monitor your logins, other programs will let you setup verification by text messages.

  • Use verification by text message, if a program asks if you’re using a public computer to login, say yes if you are.
  • Do not create obvious security questions in which people can find the answers by searching Facebook or other sites.

Think Before You Click

If you receive an ambiguous or unexpected email, even from a relative or close friend telling you to click a link. Don’t do it. Contact the person over the phone and ask what the email message. Same goes for attachments. If the email does not look like something your contact would send you, QUESTION it!! Email spoofing is common too, for example there have been very real looking emails floating around that appear to be from the IRS, but the attachment is a virus.

  • Ignore and delete strange emails even if they’re from friends, family, and banks. Don’t click the link or open the attachment – it’s a surefire way to get a virus.
  • If you find out your account has been hacked and an email was sent from your account, first change your password. 2nd follow up with those that received your hacked email message. Tell them your email was hacked and that they should DELETE the email they received from you.

Watch Where You Login From

Be careful if you are logging in from a public computer or a network that is not secure. Do not stay logged in, when you are done with the website be sure to log out. Connecting to public WiFi can open the door to hackers.

  • Be sure your computer has a strong firewall. The annoying extra click to allow something to access or update your computer is better than a hacking mess from keeping the door open.

How do you prevent your email from getting hacked? As identity theft and account hacking becomes more rampant, there is no foolproof way, but you can minimize risks by using our suggestions. It is best to set up your accounts so that if one gets compromised not all of them do. Have a plan set up on what to do if an email gets hacked or a credit card gets stolen, and know that it is extremely common, if problematic.

If You Do Get Hacked

  • Change your password if you can still get in to your account.
  • Follow the directions in the help center of the website you’re trying – most sites have guides on what to do.
  • Scan your computer for viruses and malware, then schedule future scans to happen weekly.
  • Let people know you got hacked and not to click on links, and pass along info on what to do if they did.
  • Report the incident to the website. You may get access to identity protection services through the hacked site.

Extra Credit

Protecting your credit card information online goes hand in hand with your email getting hacked. We suggest using a payment service such as Paypal to store your credit card number rather than typing your credit card number directly into a website. Websites and stores are not supposed to store credit card numbers in their databases….but there are no internet police enforcing this.

Follow Appletree MediaWorks on Facebook or subscribe to our website blog RSS feed to keep up on topics like this.